diff --git a/cyassl/ctaocrypt/visibility.h b/cyassl/ctaocrypt/visibility.h index a3b27812d..4fd6fb82f 100644 --- a/cyassl/ctaocrypt/visibility.h +++ b/cyassl/ctaocrypt/visibility.h @@ -43,7 +43,9 @@ #ifdef CYASSL_DLL #define CYASSL_API extern __declspec(dllexport) #else - #define CYASSL_API + //#define CYASSL_API + #define WOLFSSL_API + #define CYASSL_API WOLFSSL_API #endif #define CYASSL_LOCAL #else diff --git a/cyassl/openssl/ssl.h b/cyassl/openssl/ssl.h index acb6b0104..5d7a0b1ed 100644 --- a/cyassl/openssl/ssl.h +++ b/cyassl/openssl/ssl.h @@ -29,6 +29,7 @@ #define CYASSL_OPENSSL_H_ #include +#include #ifdef __cplusplus extern "C" { @@ -80,20 +81,20 @@ typedef CYASSL_X509_OBJECT X509_OBJECT; typedef CYASSL_X509_STORE_CTX X509_STORE_CTX; -#define SSLv3_server_method CyaSSLv3_server_method -#define SSLv3_client_method CyaSSLv3_client_method -#define TLSv1_server_method CyaTLSv1_server_method -#define TLSv1_client_method CyaTLSv1_client_method -#define TLSv1_1_server_method CyaTLSv1_1_server_method -#define TLSv1_1_client_method CyaTLSv1_1_client_method -#define TLSv1_2_server_method CyaTLSv1_2_server_method -#define TLSv1_2_client_method CyaTLSv1_2_client_method +#define SSLv3_server_method wolfSSLv3_server_method +#define SSLv3_client_method wolfSSLv3_client_method +#define TLSv1_server_method wolfTLSv1_server_method +#define TLSv1_client_method wolfTLSv1_client_method +#define TLSv1_1_server_method wolfTLSv1_1_server_method +#define TLSv1_1_client_method wolfTLSv1_1_client_method +#define TLSv1_2_server_method wolfTLSv1_2_server_method +#define TLSv1_2_client_method wolfTLSv1_2_client_method #ifdef CYASSL_DTLS - #define DTLSv1_client_method CyaDTLSv1_client_method - #define DTLSv1_server_method CyaDTLSv1_server_method - #define DTLSv1_2_client_method CyaDTLSv1_2_client_method - #define DTLSv1_2_server_method CyaDTLSv1_2_server_method + #define DTLSv1_client_method wolfDTLSv1_client_method + #define DTLSv1_server_method wolfDTLSv1_server_method + #define DTLSv1_2_client_method wolfDTLSv1_2_client_method + #define DTLSv1_2_server_method wolfDTLSv1_2_server_method #endif diff --git a/cyassl/ssl.h b/cyassl/ssl.h index 7de6d2519..46ef3e82f 100644 --- a/cyassl/ssl.h +++ b/cyassl/ssl.h @@ -1,4 +1,4 @@ -/* ssl.h +/* cyassl.h * * Copyright (C) 2006-2014 wolfSSL Inc. * @@ -15,1395 +15,277 @@ * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software + * a with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ -/* CyaSSL API */ - -#ifndef CYASSL_SSL_H -#define CYASSL_SSL_H +/* + * cyassl.h defines cyassl compatibility layer + */ -/* for users not using preprocessor flags*/ -#include -#include - - -#ifndef NO_FILESYSTEM - #ifdef FREESCALE_MQX - #include - #else - #include /* ERR_printf */ - #endif -#endif - -#ifdef YASSL_PREFIX - #include "prefix_ssl.h" -#endif - -#ifdef LIBCYASSL_VERSION_STRING - #define CYASSL_VERSION LIBCYASSL_VERSION_STRING -#endif - -#ifdef _WIN32 - /* wincrypt.h clashes */ - #undef OCSP_REQUEST - #undef OCSP_RESPONSE -#endif - +#ifndef WOLFSSL_CYASSL_H_ +#define WOLFSSL_CYASSL_H_ +/* + * Name change + * include the new ssl.h + */ +#include #ifdef __cplusplus extern "C" { #endif -typedef struct CYASSL CYASSL; -typedef struct CYASSL_SESSION CYASSL_SESSION; -typedef struct CYASSL_METHOD CYASSL_METHOD; -typedef struct CYASSL_CTX CYASSL_CTX; - -typedef struct CYASSL_X509 CYASSL_X509; -typedef struct CYASSL_X509_NAME CYASSL_X509_NAME; -typedef struct CYASSL_X509_CHAIN CYASSL_X509_CHAIN; - -typedef struct CYASSL_CERT_MANAGER CYASSL_CERT_MANAGER; -typedef struct CYASSL_SOCKADDR CYASSL_SOCKADDR; - -/* redeclare guard */ -#define CYASSL_TYPES_DEFINED - - -typedef struct CYASSL_RSA CYASSL_RSA; -typedef struct CYASSL_DSA CYASSL_DSA; -typedef struct CYASSL_CIPHER CYASSL_CIPHER; -typedef struct CYASSL_X509_LOOKUP CYASSL_X509_LOOKUP; -typedef struct CYASSL_X509_LOOKUP_METHOD CYASSL_X509_LOOKUP_METHOD; -typedef struct CYASSL_X509_CRL CYASSL_X509_CRL; -typedef struct CYASSL_BIO CYASSL_BIO; -typedef struct CYASSL_BIO_METHOD CYASSL_BIO_METHOD; -typedef struct CYASSL_X509_EXTENSION CYASSL_X509_EXTENSION; -typedef struct CYASSL_ASN1_TIME CYASSL_ASN1_TIME; -typedef struct CYASSL_ASN1_INTEGER CYASSL_ASN1_INTEGER; -typedef struct CYASSL_ASN1_OBJECT CYASSL_ASN1_OBJECT; -typedef struct CYASSL_ASN1_STRING CYASSL_ASN1_STRING; -typedef struct CYASSL_dynlock_value CYASSL_dynlock_value; - -#define CYASSL_ASN1_UTCTIME CYASSL_ASN1_TIME - -typedef struct CYASSL_EVP_PKEY { - int type; /* openssh dereference */ - int save_type; /* openssh dereference */ - int pkey_sz; - union { - char* ptr; - } pkey; - #ifdef HAVE_ECC - int pkey_curve; - #endif -} CYASSL_EVP_PKEY; - -typedef struct CYASSL_MD4_CTX { - int buffer[32]; /* big enough to hold, check size in Init */ -} CYASSL_MD4_CTX; - - -typedef struct CYASSL_COMP_METHOD { - int type; /* stunnel dereference */ -} CYASSL_COMP_METHOD; - - -typedef struct CYASSL_X509_STORE { - int cache; /* stunnel dereference */ - CYASSL_CERT_MANAGER* cm; -} CYASSL_X509_STORE; - -typedef struct CYASSL_ALERT { - int code; - int level; -} CYASSL_ALERT; - -typedef struct CYASSL_ALERT_HISTORY { - CYASSL_ALERT last_rx; - CYASSL_ALERT last_tx; -} CYASSL_ALERT_HISTORY; - -typedef struct CYASSL_X509_REVOKED { - CYASSL_ASN1_INTEGER* serialNumber; /* stunnel dereference */ -} CYASSL_X509_REVOKED; - - -typedef struct CYASSL_X509_OBJECT { - union { - char* ptr; - CYASSL_X509_CRL* crl; /* stunnel dereference */ - } data; -} CYASSL_X509_OBJECT; - - -typedef struct CYASSL_X509_STORE_CTX { - CYASSL_X509_STORE* store; /* Store full of a CA cert chain */ - CYASSL_X509* current_cert; /* stunnel dereference */ - char* domain; /* subject CN domain name */ - void* ex_data; /* external data, for fortress build */ - void* userCtx; /* user ctx */ - int error; /* current error */ - int error_depth; /* cert depth for this error */ - int discardSessionCerts; /* so verify callback can flag for discard */ -} CYASSL_X509_STORE_CTX; - - -/* Valid Alert types from page 16/17 */ -enum AlertDescription { - close_notify = 0, - unexpected_message = 10, - bad_record_mac = 20, - record_overflow = 22, - decompression_failure = 30, - handshake_failure = 40, - no_certificate = 41, - bad_certificate = 42, - unsupported_certificate = 43, - certificate_revoked = 44, - certificate_expired = 45, - certificate_unknown = 46, - illegal_parameter = 47, - decrypt_error = 51, - protocol_version = 70, - no_renegotiation = 100, - unrecognized_name = 112 -}; - - -enum AlertLevel { - alert_warning = 1, - alert_fatal = 2 -}; - - -CYASSL_API CYASSL_METHOD *CyaSSLv3_server_method(void); -CYASSL_API CYASSL_METHOD *CyaSSLv3_client_method(void); -CYASSL_API CYASSL_METHOD *CyaTLSv1_server_method(void); -CYASSL_API CYASSL_METHOD *CyaTLSv1_client_method(void); -CYASSL_API CYASSL_METHOD *CyaTLSv1_1_server_method(void); -CYASSL_API CYASSL_METHOD *CyaTLSv1_1_client_method(void); -CYASSL_API CYASSL_METHOD *CyaTLSv1_2_server_method(void); -CYASSL_API CYASSL_METHOD *CyaTLSv1_2_client_method(void); - -#ifdef CYASSL_DTLS - CYASSL_API CYASSL_METHOD *CyaDTLSv1_client_method(void); - CYASSL_API CYASSL_METHOD *CyaDTLSv1_server_method(void); - CYASSL_API CYASSL_METHOD *CyaDTLSv1_2_client_method(void); - CYASSL_API CYASSL_METHOD *CyaDTLSv1_2_server_method(void); +#ifdef _WIN32 + /* wincrypt.h clashes */ + #undef X509_NAME #endif - -#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) - -CYASSL_API int CyaSSL_CTX_use_certificate_file(CYASSL_CTX*, const char*, int); -CYASSL_API int CyaSSL_CTX_use_PrivateKey_file(CYASSL_CTX*, const char*, int); -CYASSL_API int CyaSSL_CTX_load_verify_locations(CYASSL_CTX*, const char*, - const char*); -CYASSL_API int CyaSSL_CTX_use_certificate_chain_file(CYASSL_CTX *, - const char *file); -CYASSL_API int CyaSSL_CTX_use_RSAPrivateKey_file(CYASSL_CTX*, const char*, int); - -CYASSL_API int CyaSSL_use_certificate_file(CYASSL*, const char*, int); -CYASSL_API int CyaSSL_use_PrivateKey_file(CYASSL*, const char*, int); -CYASSL_API int CyaSSL_use_certificate_chain_file(CYASSL*, const char *file); -CYASSL_API int CyaSSL_use_RSAPrivateKey_file(CYASSL*, const char*, int); - -#ifdef CYASSL_DER_LOAD - CYASSL_API int CyaSSL_CTX_der_load_verify_locations(CYASSL_CTX*, - const char*, int); -#endif - -#ifdef HAVE_POLY1305 - CYASSL_API int CyaSSL_use_old_poly(CYASSL*, int); -#endif - -#ifdef HAVE_NTRU - CYASSL_API int CyaSSL_CTX_use_NTRUPrivateKey_file(CYASSL_CTX*, const char*); - /* load NTRU private key blob */ -#endif - -#ifndef CYASSL_PEMCERT_TODER_DEFINED - CYASSL_API int CyaSSL_PemCertToDer(const char*, unsigned char*, int); - #define CYASSL_PEMCERT_TODER_DEFINED -#endif - -#endif /* !NO_FILESYSTEM && !NO_CERTS */ - -CYASSL_API CYASSL_CTX* CyaSSL_CTX_new(CYASSL_METHOD*); -CYASSL_API CYASSL* CyaSSL_new(CYASSL_CTX*); -CYASSL_API int CyaSSL_set_fd (CYASSL*, int); -CYASSL_API int CyaSSL_get_ciphers(char*, int); -CYASSL_API int CyaSSL_get_fd(const CYASSL*); -CYASSL_API void CyaSSL_set_using_nonblock(CYASSL*, int); -CYASSL_API int CyaSSL_get_using_nonblock(CYASSL*); -CYASSL_API int CyaSSL_connect(CYASSL*); /* please see note at top of README - if you get an error from connect */ -CYASSL_API int CyaSSL_write(CYASSL*, const void*, int); -CYASSL_API int CyaSSL_read(CYASSL*, void*, int); -CYASSL_API int CyaSSL_peek(CYASSL*, void*, int); -CYASSL_API int CyaSSL_accept(CYASSL*); -CYASSL_API void CyaSSL_CTX_free(CYASSL_CTX*); -CYASSL_API void CyaSSL_free(CYASSL*); -CYASSL_API int CyaSSL_shutdown(CYASSL*); -CYASSL_API int CyaSSL_send(CYASSL*, const void*, int sz, int flags); -CYASSL_API int CyaSSL_recv(CYASSL*, void*, int sz, int flags); - -CYASSL_API void CyaSSL_CTX_set_quiet_shutdown(CYASSL_CTX*, int); -CYASSL_API void CyaSSL_set_quiet_shutdown(CYASSL*, int); - -CYASSL_API int CyaSSL_get_error(CYASSL*, int); -CYASSL_API int CyaSSL_get_alert_history(CYASSL*, CYASSL_ALERT_HISTORY *); - -CYASSL_API int CyaSSL_set_session(CYASSL* ssl,CYASSL_SESSION* session); -CYASSL_API CYASSL_SESSION* CyaSSL_get_session(CYASSL* ssl); -CYASSL_API void CyaSSL_flush_sessions(CYASSL_CTX *ctx, long tm); -CYASSL_API int CyaSSL_SetServerID(CYASSL* ssl, const unsigned char*, - int, int); - -#ifdef SESSION_INDEX -CYASSL_API int CyaSSL_GetSessionIndex(CYASSL* ssl); -CYASSL_API int CyaSSL_GetSessionAtIndex(int index, CYASSL_SESSION* session); -#endif /* SESSION_INDEX */ - -#if defined(SESSION_INDEX) && defined(SESSION_CERTS) -CYASSL_API - CYASSL_X509_CHAIN* CyaSSL_SESSION_get_peer_chain(CYASSL_SESSION* session); -#endif /* SESSION_INDEX && SESSION_CERTS */ - -typedef int (*VerifyCallback)(int, CYASSL_X509_STORE_CTX*); -typedef int (*pem_password_cb)(char*, int, int, void*); - -CYASSL_API void CyaSSL_CTX_set_verify(CYASSL_CTX*, int, - VerifyCallback verify_callback); -CYASSL_API void CyaSSL_set_verify(CYASSL*, int, VerifyCallback verify_callback); -CYASSL_API void CyaSSL_SetCertCbCtx(CYASSL*, void*); - -CYASSL_API int CyaSSL_pending(CYASSL*); - -CYASSL_API void CyaSSL_load_error_strings(void); -CYASSL_API int CyaSSL_library_init(void); -CYASSL_API long CyaSSL_CTX_set_session_cache_mode(CYASSL_CTX*, long); - -#ifdef HAVE_SECRET_CALLBACK -typedef int (*SessionSecretCb)(CYASSL* ssl, - void* secret, int* secretSz, void* ctx); -CYASSL_API int CyaSSL_set_session_secret_cb(CYASSL*, SessionSecretCb, void*); -#endif /* HAVE_SECRET_CALLBACK */ - -/* session cache persistence */ -CYASSL_API int CyaSSL_save_session_cache(const char*); -CYASSL_API int CyaSSL_restore_session_cache(const char*); -CYASSL_API int CyaSSL_memsave_session_cache(void*, int); -CYASSL_API int CyaSSL_memrestore_session_cache(const void*, int); -CYASSL_API int CyaSSL_get_session_cache_memsize(void); - -/* certificate cache persistence, uses ctx since certs are per ctx */ -CYASSL_API int CyaSSL_CTX_save_cert_cache(CYASSL_CTX*, const char*); -CYASSL_API int CyaSSL_CTX_restore_cert_cache(CYASSL_CTX*, const char*); -CYASSL_API int CyaSSL_CTX_memsave_cert_cache(CYASSL_CTX*, void*, int, int*); -CYASSL_API int CyaSSL_CTX_memrestore_cert_cache(CYASSL_CTX*, const void*, int); -CYASSL_API int CyaSSL_CTX_get_cert_cache_memsize(CYASSL_CTX*); - -/* only supports full name from cipher_name[] delimited by : */ -CYASSL_API int CyaSSL_CTX_set_cipher_list(CYASSL_CTX*, const char*); -CYASSL_API int CyaSSL_set_cipher_list(CYASSL*, const char*); - -/* Nonblocking DTLS helper functions */ -CYASSL_API int CyaSSL_dtls_get_current_timeout(CYASSL* ssl); -CYASSL_API int CyaSSL_dtls_set_timeout_init(CYASSL* ssl, int); -CYASSL_API int CyaSSL_dtls_set_timeout_max(CYASSL* ssl, int); -CYASSL_API int CyaSSL_dtls_got_timeout(CYASSL* ssl); -CYASSL_API int CyaSSL_dtls(CYASSL* ssl); - -CYASSL_API int CyaSSL_dtls_set_peer(CYASSL*, void*, unsigned int); -CYASSL_API int CyaSSL_dtls_get_peer(CYASSL*, void*, unsigned int*); - -CYASSL_API int CyaSSL_ERR_GET_REASON(int err); -CYASSL_API char* CyaSSL_ERR_error_string(unsigned long,char*); -CYASSL_API void CyaSSL_ERR_error_string_n(unsigned long e, char* buf, - unsigned long sz); -CYASSL_API const char* CyaSSL_ERR_reason_error_string(unsigned long); - -/* extras */ - -#define STACK_OF(x) x - -CYASSL_API int CyaSSL_set_ex_data(CYASSL*, int, void*); -CYASSL_API int CyaSSL_get_shutdown(const CYASSL*); -CYASSL_API int CyaSSL_set_rfd(CYASSL*, int); -CYASSL_API int CyaSSL_set_wfd(CYASSL*, int); -CYASSL_API void CyaSSL_set_shutdown(CYASSL*, int); -CYASSL_API int CyaSSL_set_session_id_context(CYASSL*, const unsigned char*, - unsigned int); -CYASSL_API void CyaSSL_set_connect_state(CYASSL*); -CYASSL_API void CyaSSL_set_accept_state(CYASSL*); -CYASSL_API int CyaSSL_session_reused(CYASSL*); -CYASSL_API void CyaSSL_SESSION_free(CYASSL_SESSION* session); -CYASSL_API int CyaSSL_is_init_finished(CYASSL*); - -CYASSL_API const char* CyaSSL_get_version(CYASSL*); -CYASSL_API int CyaSSL_get_current_cipher_suite(CYASSL* ssl); -CYASSL_API CYASSL_CIPHER* CyaSSL_get_current_cipher(CYASSL*); -CYASSL_API char* CyaSSL_CIPHER_description(CYASSL_CIPHER*, char*, int); -CYASSL_API const char* CyaSSL_CIPHER_get_name(const CYASSL_CIPHER* cipher); -CYASSL_API const char* CyaSSL_get_cipher(CYASSL*); -CYASSL_API CYASSL_SESSION* CyaSSL_get1_session(CYASSL* ssl); - /* what's ref count */ - -CYASSL_API void CyaSSL_X509_free(CYASSL_X509*); -CYASSL_API void CyaSSL_OPENSSL_free(void*); - -CYASSL_API int CyaSSL_OCSP_parse_url(char* url, char** host, char** port, - char** path, int* ssl); - -CYASSL_API CYASSL_METHOD* CyaSSLv23_client_method(void); -CYASSL_API CYASSL_METHOD* CyaSSLv2_client_method(void); -CYASSL_API CYASSL_METHOD* CyaSSLv2_server_method(void); - -CYASSL_API void CyaSSL_MD4_Init(CYASSL_MD4_CTX*); -CYASSL_API void CyaSSL_MD4_Update(CYASSL_MD4_CTX*, const void*, unsigned long); -CYASSL_API void CyaSSL_MD4_Final(unsigned char*, CYASSL_MD4_CTX*); - - -CYASSL_API CYASSL_BIO* CyaSSL_BIO_new(CYASSL_BIO_METHOD*); -CYASSL_API int CyaSSL_BIO_free(CYASSL_BIO*); -CYASSL_API int CyaSSL_BIO_free_all(CYASSL_BIO*); -CYASSL_API int CyaSSL_BIO_read(CYASSL_BIO*, void*, int); -CYASSL_API int CyaSSL_BIO_write(CYASSL_BIO*, const void*, int); -CYASSL_API CYASSL_BIO* CyaSSL_BIO_push(CYASSL_BIO*, CYASSL_BIO* append); -CYASSL_API CYASSL_BIO* CyaSSL_BIO_pop(CYASSL_BIO*); -CYASSL_API int CyaSSL_BIO_flush(CYASSL_BIO*); -CYASSL_API int CyaSSL_BIO_pending(CYASSL_BIO*); - -CYASSL_API CYASSL_BIO_METHOD* CyaSSL_BIO_f_buffer(void); -CYASSL_API long CyaSSL_BIO_set_write_buffer_size(CYASSL_BIO*, long size); -CYASSL_API CYASSL_BIO_METHOD* CyaSSL_BIO_f_ssl(void); -CYASSL_API CYASSL_BIO* CyaSSL_BIO_new_socket(int sfd, int flag); -CYASSL_API int CyaSSL_BIO_eof(CYASSL_BIO*); - -CYASSL_API CYASSL_BIO_METHOD* CyaSSL_BIO_s_mem(void); -CYASSL_API CYASSL_BIO_METHOD* CyaSSL_BIO_f_base64(void); -CYASSL_API void CyaSSL_BIO_set_flags(CYASSL_BIO*, int); - -CYASSL_API int CyaSSL_BIO_get_mem_data(CYASSL_BIO* bio,const unsigned char** p); -CYASSL_API CYASSL_BIO* CyaSSL_BIO_new_mem_buf(void* buf, int len); - - -CYASSL_API long CyaSSL_BIO_set_ssl(CYASSL_BIO*, CYASSL*, int flag); -CYASSL_API void CyaSSL_set_bio(CYASSL*, CYASSL_BIO* rd, CYASSL_BIO* wr); - -CYASSL_API int CyaSSL_add_all_algorithms(void); - -CYASSL_API void CyaSSL_RAND_screen(void); -CYASSL_API const char* CyaSSL_RAND_file_name(char*, unsigned long); -CYASSL_API int CyaSSL_RAND_write_file(const char*); -CYASSL_API int CyaSSL_RAND_load_file(const char*, long); -CYASSL_API int CyaSSL_RAND_egd(const char*); -CYASSL_API int CyaSSL_RAND_seed(const void*, int); -CYASSL_API void CyaSSL_RAND_add(const void*, int, double); - -CYASSL_API CYASSL_COMP_METHOD* CyaSSL_COMP_zlib(void); -CYASSL_API CYASSL_COMP_METHOD* CyaSSL_COMP_rle(void); -CYASSL_API int CyaSSL_COMP_add_compression_method(int, void*); - -CYASSL_API int CyaSSL_get_ex_new_index(long, void*, void*, void*, void*); - -CYASSL_API void CyaSSL_set_id_callback(unsigned long (*f)(void)); -CYASSL_API void CyaSSL_set_locking_callback(void (*f)(int, int, const char*, - int)); -CYASSL_API void CyaSSL_set_dynlock_create_callback(CYASSL_dynlock_value* (*f) - (const char*, int)); -CYASSL_API void CyaSSL_set_dynlock_lock_callback(void (*f)(int, - CYASSL_dynlock_value*, const char*, int)); -CYASSL_API void CyaSSL_set_dynlock_destroy_callback(void (*f) - (CYASSL_dynlock_value*, const char*, int)); -CYASSL_API int CyaSSL_num_locks(void); - -CYASSL_API CYASSL_X509* CyaSSL_X509_STORE_CTX_get_current_cert( - CYASSL_X509_STORE_CTX*); -CYASSL_API int CyaSSL_X509_STORE_CTX_get_error(CYASSL_X509_STORE_CTX*); -CYASSL_API int CyaSSL_X509_STORE_CTX_get_error_depth(CYASSL_X509_STORE_CTX*); - -CYASSL_API char* CyaSSL_X509_NAME_oneline(CYASSL_X509_NAME*, char*, int); -CYASSL_API CYASSL_X509_NAME* CyaSSL_X509_get_issuer_name(CYASSL_X509*); -CYASSL_API CYASSL_X509_NAME* CyaSSL_X509_get_subject_name(CYASSL_X509*); -CYASSL_API int CyaSSL_X509_ext_isSet_by_NID(CYASSL_X509*, int); -CYASSL_API int CyaSSL_X509_ext_get_critical_by_NID(CYASSL_X509*, int); -CYASSL_API int CyaSSL_X509_get_isCA(CYASSL_X509*); -CYASSL_API int CyaSSL_X509_get_isSet_pathLength(CYASSL_X509*); -CYASSL_API unsigned int CyaSSL_X509_get_pathLength(CYASSL_X509*); -CYASSL_API unsigned int CyaSSL_X509_get_keyUsage(CYASSL_X509*); -CYASSL_API unsigned char* CyaSSL_X509_get_authorityKeyID( - CYASSL_X509*, unsigned char*, int*); -CYASSL_API unsigned char* CyaSSL_X509_get_subjectKeyID( - CYASSL_X509*, unsigned char*, int*); -CYASSL_API int CyaSSL_X509_NAME_entry_count(CYASSL_X509_NAME*); -CYASSL_API int CyaSSL_X509_NAME_get_text_by_NID( - CYASSL_X509_NAME*, int, char*, int); -CYASSL_API int CyaSSL_X509_verify_cert(CYASSL_X509_STORE_CTX*); -CYASSL_API const char* CyaSSL_X509_verify_cert_error_string(long); -CYASSL_API int CyaSSL_X509_get_signature_type(CYASSL_X509*); -CYASSL_API int CyaSSL_X509_get_signature(CYASSL_X509*, unsigned char*, int*); - -CYASSL_API int CyaSSL_X509_LOOKUP_add_dir(CYASSL_X509_LOOKUP*,const char*,long); -CYASSL_API int CyaSSL_X509_LOOKUP_load_file(CYASSL_X509_LOOKUP*, const char*, - long); -CYASSL_API CYASSL_X509_LOOKUP_METHOD* CyaSSL_X509_LOOKUP_hash_dir(void); -CYASSL_API CYASSL_X509_LOOKUP_METHOD* CyaSSL_X509_LOOKUP_file(void); - -CYASSL_API CYASSL_X509_LOOKUP* CyaSSL_X509_STORE_add_lookup(CYASSL_X509_STORE*, - CYASSL_X509_LOOKUP_METHOD*); -CYASSL_API CYASSL_X509_STORE* CyaSSL_X509_STORE_new(void); -CYASSL_API void CyaSSL_X509_STORE_free(CYASSL_X509_STORE*); -CYASSL_API int CyaSSL_X509_STORE_add_cert( - CYASSL_X509_STORE*, CYASSL_X509*); -CYASSL_API int CyaSSL_X509_STORE_set_default_paths(CYASSL_X509_STORE*); -CYASSL_API int CyaSSL_X509_STORE_get_by_subject(CYASSL_X509_STORE_CTX*, - int, CYASSL_X509_NAME*, CYASSL_X509_OBJECT*); -CYASSL_API CYASSL_X509_STORE_CTX* CyaSSL_X509_STORE_CTX_new(void); -CYASSL_API int CyaSSL_X509_STORE_CTX_init(CYASSL_X509_STORE_CTX*, - CYASSL_X509_STORE*, CYASSL_X509*, STACK_OF(CYASSL_X509)*); -CYASSL_API void CyaSSL_X509_STORE_CTX_free(CYASSL_X509_STORE_CTX*); -CYASSL_API void CyaSSL_X509_STORE_CTX_cleanup(CYASSL_X509_STORE_CTX*); - -CYASSL_API CYASSL_ASN1_TIME* CyaSSL_X509_CRL_get_lastUpdate(CYASSL_X509_CRL*); -CYASSL_API CYASSL_ASN1_TIME* CyaSSL_X509_CRL_get_nextUpdate(CYASSL_X509_CRL*); - -CYASSL_API CYASSL_EVP_PKEY* CyaSSL_X509_get_pubkey(CYASSL_X509*); -CYASSL_API int CyaSSL_X509_CRL_verify(CYASSL_X509_CRL*, CYASSL_EVP_PKEY*); -CYASSL_API void CyaSSL_X509_STORE_CTX_set_error(CYASSL_X509_STORE_CTX*, - int); -CYASSL_API void CyaSSL_X509_OBJECT_free_contents(CYASSL_X509_OBJECT*); -CYASSL_API void CyaSSL_EVP_PKEY_free(CYASSL_EVP_PKEY*); -CYASSL_API int CyaSSL_X509_cmp_current_time(const CYASSL_ASN1_TIME*); -CYASSL_API int CyaSSL_sk_X509_REVOKED_num(CYASSL_X509_REVOKED*); - -CYASSL_API CYASSL_X509_REVOKED* CyaSSL_X509_CRL_get_REVOKED(CYASSL_X509_CRL*); -CYASSL_API CYASSL_X509_REVOKED* CyaSSL_sk_X509_REVOKED_value( - CYASSL_X509_REVOKED*,int); -CYASSL_API CYASSL_ASN1_INTEGER* CyaSSL_X509_get_serialNumber(CYASSL_X509*); - -CYASSL_API int CyaSSL_ASN1_TIME_print(CYASSL_BIO*, const CYASSL_ASN1_TIME*); - -CYASSL_API int CyaSSL_ASN1_INTEGER_cmp(const CYASSL_ASN1_INTEGER*, - const CYASSL_ASN1_INTEGER*); -CYASSL_API long CyaSSL_ASN1_INTEGER_get(const CYASSL_ASN1_INTEGER*); - -CYASSL_API STACK_OF(CYASSL_X509_NAME)* CyaSSL_load_client_CA_file(const char*); - -CYASSL_API void CyaSSL_CTX_set_client_CA_list(CYASSL_CTX*, - STACK_OF(CYASSL_X509_NAME)*); -CYASSL_API void* CyaSSL_X509_STORE_CTX_get_ex_data(CYASSL_X509_STORE_CTX*, int); -CYASSL_API int CyaSSL_get_ex_data_X509_STORE_CTX_idx(void); -CYASSL_API void* CyaSSL_get_ex_data(const CYASSL*, int); - -CYASSL_API void CyaSSL_CTX_set_default_passwd_cb_userdata(CYASSL_CTX*, - void* userdata); -CYASSL_API void CyaSSL_CTX_set_default_passwd_cb(CYASSL_CTX*, pem_password_cb); - - -CYASSL_API void CyaSSL_CTX_set_info_callback(CYASSL_CTX*, void (*)(void)); - -CYASSL_API unsigned long CyaSSL_ERR_peek_error(void); -CYASSL_API int CyaSSL_GET_REASON(int); - -CYASSL_API char* CyaSSL_alert_type_string_long(int); -CYASSL_API char* CyaSSL_alert_desc_string_long(int); -CYASSL_API char* CyaSSL_state_string_long(CYASSL*); - -CYASSL_API CYASSL_RSA* CyaSSL_RSA_generate_key(int, unsigned long, - void(*)(int, int, void*), void*); -CYASSL_API void CyaSSL_CTX_set_tmp_rsa_callback(CYASSL_CTX*, - CYASSL_RSA*(*)(CYASSL*, int, int)); - -CYASSL_API int CyaSSL_PEM_def_callback(char*, int num, int w, void* key); - -CYASSL_API long CyaSSL_CTX_sess_accept(CYASSL_CTX*); -CYASSL_API long CyaSSL_CTX_sess_connect(CYASSL_CTX*); -CYASSL_API long CyaSSL_CTX_sess_accept_good(CYASSL_CTX*); -CYASSL_API long CyaSSL_CTX_sess_connect_good(CYASSL_CTX*); -CYASSL_API long CyaSSL_CTX_sess_accept_renegotiate(CYASSL_CTX*); -CYASSL_API long CyaSSL_CTX_sess_connect_renegotiate(CYASSL_CTX*); -CYASSL_API long CyaSSL_CTX_sess_hits(CYASSL_CTX*); -CYASSL_API long CyaSSL_CTX_sess_cb_hits(CYASSL_CTX*); -CYASSL_API long CyaSSL_CTX_sess_cache_full(CYASSL_CTX*); -CYASSL_API long CyaSSL_CTX_sess_misses(CYASSL_CTX*); -CYASSL_API long CyaSSL_CTX_sess_timeouts(CYASSL_CTX*); -CYASSL_API long CyaSSL_CTX_sess_number(CYASSL_CTX*); -CYASSL_API long CyaSSL_CTX_sess_get_cache_size(CYASSL_CTX*); - -#define CYASSL_DEFAULT_CIPHER_LIST "" /* default all */ -#define CYASSL_RSA_F4 0x10001L - -enum { - OCSP_NOCERTS = 1, - OCSP_NOINTERN = 2, - OCSP_NOSIGS = 4, - OCSP_NOCHAIN = 8, - OCSP_NOVERIFY = 16, - OCSP_NOEXPLICIT = 32, - OCSP_NOCASIGN = 64, - OCSP_NODELEGATED = 128, - OCSP_NOCHECKS = 256, - OCSP_TRUSTOTHER = 512, - OCSP_RESPID_KEY = 1024, - OCSP_NOTIME = 2048, - - OCSP_CERTID = 2, - OCSP_REQUEST = 4, - OCSP_RESPONSE = 8, - OCSP_BASICRESP = 16, - - CYASSL_OCSP_URL_OVERRIDE = 1, - CYASSL_OCSP_NO_NONCE = 2, - - CYASSL_CRL_CHECKALL = 1, - - ASN1_GENERALIZEDTIME = 4, - - SSL_OP_MICROSOFT_SESS_ID_BUG = 1, - SSL_OP_NETSCAPE_CHALLENGE_BUG = 2, - SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG = 3, - SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG = 4, - SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER = 5, - SSL_OP_MSIE_SSLV2_RSA_PADDING = 6, - SSL_OP_SSLEAY_080_CLIENT_DH_BUG = 7, - SSL_OP_TLS_D5_BUG = 8, - SSL_OP_TLS_BLOCK_PADDING_BUG = 9, - SSL_OP_TLS_ROLLBACK_BUG = 10, - SSL_OP_ALL = 11, - SSL_OP_EPHEMERAL_RSA = 12, - SSL_OP_NO_SSLv3 = 13, - SSL_OP_NO_TLSv1 = 14, - SSL_OP_PKCS1_CHECK_1 = 15, - SSL_OP_PKCS1_CHECK_2 = 16, - SSL_OP_NETSCAPE_CA_DN_BUG = 17, - SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG = 18, - SSL_OP_SINGLE_DH_USE = 19, - SSL_OP_NO_TICKET = 20, - SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS = 21, - SSL_OP_NO_QUERY_MTU = 22, - SSL_OP_COOKIE_EXCHANGE = 23, - SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION = 24, - SSL_OP_SINGLE_ECDH_USE = 25, - SSL_OP_CIPHER_SERVER_PREFERENCE = 26, - - SSL_MAX_SSL_SESSION_ID_LENGTH = 32, - - EVP_R_BAD_DECRYPT = 2, - - SSL_CB_LOOP = 4, - SSL_ST_CONNECT = 5, - SSL_ST_ACCEPT = 6, - SSL_CB_ALERT = 7, - SSL_CB_READ = 8, - SSL_CB_HANDSHAKE_DONE = 9, - - SSL_MODE_ENABLE_PARTIAL_WRITE = 2, - - BIO_FLAGS_BASE64_NO_NL = 1, - BIO_CLOSE = 1, - BIO_NOCLOSE = 0, - - NID_undef = 0, - - X509_FILETYPE_PEM = 8, - X509_LU_X509 = 9, - X509_LU_CRL = 12, - - X509_V_ERR_CRL_SIGNATURE_FAILURE = 13, - X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD = 14, - X509_V_ERR_CRL_HAS_EXPIRED = 15, - X509_V_ERR_CERT_REVOKED = 16, - X509_V_ERR_CERT_CHAIN_TOO_LONG = 17, - X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT = 18, - X509_V_ERR_CERT_NOT_YET_VALID = 19, - X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD = 20, - X509_V_ERR_CERT_HAS_EXPIRED = 21, - X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD = 22, - - X509_V_OK = 0, - - CRYPTO_LOCK = 1, - CRYPTO_NUM_LOCKS = 10 -}; - -/* extras end */ - -#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) -/* CyaSSL extension, provide last error from SSL_get_error - since not using thread storage error queue */ -CYASSL_API void CyaSSL_ERR_print_errors_fp(FILE*, int err); -#endif - -enum { /* ssl Constants */ - SSL_ERROR_NONE = 0, /* for most functions */ - SSL_FAILURE = 0, /* for some functions */ - SSL_SUCCESS = 1, - - SSL_BAD_CERTTYPE = -8, - SSL_BAD_STAT = -7, - SSL_BAD_PATH = -6, - SSL_BAD_FILETYPE = -5, - SSL_BAD_FILE = -4, - SSL_NOT_IMPLEMENTED = -3, - SSL_UNKNOWN = -2, - SSL_FATAL_ERROR = -1, - - SSL_FILETYPE_ASN1 = 2, - SSL_FILETYPE_PEM = 1, - SSL_FILETYPE_DEFAULT = 2, /* ASN1 */ - SSL_FILETYPE_RAW = 3, /* NTRU raw key blob */ - - SSL_VERIFY_NONE = 0, - SSL_VERIFY_PEER = 1, - SSL_VERIFY_FAIL_IF_NO_PEER_CERT = 2, - SSL_VERIFY_CLIENT_ONCE = 4, - - SSL_SESS_CACHE_OFF = 30, - SSL_SESS_CACHE_CLIENT = 31, - SSL_SESS_CACHE_SERVER = 32, - SSL_SESS_CACHE_BOTH = 33, - SSL_SESS_CACHE_NO_AUTO_CLEAR = 34, - SSL_SESS_CACHE_NO_INTERNAL_LOOKUP = 35, - - SSL_ERROR_WANT_READ = 2, - SSL_ERROR_WANT_WRITE = 3, - SSL_ERROR_WANT_CONNECT = 7, - SSL_ERROR_WANT_ACCEPT = 8, - SSL_ERROR_SYSCALL = 5, - SSL_ERROR_WANT_X509_LOOKUP = 83, - SSL_ERROR_ZERO_RETURN = 6, - SSL_ERROR_SSL = 85, - - SSL_SENT_SHUTDOWN = 1, - SSL_RECEIVED_SHUTDOWN = 2, - SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER = 4, - SSL_OP_NO_SSLv2 = 8, - - SSL_R_SSL_HANDSHAKE_FAILURE = 101, - SSL_R_TLSV1_ALERT_UNKNOWN_CA = 102, - SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN = 103, - SSL_R_SSLV3_ALERT_BAD_CERTIFICATE = 104, - - PEM_BUFSIZE = 1024 -}; - - -#ifndef NO_PSK - typedef unsigned int (*psk_client_callback)(CYASSL*, const char*, char*, - unsigned int, unsigned char*, unsigned int); - CYASSL_API void CyaSSL_CTX_set_psk_client_callback(CYASSL_CTX*, - psk_client_callback); - CYASSL_API void CyaSSL_set_psk_client_callback(CYASSL*,psk_client_callback); - - CYASSL_API const char* CyaSSL_get_psk_identity_hint(const CYASSL*); - CYASSL_API const char* CyaSSL_get_psk_identity(const CYASSL*); - - CYASSL_API int CyaSSL_CTX_use_psk_identity_hint(CYASSL_CTX*, const char*); - CYASSL_API int CyaSSL_use_psk_identity_hint(CYASSL*, const char*); - - typedef unsigned int (*psk_server_callback)(CYASSL*, const char*, - unsigned char*, unsigned int); - CYASSL_API void CyaSSL_CTX_set_psk_server_callback(CYASSL_CTX*, - psk_server_callback); - CYASSL_API void CyaSSL_set_psk_server_callback(CYASSL*,psk_server_callback); - - #define PSK_TYPES_DEFINED -#endif /* NO_PSK */ - - -#ifdef HAVE_ANON - CYASSL_API int CyaSSL_CTX_allow_anon_cipher(CYASSL_CTX*); -#endif /* HAVE_ANON */ - - -/* extra begins */ - -enum { /* ERR Constants */ - ERR_TXT_STRING = 1 -}; - -CYASSL_API unsigned long CyaSSL_ERR_get_error_line_data(const char**, int*, - const char**, int *); - -CYASSL_API unsigned long CyaSSL_ERR_get_error(void); -CYASSL_API void CyaSSL_ERR_clear_error(void); - - -CYASSL_API int CyaSSL_RAND_status(void); -CYASSL_API int CyaSSL_RAND_bytes(unsigned char* buf, int num); -CYASSL_API CYASSL_METHOD *CyaSSLv23_server_method(void); -CYASSL_API long CyaSSL_CTX_set_options(CYASSL_CTX*, long); -#ifndef NO_CERTS - CYASSL_API int CyaSSL_CTX_check_private_key(CYASSL_CTX*); -#endif /* !NO_CERTS */ - -CYASSL_API void CyaSSL_ERR_free_strings(void); -CYASSL_API void CyaSSL_ERR_remove_state(unsigned long); -CYASSL_API void CyaSSL_EVP_cleanup(void); - -CYASSL_API void CyaSSL_cleanup_all_ex_data(void); -CYASSL_API long CyaSSL_CTX_set_mode(CYASSL_CTX* ctx, long mode); -CYASSL_API long CyaSSL_CTX_get_mode(CYASSL_CTX* ctx); -CYASSL_API void CyaSSL_CTX_set_default_read_ahead(CYASSL_CTX* ctx, int m); - -CYASSL_API long CyaSSL_CTX_sess_set_cache_size(CYASSL_CTX*, long); - -CYASSL_API int CyaSSL_CTX_set_default_verify_paths(CYASSL_CTX*); -CYASSL_API int CyaSSL_CTX_set_session_id_context(CYASSL_CTX*, - const unsigned char*, unsigned int); -CYASSL_API CYASSL_X509* CyaSSL_get_peer_certificate(CYASSL* ssl); - -CYASSL_API int CyaSSL_want_read(CYASSL*); -CYASSL_API int CyaSSL_want_write(CYASSL*); - -CYASSL_API int CyaSSL_BIO_printf(CYASSL_BIO*, const char*, ...); -CYASSL_API int CyaSSL_ASN1_UTCTIME_print(CYASSL_BIO*, - const CYASSL_ASN1_UTCTIME*); -CYASSL_API int CyaSSL_sk_num(CYASSL_X509_REVOKED*); -CYASSL_API void* CyaSSL_sk_value(CYASSL_X509_REVOKED*, int); - -/* stunnel 4.28 needs */ -CYASSL_API void* CyaSSL_CTX_get_ex_data(const CYASSL_CTX*, int); -CYASSL_API int CyaSSL_CTX_set_ex_data(CYASSL_CTX*, int, void*); -CYASSL_API void CyaSSL_CTX_sess_set_get_cb(CYASSL_CTX*, - CYASSL_SESSION*(*f)(CYASSL*, unsigned char*, int, int*)); -CYASSL_API void CyaSSL_CTX_sess_set_new_cb(CYASSL_CTX*, - int (*f)(CYASSL*, CYASSL_SESSION*)); -CYASSL_API void CyaSSL_CTX_sess_set_remove_cb(CYASSL_CTX*, - void (*f)(CYASSL_CTX*, CYASSL_SESSION*)); - -CYASSL_API int CyaSSL_i2d_SSL_SESSION(CYASSL_SESSION*,unsigned char**); -CYASSL_API CYASSL_SESSION* CyaSSL_d2i_SSL_SESSION(CYASSL_SESSION**, - const unsigned char**, long); - -CYASSL_API long CyaSSL_SESSION_get_timeout(const CYASSL_SESSION*); -CYASSL_API long CyaSSL_SESSION_get_time(const CYASSL_SESSION*); -CYASSL_API int CyaSSL_CTX_get_ex_new_index(long, void*, void*, void*, void*); - -/* extra ends */ - - -/* CyaSSL extensions */ - -/* call before SSL_connect, if verifying will add name check to - date check and signature check */ -CYASSL_API int CyaSSL_check_domain_name(CYASSL* ssl, const char* dn); - -/* need to call once to load library (session cache) */ -CYASSL_API int CyaSSL_Init(void); -/* call when done to cleanup/free session cache mutex / resources */ -CYASSL_API int CyaSSL_Cleanup(void); - -/* turn logging on, only if compiled in */ -CYASSL_API int CyaSSL_Debugging_ON(void); -/* turn logging off */ -CYASSL_API void CyaSSL_Debugging_OFF(void); - -/* do accept or connect depedning on side */ -CYASSL_API int CyaSSL_negotiate(CYASSL* ssl); -/* turn on CyaSSL data compression */ -CYASSL_API int CyaSSL_set_compression(CYASSL* ssl); - -CYASSL_API int CyaSSL_set_timeout(CYASSL*, unsigned int); -CYASSL_API int CyaSSL_CTX_set_timeout(CYASSL_CTX*, unsigned int); - -/* get CyaSSL peer X509_CHAIN */ -CYASSL_API CYASSL_X509_CHAIN* CyaSSL_get_peer_chain(CYASSL* ssl); -/* peer chain count */ -CYASSL_API int CyaSSL_get_chain_count(CYASSL_X509_CHAIN* chain); -/* index cert length */ -CYASSL_API int CyaSSL_get_chain_length(CYASSL_X509_CHAIN*, int idx); -/* index cert */ -CYASSL_API unsigned char* CyaSSL_get_chain_cert(CYASSL_X509_CHAIN*, int idx); -/* index cert in X509 */ -CYASSL_API CYASSL_X509* CyaSSL_get_chain_X509(CYASSL_X509_CHAIN*, int idx); -/* free X509 */ -CYASSL_API void CyaSSL_FreeX509(CYASSL_X509*); -/* get index cert in PEM */ -CYASSL_API int CyaSSL_get_chain_cert_pem(CYASSL_X509_CHAIN*, int idx, - unsigned char* buffer, int inLen, int* outLen); -CYASSL_API const unsigned char* CyaSSL_get_sessionID(const CYASSL_SESSION* s); -CYASSL_API int CyaSSL_X509_get_serial_number(CYASSL_X509*,unsigned char*,int*); -CYASSL_API char* CyaSSL_X509_get_subjectCN(CYASSL_X509*); -CYASSL_API const unsigned char* CyaSSL_X509_get_der(CYASSL_X509*, int*); -CYASSL_API const unsigned char* CyaSSL_X509_notBefore(CYASSL_X509*); -CYASSL_API const unsigned char* CyaSSL_X509_notAfter(CYASSL_X509*); -CYASSL_API int CyaSSL_X509_version(CYASSL_X509*); -CYASSL_API - -CYASSL_API int CyaSSL_cmp_peer_cert_to_file(CYASSL*, const char*); - -CYASSL_API char* CyaSSL_X509_get_next_altname(CYASSL_X509*); - -CYASSL_API CYASSL_X509* - CyaSSL_X509_d2i(CYASSL_X509** x509, const unsigned char* in, int len); -#ifndef NO_FILESYSTEM - #ifndef NO_STDIO_FILESYSTEM - CYASSL_API CYASSL_X509* - CyaSSL_X509_d2i_fp(CYASSL_X509** x509, FILE* file); - #endif -CYASSL_API CYASSL_X509* - CyaSSL_X509_load_certificate_file(const char* fname, int format); -#endif - -#ifdef CYASSL_SEP - CYASSL_API unsigned char* - CyaSSL_X509_get_device_type(CYASSL_X509*, unsigned char*, int*); - CYASSL_API unsigned char* - CyaSSL_X509_get_hw_type(CYASSL_X509*, unsigned char*, int*); - CYASSL_API unsigned char* - CyaSSL_X509_get_hw_serial_number(CYASSL_X509*, unsigned char*, int*); -#endif - -/* connect enough to get peer cert */ -CYASSL_API int CyaSSL_connect_cert(CYASSL* ssl); - -/* XXX This should be #ifndef NO_DH */ -#ifndef NO_CERTS -/* server Diffie-Hellman parameters */ -CYASSL_API int CyaSSL_SetTmpDH(CYASSL*, const unsigned char* p, int pSz, - const unsigned char* g, int gSz); -CYASSL_API int CyaSSL_SetTmpDH_buffer(CYASSL*, const unsigned char* b, long sz, - int format); -CYASSL_API int CyaSSL_SetTmpEC_DHE_Sz(CYASSL*, unsigned short); -#ifndef NO_FILESYSTEM - CYASSL_API int CyaSSL_SetTmpDH_file(CYASSL*, const char* f, int format); -#endif - -/* server ctx Diffie-Hellman parameters */ -CYASSL_API int CyaSSL_CTX_SetTmpDH(CYASSL_CTX*, const unsigned char* p, - int pSz, const unsigned char* g, int gSz); -CYASSL_API int CyaSSL_CTX_SetTmpDH_buffer(CYASSL_CTX*, const unsigned char* b, - long sz, int format); -CYASSL_API int CyaSSL_CTX_SetTmpEC_DHE_Sz(CYASSL_CTX*, unsigned short); - -#ifndef NO_FILESYSTEM - CYASSL_API int CyaSSL_CTX_SetTmpDH_file(CYASSL_CTX*, const char* f, - int format); -#endif -#endif - -/* keyblock size in bytes or -1 */ -/* need to call CyaSSL_KeepArrays before handshake to save keys */ -CYASSL_API int CyaSSL_get_keyblock_size(CYASSL*); -CYASSL_API int CyaSSL_get_keys(CYASSL*,unsigned char** ms, unsigned int* msLen, - unsigned char** sr, unsigned int* srLen, - unsigned char** cr, unsigned int* crLen); - -/* Computes EAP-TLS and EAP-TTLS keying material from the master_secret. */ -CYASSL_API int CyaSSL_make_eap_keys(CYASSL*, void* key, unsigned int len, - const char* label); - - -#ifndef _WIN32 - #ifndef NO_WRITEV - #ifdef __PPU - #include - #include - #elif !defined(CYASSL_MDK_ARM) && !defined(CYASSL_IAR_ARM) - #include - #endif - /* allow writev style writing */ - CYASSL_API int CyaSSL_writev(CYASSL* ssl, const struct iovec* iov, - int iovcnt); - #endif -#endif - - -#ifndef NO_CERTS - /* SSL_CTX versions */ - CYASSL_API int CyaSSL_CTX_UnloadCAs(CYASSL_CTX*); - CYASSL_API int CyaSSL_CTX_load_verify_buffer(CYASSL_CTX*, - const unsigned char*, long, int); - CYASSL_API int CyaSSL_CTX_use_certificate_buffer(CYASSL_CTX*, - const unsigned char*, long, int); - CYASSL_API int CyaSSL_CTX_use_PrivateKey_buffer(CYASSL_CTX*, - const unsigned char*, long, int); - CYASSL_API int CyaSSL_CTX_use_certificate_chain_buffer(CYASSL_CTX*, - const unsigned char*, long); - - /* SSL versions */ - CYASSL_API int CyaSSL_use_certificate_buffer(CYASSL*, const unsigned char*, - long, int); - CYASSL_API int CyaSSL_use_PrivateKey_buffer(CYASSL*, const unsigned char*, - long, int); - CYASSL_API int CyaSSL_use_certificate_chain_buffer(CYASSL*, - const unsigned char*, long); - CYASSL_API int CyaSSL_UnloadCertsKeys(CYASSL*); -#endif - -CYASSL_API int CyaSSL_CTX_set_group_messages(CYASSL_CTX*); -CYASSL_API int CyaSSL_set_group_messages(CYASSL*); - -/* I/O callbacks */ -typedef int (*CallbackIORecv)(CYASSL *ssl, char *buf, int sz, void *ctx); -typedef int (*CallbackIOSend)(CYASSL *ssl, char *buf, int sz, void *ctx); - -#ifdef HAVE_FUZZER -enum fuzzer_type { - FUZZ_HMAC = 0, - FUZZ_ENCRYPT = 1, - FUZZ_SIGNATURE = 2, - FUZZ_HASH = 3, - FUZZ_HEAD = 4 -}; - -typedef int (*CallbackFuzzer)(CYASSL* ssl, const unsigned char* buf, int sz, - int type, void* fuzzCtx); - -CYASSL_API void CyaSSL_SetFuzzerCb(CYASSL* ssl, CallbackFuzzer cbf, void* fCtx); -#endif - -CYASSL_API void CyaSSL_SetIORecv(CYASSL_CTX*, CallbackIORecv); -CYASSL_API void CyaSSL_SetIOSend(CYASSL_CTX*, CallbackIOSend); - -CYASSL_API void CyaSSL_SetIOReadCtx( CYASSL* ssl, void *ctx); -CYASSL_API void CyaSSL_SetIOWriteCtx(CYASSL* ssl, void *ctx); - -CYASSL_API void* CyaSSL_GetIOReadCtx( CYASSL* ssl); -CYASSL_API void* CyaSSL_GetIOWriteCtx(CYASSL* ssl); - -CYASSL_API void CyaSSL_SetIOReadFlags( CYASSL* ssl, int flags); -CYASSL_API void CyaSSL_SetIOWriteFlags(CYASSL* ssl, int flags); - - -#ifndef CYASSL_USER_IO - /* default IO callbacks */ - CYASSL_API int EmbedReceive(CYASSL* ssl, char* buf, int sz, void* ctx); - CYASSL_API int EmbedSend(CYASSL* ssl, char* buf, int sz, void* ctx); - - #ifdef HAVE_OCSP - CYASSL_API int EmbedOcspLookup(void*, const char*, int, unsigned char*, - int, unsigned char**); - CYASSL_API void EmbedOcspRespFree(void*, unsigned char*); - #endif - - #ifdef CYASSL_DTLS - CYASSL_API int EmbedReceiveFrom(CYASSL* ssl, char* buf, int sz, void*); - CYASSL_API int EmbedSendTo(CYASSL* ssl, char* buf, int sz, void* ctx); - CYASSL_API int EmbedGenerateCookie(CYASSL* ssl, unsigned char* buf, - int sz, void*); - #endif /* CYASSL_DTLS */ -#endif /* CYASSL_USER_IO */ - - -#ifdef HAVE_NETX - CYASSL_API void CyaSSL_SetIO_NetX(CYASSL* ssl, NX_TCP_SOCKET* nxsocket, - ULONG waitoption); -#endif - -typedef int (*CallbackGenCookie)(CYASSL* ssl, unsigned char* buf, int sz, - void* ctx); -CYASSL_API void CyaSSL_CTX_SetGenCookie(CYASSL_CTX*, CallbackGenCookie); -CYASSL_API void CyaSSL_SetCookieCtx(CYASSL* ssl, void *ctx); -CYASSL_API void* CyaSSL_GetCookieCtx(CYASSL* ssl); - - -/* I/O Callback default errors */ -enum IOerrors { - CYASSL_CBIO_ERR_GENERAL = -1, /* general unexpected err */ - CYASSL_CBIO_ERR_WANT_READ = -2, /* need to call read again */ - CYASSL_CBIO_ERR_WANT_WRITE = -2, /* need to call write again */ - CYASSL_CBIO_ERR_CONN_RST = -3, /* connection reset */ - CYASSL_CBIO_ERR_ISR = -4, /* interrupt */ - CYASSL_CBIO_ERR_CONN_CLOSE = -5, /* connection closed or epipe */ - CYASSL_CBIO_ERR_TIMEOUT = -6 /* socket timeout */ -}; - - -/* CA cache callbacks */ -enum { - CYASSL_SSLV3 = 0, - CYASSL_TLSV1 = 1, - CYASSL_TLSV1_1 = 2, - CYASSL_TLSV1_2 = 3, - CYASSL_USER_CA = 1, /* user added as trusted */ - CYASSL_CHAIN_CA = 2 /* added to cache from trusted chain */ -}; - -CYASSL_API int CyaSSL_SetMinVersion(CYASSL* ssl, int version); -CYASSL_API int CyaSSL_GetObjectSize(void); /* object size based on build */ -CYASSL_API int CyaSSL_SetVersion(CYASSL* ssl, int version); -CYASSL_API int CyaSSL_KeyPemToDer(const unsigned char*, int sz, unsigned char*, - int, const char*); -CYASSL_API int CyaSSL_CertPemToDer(const unsigned char*, int sz, unsigned char*, - int, int); - -typedef void (*CallbackCACache)(unsigned char* der, int sz, int type); -typedef void (*CbMissingCRL)(const char* url); -typedef int (*CbOCSPIO)(void*, const char*, int, - unsigned char*, int, unsigned char**); -typedef void (*CbOCSPRespFree)(void*,unsigned char*); - -/* User Atomic Record Layer CallBacks */ -typedef int (*CallbackMacEncrypt)(CYASSL* ssl, unsigned char* macOut, - const unsigned char* macIn, unsigned int macInSz, int macContent, - int macVerify, unsigned char* encOut, const unsigned char* encIn, - unsigned int encSz, void* ctx); -CYASSL_API void CyaSSL_CTX_SetMacEncryptCb(CYASSL_CTX*, CallbackMacEncrypt); -CYASSL_API void CyaSSL_SetMacEncryptCtx(CYASSL* ssl, void *ctx); -CYASSL_API void* CyaSSL_GetMacEncryptCtx(CYASSL* ssl); - -typedef int (*CallbackDecryptVerify)(CYASSL* ssl, - unsigned char* decOut, const unsigned char* decIn, - unsigned int decSz, int content, int verify, unsigned int* padSz, - void* ctx); -CYASSL_API void CyaSSL_CTX_SetDecryptVerifyCb(CYASSL_CTX*, - CallbackDecryptVerify); -CYASSL_API void CyaSSL_SetDecryptVerifyCtx(CYASSL* ssl, void *ctx); -CYASSL_API void* CyaSSL_GetDecryptVerifyCtx(CYASSL* ssl); - -CYASSL_API const unsigned char* CyaSSL_GetMacSecret(CYASSL*, int); -CYASSL_API const unsigned char* CyaSSL_GetClientWriteKey(CYASSL*); -CYASSL_API const unsigned char* CyaSSL_GetClientWriteIV(CYASSL*); -CYASSL_API const unsigned char* CyaSSL_GetServerWriteKey(CYASSL*); -CYASSL_API const unsigned char* CyaSSL_GetServerWriteIV(CYASSL*); -CYASSL_API int CyaSSL_GetKeySize(CYASSL*); -CYASSL_API int CyaSSL_GetIVSize(CYASSL*); -CYASSL_API int CyaSSL_GetSide(CYASSL*); -CYASSL_API int CyaSSL_IsTLSv1_1(CYASSL*); -CYASSL_API int CyaSSL_GetBulkCipher(CYASSL*); -CYASSL_API int CyaSSL_GetCipherBlockSize(CYASSL*); -CYASSL_API int CyaSSL_GetAeadMacSize(CYASSL*); -CYASSL_API int CyaSSL_GetHmacSize(CYASSL*); -CYASSL_API int CyaSSL_GetHmacType(CYASSL*); -CYASSL_API int CyaSSL_GetCipherType(CYASSL*); -CYASSL_API int CyaSSL_SetTlsHmacInner(CYASSL*, unsigned char*, - unsigned int, int, int); - -/* Atomic User Needs */ -enum { - CYASSL_SERVER_END = 0, - CYASSL_CLIENT_END = 1, - CYASSL_BLOCK_TYPE = 2, - CYASSL_STREAM_TYPE = 3, - CYASSL_AEAD_TYPE = 4, - CYASSL_TLS_HMAC_INNER_SZ = 13 /* SEQ_SZ + ENUM + VERSION_SZ + LEN_SZ */ -}; - -/* for GetBulkCipher and internal use */ -enum BulkCipherAlgorithm { - cyassl_cipher_null, - cyassl_rc4, - cyassl_rc2, - cyassl_des, - cyassl_triple_des, /* leading 3 (3des) not valid identifier */ - cyassl_des40, - cyassl_idea, - cyassl_aes, - cyassl_aes_gcm, - cyassl_aes_ccm, - cyassl_chacha, - cyassl_camellia, - cyassl_hc128, /* CyaSSL extensions */ - cyassl_rabbit -}; - - -/* for KDF TLS 1.2 mac types */ -enum KDF_MacAlgorithm { - cyassl_sha256 = 4, /* needs to match internal MACAlgorithm */ - cyassl_sha384, - cyassl_sha512 -}; - - -/* Public Key Callback support */ -typedef int (*CallbackEccSign)(CYASSL* ssl, - const unsigned char* in, unsigned int inSz, - unsigned char* out, unsigned int* outSz, - const unsigned char* keyDer, unsigned int keySz, - void* ctx); -CYASSL_API void CyaSSL_CTX_SetEccSignCb(CYASSL_CTX*, CallbackEccSign); -CYASSL_API void CyaSSL_SetEccSignCtx(CYASSL* ssl, void *ctx); -CYASSL_API void* CyaSSL_GetEccSignCtx(CYASSL* ssl); - -typedef int (*CallbackEccVerify)(CYASSL* ssl, - const unsigned char* sig, unsigned int sigSz, - const unsigned char* hash, unsigned int hashSz, - const unsigned char* keyDer, unsigned int keySz, - int* result, void* ctx); -CYASSL_API void CyaSSL_CTX_SetEccVerifyCb(CYASSL_CTX*, CallbackEccVerify); -CYASSL_API void CyaSSL_SetEccVerifyCtx(CYASSL* ssl, void *ctx); -CYASSL_API void* CyaSSL_GetEccVerifyCtx(CYASSL* ssl); - -typedef int (*CallbackRsaSign)(CYASSL* ssl, - const unsigned char* in, unsigned int inSz, - unsigned char* out, unsigned int* outSz, - const unsigned char* keyDer, unsigned int keySz, - void* ctx); -CYASSL_API void CyaSSL_CTX_SetRsaSignCb(CYASSL_CTX*, CallbackRsaSign); -CYASSL_API void CyaSSL_SetRsaSignCtx(CYASSL* ssl, void *ctx); -CYASSL_API void* CyaSSL_GetRsaSignCtx(CYASSL* ssl); - -typedef int (*CallbackRsaVerify)(CYASSL* ssl, - unsigned char* sig, unsigned int sigSz, - unsigned char** out, - const unsigned char* keyDer, unsigned int keySz, - void* ctx); -CYASSL_API void CyaSSL_CTX_SetRsaVerifyCb(CYASSL_CTX*, CallbackRsaVerify); -CYASSL_API void CyaSSL_SetRsaVerifyCtx(CYASSL* ssl, void *ctx); -CYASSL_API void* CyaSSL_GetRsaVerifyCtx(CYASSL* ssl); - -/* RSA Public Encrypt cb */ -typedef int (*CallbackRsaEnc)(CYASSL* ssl, - const unsigned char* in, unsigned int inSz, - unsigned char* out, unsigned int* outSz, - const unsigned char* keyDer, unsigned int keySz, - void* ctx); -CYASSL_API void CyaSSL_CTX_SetRsaEncCb(CYASSL_CTX*, CallbackRsaEnc); -CYASSL_API void CyaSSL_SetRsaEncCtx(CYASSL* ssl, void *ctx); -CYASSL_API void* CyaSSL_GetRsaEncCtx(CYASSL* ssl); - -/* RSA Private Decrypt cb */ -typedef int (*CallbackRsaDec)(CYASSL* ssl, - unsigned char* in, unsigned int inSz, - unsigned char** out, - const unsigned char* keyDer, unsigned int keySz, - void* ctx); -CYASSL_API void CyaSSL_CTX_SetRsaDecCb(CYASSL_CTX*, CallbackRsaDec); -CYASSL_API void CyaSSL_SetRsaDecCtx(CYASSL* ssl, void *ctx); -CYASSL_API void* CyaSSL_GetRsaDecCtx(CYASSL* ssl); - - -#ifndef NO_CERTS - CYASSL_API void CyaSSL_CTX_SetCACb(CYASSL_CTX*, CallbackCACache); - - CYASSL_API CYASSL_CERT_MANAGER* CyaSSL_CertManagerNew(void); - CYASSL_API void CyaSSL_CertManagerFree(CYASSL_CERT_MANAGER*); - - CYASSL_API int CyaSSL_CertManagerLoadCA(CYASSL_CERT_MANAGER*, const char* f, - const char* d); - CYASSL_API int CyaSSL_CertManagerUnloadCAs(CYASSL_CERT_MANAGER* cm); - CYASSL_API int CyaSSL_CertManagerVerify(CYASSL_CERT_MANAGER*, const char* f, - int format); - CYASSL_API int CyaSSL_CertManagerVerifyBuffer(CYASSL_CERT_MANAGER* cm, - const unsigned char* buff, long sz, int format); - CYASSL_API int CyaSSL_CertManagerCheckCRL(CYASSL_CERT_MANAGER*, - unsigned char*, int sz); - CYASSL_API int CyaSSL_CertManagerEnableCRL(CYASSL_CERT_MANAGER*, - int options); - CYASSL_API int CyaSSL_CertManagerDisableCRL(CYASSL_CERT_MANAGER*); - CYASSL_API int CyaSSL_CertManagerLoadCRL(CYASSL_CERT_MANAGER*, const char*, - int, int); - CYASSL_API int CyaSSL_CertManagerSetCRL_Cb(CYASSL_CERT_MANAGER*, - CbMissingCRL); - CYASSL_API int CyaSSL_CertManagerCheckOCSP(CYASSL_CERT_MANAGER*, - unsigned char*, int sz); - CYASSL_API int CyaSSL_CertManagerEnableOCSP(CYASSL_CERT_MANAGER*, - int options); - CYASSL_API int CyaSSL_CertManagerDisableOCSP(CYASSL_CERT_MANAGER*); - CYASSL_API int CyaSSL_CertManagerSetOCSPOverrideURL(CYASSL_CERT_MANAGER*, - const char*); - CYASSL_API int CyaSSL_CertManagerSetOCSP_Cb(CYASSL_CERT_MANAGER*, - CbOCSPIO, CbOCSPRespFree, void*); - - CYASSL_API int CyaSSL_EnableCRL(CYASSL* ssl, int options); - CYASSL_API int CyaSSL_DisableCRL(CYASSL* ssl); - CYASSL_API int CyaSSL_LoadCRL(CYASSL*, const char*, int, int); - CYASSL_API int CyaSSL_SetCRL_Cb(CYASSL*, CbMissingCRL); - CYASSL_API int CyaSSL_EnableOCSP(CYASSL*, int options); - CYASSL_API int CyaSSL_DisableOCSP(CYASSL*); - CYASSL_API int CyaSSL_SetOCSP_OverrideURL(CYASSL*, const char*); - CYASSL_API int CyaSSL_SetOCSP_Cb(CYASSL*, CbOCSPIO, CbOCSPRespFree, void*); - - CYASSL_API int CyaSSL_CTX_EnableCRL(CYASSL_CTX* ctx, int options); - CYASSL_API int CyaSSL_CTX_DisableCRL(CYASSL_CTX* ctx); - CYASSL_API int CyaSSL_CTX_LoadCRL(CYASSL_CTX*, const char*, int, int); - CYASSL_API int CyaSSL_CTX_SetCRL_Cb(CYASSL_CTX*, CbMissingCRL); - CYASSL_API int CyaSSL_CTX_EnableOCSP(CYASSL_CTX*, int options); - CYASSL_API int CyaSSL_CTX_DisableOCSP(CYASSL_CTX*); - CYASSL_API int CyaSSL_CTX_SetOCSP_OverrideURL(CYASSL_CTX*, const char*); - CYASSL_API int CyaSSL_CTX_SetOCSP_Cb(CYASSL_CTX*, - CbOCSPIO, CbOCSPRespFree, void*); -#endif /* !NO_CERTS */ - -/* end of handshake frees temporary arrays, if user needs for get_keys or - psk hints, call KeepArrays before handshake and then FreeArrays when done - if don't want to wait for object free */ -CYASSL_API void CyaSSL_KeepArrays(CYASSL*); -CYASSL_API void CyaSSL_FreeArrays(CYASSL*); - - -/* cavium additions */ -CYASSL_API int CyaSSL_UseCavium(CYASSL*, int devId); -CYASSL_API int CyaSSL_CTX_UseCavium(CYASSL_CTX*, int devId); - -/* TLS Extensions */ - -/* Server Name Indication */ -#ifdef HAVE_SNI - -/* SNI types */ -enum { - CYASSL_SNI_HOST_NAME = 0 -}; - -CYASSL_API int CyaSSL_UseSNI(CYASSL* ssl, unsigned char type, const void* data, - unsigned short size); -CYASSL_API int CyaSSL_CTX_UseSNI(CYASSL_CTX* ctx, unsigned char type, - const void* data, unsigned short size); - -#ifndef NO_CYASSL_SERVER - -/* SNI options */ -enum { - CYASSL_SNI_CONTINUE_ON_MISMATCH = 0x01, /* do not abort on mismatch flag */ - CYASSL_SNI_ANSWER_ON_MISMATCH = 0x02 /* fake match on mismatch flag */ -}; - -CYASSL_API void CyaSSL_SNI_SetOptions(CYASSL* ssl, unsigned char type, - unsigned char options); -CYASSL_API void CyaSSL_CTX_SNI_SetOptions(CYASSL_CTX* ctx, unsigned char type, - unsigned char options); - -/* SNI status */ -enum { - CYASSL_SNI_NO_MATCH = 0, - CYASSL_SNI_FAKE_MATCH = 1, /* if CYASSL_SNI_ANSWER_ON_MISMATCH is enabled */ - CYASSL_SNI_REAL_MATCH = 2 -}; - -CYASSL_API unsigned char CyaSSL_SNI_Status(CYASSL* ssl, unsigned char type); - -CYASSL_API unsigned short CyaSSL_SNI_GetRequest(CYASSL *ssl, unsigned char type, - void** data); -CYASSL_API int CyaSSL_SNI_GetFromBuffer( - const unsigned char* clientHello, unsigned int helloSz, - unsigned char type, unsigned char* sni, unsigned int* inOutSz); - -#endif -#endif - -/* Maximum Fragment Length */ -#ifdef HAVE_MAX_FRAGMENT - -/* Fragment lengths */ -enum { - CYASSL_MFL_2_9 = 1, /* 512 bytes */ - CYASSL_MFL_2_10 = 2, /* 1024 bytes */ - CYASSL_MFL_2_11 = 3, /* 2048 bytes */ - CYASSL_MFL_2_12 = 4, /* 4096 bytes */ - CYASSL_MFL_2_13 = 5 /* 8192 bytes *//* CyaSSL ONLY!!! */ -}; - -#ifndef NO_CYASSL_CLIENT - -CYASSL_API int CyaSSL_UseMaxFragment(CYASSL* ssl, unsigned char mfl); -CYASSL_API int CyaSSL_CTX_UseMaxFragment(CYASSL_CTX* ctx, unsigned char mfl); - -#endif -#endif - -/* Truncated HMAC */ -#ifdef HAVE_TRUNCATED_HMAC -#ifndef NO_CYASSL_CLIENT - -CYASSL_API int CyaSSL_UseTruncatedHMAC(CYASSL* ssl); -CYASSL_API int CyaSSL_CTX_UseTruncatedHMAC(CYASSL_CTX* ctx); - -#endif -#endif - -/* Elliptic Curves */ -#ifdef HAVE_SUPPORTED_CURVES - -enum { - CYASSL_ECC_SECP160R1 = 0x10, - CYASSL_ECC_SECP192R1 = 0x13, - CYASSL_ECC_SECP224R1 = 0x15, - CYASSL_ECC_SECP256R1 = 0x17, - CYASSL_ECC_SECP384R1 = 0x18, - CYASSL_ECC_SECP521R1 = 0x19 -}; - -#ifndef NO_CYASSL_CLIENT - -CYASSL_API int CyaSSL_UseSupportedCurve(CYASSL* ssl, unsigned short name); -CYASSL_API int CyaSSL_CTX_UseSupportedCurve(CYASSL_CTX* ctx, - unsigned short name); - -#endif -#endif - -/* Secure Renegotiation */ -#ifdef HAVE_SECURE_RENEGOTIATION - -CYASSL_API int CyaSSL_UseSecureRenegotiation(CYASSL* ssl); -CYASSL_API int CyaSSL_Rehandshake(CYASSL* ssl); - -#endif - -/* Session Ticket */ -#ifdef HAVE_SESSION_TICKET -#ifndef NO_CYASSL_CLIENT - -CYASSL_API int CyaSSL_UseSessionTicket(CYASSL* ssl); -CYASSL_API int CyaSSL_CTX_UseSessionTicket(CYASSL_CTX* ctx); -CYASSL_API int CyaSSL_get_SessionTicket(CYASSL*, unsigned char*, unsigned int*); -CYASSL_API int CyaSSL_set_SessionTicket(CYASSL*, unsigned char*, unsigned int); -typedef int (*CallbackSessionTicket)(CYASSL*, const unsigned char*, int, void*); -CYASSL_API int CyaSSL_set_SessionTicket_cb(CYASSL*, - CallbackSessionTicket, void*); - -#endif -#endif - -#define CYASSL_CRL_MONITOR 0x01 /* monitor this dir flag */ -#define CYASSL_CRL_START_MON 0x02 /* start monitoring flag */ - - -/* External facing KDF */ -CYASSL_API -int CyaSSL_MakeTlsMasterSecret(unsigned char* ms, unsigned int msLen, - const unsigned char* pms, unsigned int pmsLen, - const unsigned char* cr, const unsigned char* sr, - int tls1_2, int hash_type); - -CYASSL_API -int CyaSSL_DeriveTlsKeys(unsigned char* key_data, unsigned int keyLen, - const unsigned char* ms, unsigned int msLen, - const unsigned char* sr, const unsigned char* cr, - int tls1_2, int hash_type); - -#ifdef CYASSL_CALLBACKS - -/* used internally by CyaSSL while OpenSSL types aren't */ -#include - -typedef int (*HandShakeCallBack)(HandShakeInfo*); -typedef int (*TimeoutCallBack)(TimeoutInfo*); - -/* CyaSSL connect extension allowing HandShakeCallBack and/or TimeoutCallBack - for diagnostics */ -CYASSL_API int CyaSSL_connect_ex(CYASSL*, HandShakeCallBack, TimeoutCallBack, - Timeval); -CYASSL_API int CyaSSL_accept_ex(CYASSL*, HandShakeCallBack, TimeoutCallBack, - Timeval); - -#endif /* CYASSL_CALLBACKS */ - - -#ifdef CYASSL_HAVE_WOLFSCEP - CYASSL_API void CyaSSL_wolfSCEP(void); -#endif /* CYASSL_HAVE_WOLFSCEP */ - -#ifdef CYASSL_HAVE_CERT_SERVICE - CYASSL_API void CyaSSL_cert_service(void); -#endif - +// typedef CYASSL WOLFSSL; +// typedef CYASSL_SESSION WOLFSSL_SESSION; +// typedef CYASSL_METHOD WOLFSSL_METHOD; +// typedef CYASSL_CTX WOLFSSL_CTX; + +// typedef CYASSL_X509 WOLFSSL_X509; +// typedef CYASSL_X509_NAME WOLFSSL_X509_NAME; +// typedef CYASSL_X509_CHAIN WOLFSSL_X509_CHAIN; + + +// /* redeclare guard */ +// #define CYASSL_TYPES_DEFINED + + +// typedef CYASSL_EVP_PKEY WOLFSSL_EVP_PKEY; +// typedef CYASSL_RSA WOLFSSL_RSA; +// typedef CYASSL_DSA WOLFSSL_DSA; +// typedef CYASSL_BIO WOLFSSL_BIO; +// typedef CYASSL_BIO_METHOD WOLFSSL_BIO_METHOD; +// typedef CYASSL_CIPHER WOLFSSL_SSL_CIPHER; +// typedef CYASSL_X509_LOOKUP WOLFSSL_X509_LOOKUP; +// typedef CYASSL_X509_CRL WOLFSSL_X509_CRL; +// typedef CYASSL_X509_EXTENSION WOLFSSL_X509_EXTENSION; +// typedef CYASSL_ASN1_TIME WOLFSSL_ASN1_TIME; +// typedef CYASSL_ASN1_INTEGER WOLFSSL_ASN1_INTEGER; +// typedef CYASSL_ASN1_OBJECT WOLFSSL_ASN1_OBJECT; +// typedef CYASSL_ASN1_STRING WOLFSSL_ASN1_STRING; +// typedef CYASSL_dynlock_value WOLFSSL_dynlock_value; +// typedef CYASSL_X509_LOOKUP_METHOD WOLFSSL_X509_LOOKUP_METHOD; + +// #define ASN1_UTCTIME CYASSL_ASN1_TIME + +// typedef CYASSL_MD4_CTX WOLFSSL_MD4_CTX; +// typedef CYASSL_COMP_METHOD WOLFSSL_COMP_METHOD; +// typedef CYASSL_X509_STORE WOLFSSL_X509_STORE; +// typedef CYASSL_X509_REVOKED WOLFSSL_X509_REVOKED; +// typedef CYASSL_X509_OBJECT WOLFSSL_X509_OBJECT; +// typedef CYASSL_X509_STORE_CTX WOLFSSL_X509_STORE_CTX; + +/* Initialization and Shutdown */ +// #define CyaSSL_Init wolfSSL_Init +// #define CyaSSL_library_init wolfSSL_library_init +// #define CyaSSL_Cleanup wolfSSL_Cleanup +// #define CyaSSL_shutdown wolfSSL_shutdown + +// /* Certs and keys */ +// #define CyaSSL_CTX_load_verify_buffer wolfSSL_CTX_load_verify_buffer +// #define CyaSSL_CTX_use_PrivateKey_buffer wolfSSL_CTX_use_PrivateKey_buffer +// #define CyaSSL_CTX_use_PrivateKey_buffer wolfSSL_CTX_use_PrivateKey_buffer +// #define CyaSSL_CTX_use_PrivateKey_file wolfSSL_CTX_use_PrivateKey_file +// #define CyaSSL_CTX_use_certificate_buffer wolfSSL_CTX_use_certificate_buffer +// #define CyaSSL_CTX_use_certificate_chain_buffer wolfSSL_CTX_use_certificate_chain_buffer +// #define CyaSSL_CTX_use_certificate_chain_file wolfSSL_CTX_use_certificate_chain_file +// #define CyaSSL_CTX_use_certificate_file wolfSSL_CTX_use_certificate_file +// #define CyaSSL_SetTmpDH wolfSSL_SetTmpDH +// #define CyaSSL_use_PrivateKey_buffer wolfSSL_use_PrivateKey_buffer +// #define CyaSSL_use_certificate_buffer wolfSSL_use_certificate_buffer +// #define CyaSSL_use_certificate_chain_buffer wolfSSL_use_certificate_chain_buffer +// #define CyaSSL_CTX_der_load_verify_locations wolfSSL_CTX_der_load_verify_locations +// #define CyaSSL_CTX_use_NTRUPrivateKey_file wolfSSL_CTX_use_NTRUPrivateKey_file +// #define CyaSSL_KeepArrays wolfSSL_KeepArrays +// #define CyaSSL_FreeArrays wolfSSL_FreeArrays + +/* Context and Session Setup*/ +#define CyaSSLv3_client_method wolfSSLv3_client_method +#define CyaSSLv3_server_method wolfSSLv3_server_method +// #define CyaSSLv23_client_method wolfSSLv23_client_method +// #define CyaSSLv23_server_method wolfSSLv23_server_method +#define CyaTLSv1_client_method wolfTLSv1_client_method +#define CyaTLSv1_server_method wolfTLSv1_server_method +#define CyaTLSv1_1_client_method wolfTLSv1_1_client_method +#define CyaTLSv1_1_server_method wolfTLSv1_1_server_method +#define CyaTLSv1_2_client_method wolfTLSv1_2_client_method +#define CyaTLSv1_2_server_method wolfTLSv1_2_server_method +#define CyaDTLSv1_client_method wolfDTLSv1_client_method +#define CyaDTLSv1_server_method wolfDTLSv1_server_method +#define CyaDTLSv1_2_client_method wolfDTLSv1_2_client_method +#define CyaDTLSv1_2_server_method wolfDTLSv1_2_server_method +// #define CyaSSL_new wolfSSL_new +// #define CyaSSL_free wolfSSL_free +// #define CyaSSL_CTX_new wolfSSL_CTX_new +// #define CyaSSL_CTX_free wolfSSL_CTX_free +// #define CyaSSL_SetVersion wolfSSL_SetVersion +// #define CyaSSL_check_domain_name wolfSSL_check_domain_name +// #define CyaSSL_set_cipher_list wolfSSL_set_cipher_list +// #define CyaSSL_CTX_set_cipher_list wolfSSL_CTX_set_cipher_list +// #define CyaSSL_set_compression wolfSSL_set_compression +// #define CyaSSL_set_fd wolfSSL_set_fd +// #define CyaSSL_set_group_messages wolfSSL_set_group_messages +// #define CyaSSL_CTX_set_group_messages wolfSSL_CTX_set_group_messages +// #define CyaSSL_set_session wolfSSL_set_session +// #define CyaSSL_CTX_set_session_cache_mode wolfSSL_CTX_set_session_cache_mode +// #define CyaSSL_set_timeout wolfSSL_set_timeout +// #define CyaSSL_CTX_set_timeout wolfSSL_CTX_set_timeout +// #define CyaSSL_set_using_nonblock wolfSSL_set_using_nonblock +// #define CyaSSL_set_verify wolfSSL_set_verify +// #define CyaSSL_CTX_set_verify wolfSSL_CTX_set_verify + +// /* Callbacks */ +// #define CyaSSL_SetIOReadCtx wolfSSL_SetIOReadCtx +// #define CyaSSL_SetIOWriteCtx wolfSSL_SetIOWriteCtx +// #define CyaSSL_SetIOReadFlags wolfSSL_SetIOReadFlags +// #define CyaSSL_SetIOWriteFlags wolfSSL_SetIOWriteFlags +// #define CyaSSL_SetIORecv wolfSSL_SetIORecv +// #define CyaSSL_SetIOSend wolfSSL_SetIOSend +// #define CyaSSL_CTX_SetCACb wolfSSL_CTX_SetCACb +// #define CyaSSL_connect_ex wolfSSL_connect_ex +// #define CyaSSL_accept_ex wolfSSL_accept_ex +// #define CyaSSL_SetLoggingCb wolfSSL_SetLoggingCb +// #define CyaSSL_SetTlsHmacInner wolfSSL_SetTlsHmacInner +// #define CyaSSL_CTX_SetMacEncryptCb wolfSSL_CTX_SetMacEncryptCb +// #define CyaSSL_SetMacEncryptCtx wolfSSL_SetMacEncryptCtx +// #define CyaSSL_GetMacEncryptCtx wolfSSL_GetMacEncryptCtx +// #define CyaSSL_CTX_SetDecryptVerifyCb wolfSSL_CTX_SetDecryptVerifyCb +// #define CyaSSL_SetDecryptVerifyCtx wolfSSL_SetDecryptVerifyCtx +// #define CyaSSL_GetDecryptVerifyCtx wolfSSL_GetDecryptVerifyCtx +// #define CyaSSL_CTX_SetEccSignCb wolfSSL_CTX_SetEccSignCb +// #define CyaSSL_SetEccSignCtx wolfSSL_SetEccSignCtx +// #define CyaSSL_GetEccSignCtx wolfSSL_GetEccSignCtx +// #define CyaSSL_CTX_SetEccVerifyCb wolfSSL_CTX_SetEccVerifyCb +// #define CyaSSL_SetEccVerifyCtx wolfSSL_SetEccVerifyCtx +// #define CyaSSL_GetEccVerifyCtx wolfSSL_GetEccVerifyCtx +// #define CyaSSL_CTX_SetRsaSignCb wolfSSL_CTX_SetRsaSignCb +// #define CyaSSL_SetRsaSignCtx wolfSSL_SetRsaSignCtx +// #define CyaSSL_GetRsaSignCtx wolfSSL_GetRsaSignCtx +// #define CyaSSL_CTX_SetRsaVerifyCb wolfSSL_CTX_SetRsaVerifyCb +// #define CyaSSL_SetRsaVerifyCtx wolfSSL_SetRsaVerifyCtx +// #define CyaSSL_GetRsaVerifyCtx wolfSSL_GetRsaVerifyCtx +// #define CyaSSL_CTX_SetRsaEncCb wolfSSL_CTX_SetRsaEncCb +// #define CyaSSL_SetRsaEncCtx wolfSSL_SetRsaEncCtx +// #define CyaSSL_GetRsaEncCtx wolfSSL_GetRsaEncCtx +// #define CyaSSL_CTX_SetRsaDecCb wolfSSL_CTX_SetRsaDecCb +// #define CyaSSL_SetRsaDecCtx wolfSSL_SetRsaDecCtx +// #define CyaSSL_GetRsaDecCtx wolfSSL_GetRsaDecCtx + +// /* Error Handling and Debugging*/ +// #define CyaSSL_ERR_error_string wolfSSL_ERR_error_string +// #define CyaSSL_ERR_error_string_n wolfSSL_ERR_error_string_n +// #define CyaSSL_ERR_print_errors_fp wolfSSL_ERR_print_errors_fp +// #define CyaSSL_get_error wolfSSL_get_error +// #define CyaSSL_load_error_strings wolfSSL_load_error_strings +// #define CyaSSL_want_read wolfSSL_want_read +// #define CyaSSL_want_write wolfSSL_want_write +// #define CyaSSL_Debugging_ON wolfSSL_Debugging_ON +// #define CyaSSL_Debugging_OFF wolfSSL_Debugging_OFF + +// /* OCSP and CRL */ +// #define CyaSSL_CTX_OCSP_set_options wolfSSL_CTX_OCSP_set_options +// #define CyaSSL_CTX_OCSP_set_override_url wolfSSL_CTX_OCSP_set_override_url + +// /* Informational */ +// #define CyaSSL_GetObjectSize wolfSSL_GetObjectSize +// #define CyaSSL_GetMacSecret wolfSSL_GetMacSecret +// #define CyaSSL_GetClientWriteKey wolfSSL_GetClientWriteKey +// #define CyaSSL_GetClientWriteIV wolfSSL_GetClientWriteIV +// #define CyaSSL_GetServerWriteKey wolfSSL_GetServerWriteKey +// #define CyaSSL_GetServerWriteIV wolfSSL_GetServerWriteIV +// #define CyaSSL_GetKeySize wolfSSL_GetKeySize +// #define CyaSSL_GetSide wolfSSL_GetSide +// #define CyaSSL_IsTLSv1_1 wolfSSL_IsTLSv1_1 +// #define CyaSSL_GetBulkCipher wolfSSL_GetBulkCipher +// #define CyaSSL_GetCipherBlockSize wolfSSL_GetCipherBlockSize +// #define CyaSSL_GetAeadMacSize wolfSSL_GetAeadMacSize +// #define CyaSSL_GetHmacSize wolfSSL_GetHmacSize +// #define CyaSSL_GetHmacType wolfSSL_GetHmacType +// #define CyaSSL_GetCipherType wolfSSL_GetCipherType + +// /* Connection, Session, and I/O */ +// #define CyaSSL_accept wolfSSL_accept +// #define CyaSSL_connect wolfSSL_connect +// #define CyaSSL_connect_cert wolfSSL_connect_cert +// #define CyaSSL_get_fd wolfSSL_get_fd +// #define CyaSSL_get_session wolfSSL_get_session +// #define CyaSSL_get_using_nonblock wolfSSL_get_using_nonblock +// #define CyaSSL_flush_sessions wolfSSL_flush_sessions +// #define CyaSSL_negotiate wolfSSL_negotiate +// #define CyaSSL_peek wolfSSL_peek +// #define CyaSSL_pending wolfSSL_pending +// #define CyaSSL_read wolfSSL_read +// #define CyaSSL_recv wolfSSL_recv +// #define CyaSSL_send wolfSSL_send +// #define CyaSSL_write wolfSSL_write +// #define CyaSSL_writev wolfSSL_writev + +// /* DTLS Specific */ +// #define CyaSSL_dtls wolfSSL_dtls +// #define CyaSSL_dtls_get_current_timeout wolfSSL_dtls_get_current_timeout +// #define CyaSSL_dtls_get_peer wolfSSL_dtls_get_peer +// #define CyaSSL_dtls_got_timeout wolfSSL_dtls_got_timeout +// #define CyaSSL_dtls_set_peer wolfSSL_dtls_set_peer + +// /* Memory Abstraction Layer */ +// #define CyaSSL_Malloc wolfSSL_Malloc +// #define CyaSSL_Realloc wolfSSL_Realloc +// #define CyaSSL_Free wolfSSL_Free +// #define CyaSSL_SetAllocators wolfSSL_SetAllocators + +// /* Certificate Manager */ +// #define CyaSSL_CertManagerDisableCRL wolfSSL_CertManagerDisableCRL +// #define CyaSSL_CertManagerEnableCRL wolfSSL_CertManagerEnableCRL +// #define CyaSSL_CertManagerFree wolfSSL_CertManagerFree +// #define CyaSSL_CertManagerLoadCA wolfSSL_CertManagerLoadCA +// #define CyaSSL_CertManagerNew wolfSSL_CertManagerNew +// #define CyaSSL_CertManagerVerify wolfSSL_CertManagerVerify +// #define CyaSSL_CertManagerVerifyBuffer wolfSSL_CertManagerVerifyBuffer + +// /* OpenSSL Compatibility Layer */ +// #define CyaSSL_X509_get_serial_number wolfSSL_X509_get_serial_number +// #define CyaSSL_get_sessionID wolfSSL_get_sessionID +// #define CyaSSL_get_peer_chain wolfSSL_get_peer_chain +// #define CyaSSL_get_peer_count wolfSSL_get_peer_count +// #define CyaSSL_get_peer_length wolfSSL_get_peer_length +// #define CyaSSL_get_chain_cert wolfSSL_get_chain_cert +// #define CyaSSL_get_chain_cert_pem wolfSSL_get_chain_cert_pem +// #define CyaSSL_PemCertToDer wolfSSL_PemCertToDer +// #define CyaSSL_CTX_use_RSAPrivateKey_file wolfSSL_CTX_use_RSAPrivateKey_file +// #define CyaSSL_use_certificate_file wolfSSL_use_certificate_file +// #define CyaSSL_use_PrivateKey_file wolfSSL_use_PrivateKey_file +// #define CyaSSL_use_certificate_chain_file wolfSSL_use_certificate_chain_file +// #define CyaSSL_use_RSAPrivateKey_file wolfSSL_use_RSAPrivateKey_file + +// /*TLS Extensions */ +// #define CyaSSL_CTX_UseSNI wolfSSL_CTX_UseSNI +// #define CyaSSL_UseSNI wolfSSL_UseSNI +// #define CyaSSL_CTX_SNI_SetOptions wolfSSL_CTX_SNI_SetOptions +// #define CyaSSL_SNI_SetOptions wolfSSL_SNI_SetOptions +// #define CyaSSL_SNI_GetRequest wolfSSL_SNI_GetRequest +// #define CyaSSL_SNI_GetFromBuffer wolfSSL_SNI_GetFromBuffer +// #define CyaSSL_CTX_UseMaxFragment wolfSSL_CTX_UseMaxFragment +// #define CyaSSL_UseMaxFragment wolfSSL_UseMaxFragment +// #define CyaSSL_CTX_UseTruncatedHMAC wolfSSL_CTX_UseTruncatedHMAC +// #define CyaSSL_UseTruncatedHMAC wolfSSL_UseTruncatedHMAC +// #define CyaSSL_CTX_UseSupportedCurve wolfSSL_CTX_UseSupportedCurve +// #define CyaSSL_UseSupportedCurve wolfSSL_UseSupportedCurve + + + +/* Carried over from openssl compatibilty layer */ + +/* End wolfssl -> cyassl -> openssl compatibility */ #ifdef __cplusplus - } /* extern "C" */ + } /* extern "C" */ #endif -#endif /* CYASSL_SSL_H */ - +#endif /* CyaSSL_openssl_h__ */ diff --git a/src/ssl.c b/src/ssl.c index faedcb02c..5f70e0e34 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -3192,13 +3192,13 @@ static INLINE CYASSL_METHOD* cm_pick_method(void) #ifdef NO_OLD_TLS return CyaTLSv1_2_client_method(); #else - return CyaSSLv3_client_method(); - #endif + return wolfSSLv3_client_method(); + #endif #elif !defined(NO_CYASSL_SERVER) #ifdef NO_OLD_TLS return CyaTLSv1_2_server_method(); #else - return CyaSSLv3_server_method(); + return wolfSSLv3_server_method(); #endif #else return NULL; @@ -4922,7 +4922,7 @@ int CyaSSL_dtls_got_timeout(CYASSL* ssl) #ifndef NO_CYASSL_CLIENT #ifndef NO_OLD_TLS - CYASSL_METHOD* CyaSSLv3_client_method(void) + CYASSL_METHOD* wolfSSLv3_client_method(void) { CYASSL_METHOD* method = (CYASSL_METHOD*) XMALLOC(sizeof(CYASSL_METHOD), 0, @@ -5189,7 +5189,7 @@ int CyaSSL_dtls_got_timeout(CYASSL* ssl) #ifndef NO_CYASSL_SERVER #ifndef NO_OLD_TLS - CYASSL_METHOD* CyaSSLv3_server_method(void) + CYASSL_METHOD* wolfSSLv3_server_method(void) { CYASSL_METHOD* method = (CYASSL_METHOD*) XMALLOC(sizeof(CYASSL_METHOD), 0, diff --git a/tests/api.c b/tests/api.c index 4e09e2115..4cf523d8d 100644 --- a/tests/api.c +++ b/tests/api.c @@ -101,20 +101,22 @@ static void test_CyaSSL_Method_Allocators(void) TEST_METHOD_ALLOCATOR(a, AssertNull) #ifndef NO_OLD_TLS - TEST_VALID_METHOD_ALLOCATOR(CyaSSLv3_server_method); - TEST_VALID_METHOD_ALLOCATOR(CyaSSLv3_client_method); - TEST_VALID_METHOD_ALLOCATOR(CyaTLSv1_server_method); - TEST_VALID_METHOD_ALLOCATOR(CyaTLSv1_client_method); - TEST_VALID_METHOD_ALLOCATOR(CyaTLSv1_1_server_method); - TEST_VALID_METHOD_ALLOCATOR(CyaTLSv1_1_client_method); + TEST_VALID_METHOD_ALLOCATOR(wolfSSLv3_server_method); + TEST_VALID_METHOD_ALLOCATOR(wolfSSLv3_client_method); + TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_server_method); + TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_client_method); + TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_1_server_method); + TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_1_client_method); #endif - TEST_VALID_METHOD_ALLOCATOR(CyaTLSv1_2_server_method); - TEST_VALID_METHOD_ALLOCATOR(CyaTLSv1_2_client_method); + TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_2_server_method); + TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_2_client_method); TEST_VALID_METHOD_ALLOCATOR(CyaSSLv23_client_method); #ifdef CYASSL_DTLS - TEST_VALID_METHOD_ALLOCATOR(CyaDTLSv1_server_method); - TEST_VALID_METHOD_ALLOCATOR(CyaDTLSv1_client_method); + TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_server_method); + TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_client_method); + TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_2_server_method); + TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_2_client_method); #endif #ifdef OPENSSL_EXTRA diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h new file mode 100644 index 000000000..5b869f326 --- /dev/null +++ b/wolfssl/ssl.h @@ -0,0 +1,1414 @@ +/* ssl.h + * + * Copyright (C) 2006-2014 wolfSSL Inc. + * + * This file is part of CyaSSL. + * + * CyaSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * CyaSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + + +/* CyaSSL API */ + +#ifndef CYASSL_SSL_H +#define CYASSL_SSL_H + + +/* for users not using preprocessor flags*/ +#include +#include + +/* + * Name Change Include + * wolfssl -> cyassl compatability layer + */ +#include + +#ifndef NO_FILESYSTEM + #ifdef FREESCALE_MQX + #include + #else + #include /* ERR_printf */ + #endif +#endif + +#ifdef YASSL_PREFIX + #include "prefix_ssl.h" +#endif + +#ifdef LIBCYASSL_VERSION_STRING + #define CYASSL_VERSION LIBCYASSL_VERSION_STRING +#endif + +#ifdef _WIN32 + /* wincrypt.h clashes */ + #undef OCSP_REQUEST + #undef OCSP_RESPONSE +#endif + + + +#ifdef __cplusplus + extern "C" { +#endif + +typedef struct CYASSL CYASSL; +typedef struct CYASSL_SESSION CYASSL_SESSION; +typedef struct CYASSL_METHOD CYASSL_METHOD; +typedef struct CYASSL_CTX CYASSL_CTX; + +typedef struct CYASSL_X509 CYASSL_X509; +typedef struct CYASSL_X509_NAME CYASSL_X509_NAME; +typedef struct CYASSL_X509_CHAIN CYASSL_X509_CHAIN; + +typedef struct CYASSL_CERT_MANAGER CYASSL_CERT_MANAGER; +typedef struct CYASSL_SOCKADDR CYASSL_SOCKADDR; + +/* redeclare guard */ +#define CYASSL_TYPES_DEFINED + + +typedef struct CYASSL_RSA CYASSL_RSA; +typedef struct CYASSL_DSA CYASSL_DSA; +typedef struct CYASSL_CIPHER CYASSL_CIPHER; +typedef struct CYASSL_X509_LOOKUP CYASSL_X509_LOOKUP; +typedef struct CYASSL_X509_LOOKUP_METHOD CYASSL_X509_LOOKUP_METHOD; +typedef struct CYASSL_X509_CRL CYASSL_X509_CRL; +typedef struct CYASSL_BIO CYASSL_BIO; +typedef struct CYASSL_BIO_METHOD CYASSL_BIO_METHOD; +typedef struct CYASSL_X509_EXTENSION CYASSL_X509_EXTENSION; +typedef struct CYASSL_ASN1_TIME CYASSL_ASN1_TIME; +typedef struct CYASSL_ASN1_INTEGER CYASSL_ASN1_INTEGER; +typedef struct CYASSL_ASN1_OBJECT CYASSL_ASN1_OBJECT; +typedef struct CYASSL_ASN1_STRING CYASSL_ASN1_STRING; +typedef struct CYASSL_dynlock_value CYASSL_dynlock_value; + +#define CYASSL_ASN1_UTCTIME CYASSL_ASN1_TIME + +typedef struct CYASSL_EVP_PKEY { + int type; /* openssh dereference */ + int save_type; /* openssh dereference */ + int pkey_sz; + union { + char* ptr; + } pkey; + #ifdef HAVE_ECC + int pkey_curve; + #endif +} CYASSL_EVP_PKEY; + +typedef struct CYASSL_MD4_CTX { + int buffer[32]; /* big enough to hold, check size in Init */ +} CYASSL_MD4_CTX; + + +typedef struct CYASSL_COMP_METHOD { + int type; /* stunnel dereference */ +} CYASSL_COMP_METHOD; + + +typedef struct CYASSL_X509_STORE { + int cache; /* stunnel dereference */ + CYASSL_CERT_MANAGER* cm; +} CYASSL_X509_STORE; + +typedef struct CYASSL_ALERT { + int code; + int level; +} CYASSL_ALERT; + +typedef struct CYASSL_ALERT_HISTORY { + CYASSL_ALERT last_rx; + CYASSL_ALERT last_tx; +} CYASSL_ALERT_HISTORY; + +typedef struct CYASSL_X509_REVOKED { + CYASSL_ASN1_INTEGER* serialNumber; /* stunnel dereference */ +} CYASSL_X509_REVOKED; + + +typedef struct CYASSL_X509_OBJECT { + union { + char* ptr; + CYASSL_X509_CRL* crl; /* stunnel dereference */ + } data; +} CYASSL_X509_OBJECT; + + +typedef struct CYASSL_X509_STORE_CTX { + CYASSL_X509_STORE* store; /* Store full of a CA cert chain */ + CYASSL_X509* current_cert; /* stunnel dereference */ + char* domain; /* subject CN domain name */ + void* ex_data; /* external data, for fortress build */ + void* userCtx; /* user ctx */ + int error; /* current error */ + int error_depth; /* cert depth for this error */ + int discardSessionCerts; /* so verify callback can flag for discard */ +} CYASSL_X509_STORE_CTX; + + +/* Valid Alert types from page 16/17 */ +enum AlertDescription { + close_notify = 0, + unexpected_message = 10, + bad_record_mac = 20, + record_overflow = 22, + decompression_failure = 30, + handshake_failure = 40, + no_certificate = 41, + bad_certificate = 42, + unsupported_certificate = 43, + certificate_revoked = 44, + certificate_expired = 45, + certificate_unknown = 46, + illegal_parameter = 47, + decrypt_error = 51, + protocol_version = 70, + no_renegotiation = 100, + unrecognized_name = 112 +}; + + +enum AlertLevel { + alert_warning = 1, + alert_fatal = 2 +}; + + +CYASSL_API CYASSL_METHOD *wolfSSLv3_server_method(void); +CYASSL_API CYASSL_METHOD *wolfSSLv3_client_method(void); +CYASSL_API CYASSL_METHOD *wolfTLSv1_server_method(void); +CYASSL_API CYASSL_METHOD *wolfTLSv1_client_method(void); +CYASSL_API CYASSL_METHOD *wolfTLSv1_1_server_method(void); +CYASSL_API CYASSL_METHOD *wolfTLSv1_1_client_method(void); +CYASSL_API CYASSL_METHOD *wolfTLSv1_2_server_method(void); +CYASSL_API CYASSL_METHOD *wolfTLSv1_2_client_method(void); + +#ifdef CYASSL_DTLS + CYASSL_API CYASSL_METHOD *wolfDTLSv1_client_method(void); + CYASSL_API CYASSL_METHOD *wolfDTLSv1_server_method(void); + CYASSL_API CYASSL_METHOD *wolfDTLSv1_2_client_method(void); + CYASSL_API CYASSL_METHOD *wolfDTLSv1_2_server_method(void); +#endif + +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) + +CYASSL_API int CyaSSL_CTX_use_certificate_file(CYASSL_CTX*, const char*, int); +CYASSL_API int CyaSSL_CTX_use_PrivateKey_file(CYASSL_CTX*, const char*, int); +CYASSL_API int CyaSSL_CTX_load_verify_locations(CYASSL_CTX*, const char*, + const char*); +CYASSL_API int CyaSSL_CTX_use_certificate_chain_file(CYASSL_CTX *, + const char *file); +CYASSL_API int CyaSSL_CTX_use_RSAPrivateKey_file(CYASSL_CTX*, const char*, int); + +CYASSL_API int CyaSSL_use_certificate_file(CYASSL*, const char*, int); +CYASSL_API int CyaSSL_use_PrivateKey_file(CYASSL*, const char*, int); +CYASSL_API int CyaSSL_use_certificate_chain_file(CYASSL*, const char *file); +CYASSL_API int CyaSSL_use_RSAPrivateKey_file(CYASSL*, const char*, int); + +#ifdef CYASSL_DER_LOAD + CYASSL_API int CyaSSL_CTX_der_load_verify_locations(CYASSL_CTX*, + const char*, int); +#endif + +#ifdef HAVE_POLY1305 + CYASSL_API int CyaSSL_use_old_poly(CYASSL*, int); +#endif + +#ifdef HAVE_NTRU + CYASSL_API int CyaSSL_CTX_use_NTRUPrivateKey_file(CYASSL_CTX*, const char*); + /* load NTRU private key blob */ +#endif + +#ifndef CYASSL_PEMCERT_TODER_DEFINED + CYASSL_API int CyaSSL_PemCertToDer(const char*, unsigned char*, int); + #define CYASSL_PEMCERT_TODER_DEFINED +#endif + +#endif /* !NO_FILESYSTEM && !NO_CERTS */ + +CYASSL_API CYASSL_CTX* CyaSSL_CTX_new(CYASSL_METHOD*); +CYASSL_API CYASSL* CyaSSL_new(CYASSL_CTX*); +CYASSL_API int CyaSSL_set_fd (CYASSL*, int); +CYASSL_API int CyaSSL_get_ciphers(char*, int); +CYASSL_API int CyaSSL_get_fd(const CYASSL*); +CYASSL_API void CyaSSL_set_using_nonblock(CYASSL*, int); +CYASSL_API int CyaSSL_get_using_nonblock(CYASSL*); +CYASSL_API int CyaSSL_connect(CYASSL*); /* please see note at top of README + if you get an error from connect */ +CYASSL_API int CyaSSL_write(CYASSL*, const void*, int); +CYASSL_API int CyaSSL_read(CYASSL*, void*, int); +CYASSL_API int CyaSSL_peek(CYASSL*, void*, int); +CYASSL_API int CyaSSL_accept(CYASSL*); +CYASSL_API void CyaSSL_CTX_free(CYASSL_CTX*); +CYASSL_API void CyaSSL_free(CYASSL*); +CYASSL_API int CyaSSL_shutdown(CYASSL*); +CYASSL_API int CyaSSL_send(CYASSL*, const void*, int sz, int flags); +CYASSL_API int CyaSSL_recv(CYASSL*, void*, int sz, int flags); + +CYASSL_API void CyaSSL_CTX_set_quiet_shutdown(CYASSL_CTX*, int); +CYASSL_API void CyaSSL_set_quiet_shutdown(CYASSL*, int); + +CYASSL_API int CyaSSL_get_error(CYASSL*, int); +CYASSL_API int CyaSSL_get_alert_history(CYASSL*, CYASSL_ALERT_HISTORY *); + +CYASSL_API int CyaSSL_set_session(CYASSL* ssl,CYASSL_SESSION* session); +CYASSL_API CYASSL_SESSION* CyaSSL_get_session(CYASSL* ssl); +CYASSL_API void CyaSSL_flush_sessions(CYASSL_CTX *ctx, long tm); +CYASSL_API int CyaSSL_SetServerID(CYASSL* ssl, const unsigned char*, + int, int); + +#ifdef SESSION_INDEX +CYASSL_API int CyaSSL_GetSessionIndex(CYASSL* ssl); +CYASSL_API int CyaSSL_GetSessionAtIndex(int index, CYASSL_SESSION* session); +#endif /* SESSION_INDEX */ + +#if defined(SESSION_INDEX) && defined(SESSION_CERTS) +CYASSL_API + CYASSL_X509_CHAIN* CyaSSL_SESSION_get_peer_chain(CYASSL_SESSION* session); +#endif /* SESSION_INDEX && SESSION_CERTS */ + +typedef int (*VerifyCallback)(int, CYASSL_X509_STORE_CTX*); +typedef int (*pem_password_cb)(char*, int, int, void*); + +CYASSL_API void CyaSSL_CTX_set_verify(CYASSL_CTX*, int, + VerifyCallback verify_callback); +CYASSL_API void CyaSSL_set_verify(CYASSL*, int, VerifyCallback verify_callback); +CYASSL_API void CyaSSL_SetCertCbCtx(CYASSL*, void*); + +CYASSL_API int CyaSSL_pending(CYASSL*); + +CYASSL_API void CyaSSL_load_error_strings(void); +CYASSL_API int CyaSSL_library_init(void); +CYASSL_API long CyaSSL_CTX_set_session_cache_mode(CYASSL_CTX*, long); + +#ifdef HAVE_SECRET_CALLBACK +typedef int (*SessionSecretCb)(CYASSL* ssl, + void* secret, int* secretSz, void* ctx); +CYASSL_API int CyaSSL_set_session_secret_cb(CYASSL*, SessionSecretCb, void*); +#endif /* HAVE_SECRET_CALLBACK */ + +/* session cache persistence */ +CYASSL_API int CyaSSL_save_session_cache(const char*); +CYASSL_API int CyaSSL_restore_session_cache(const char*); +CYASSL_API int CyaSSL_memsave_session_cache(void*, int); +CYASSL_API int CyaSSL_memrestore_session_cache(const void*, int); +CYASSL_API int CyaSSL_get_session_cache_memsize(void); + +/* certificate cache persistence, uses ctx since certs are per ctx */ +CYASSL_API int CyaSSL_CTX_save_cert_cache(CYASSL_CTX*, const char*); +CYASSL_API int CyaSSL_CTX_restore_cert_cache(CYASSL_CTX*, const char*); +CYASSL_API int CyaSSL_CTX_memsave_cert_cache(CYASSL_CTX*, void*, int, int*); +CYASSL_API int CyaSSL_CTX_memrestore_cert_cache(CYASSL_CTX*, const void*, int); +CYASSL_API int CyaSSL_CTX_get_cert_cache_memsize(CYASSL_CTX*); + +/* only supports full name from cipher_name[] delimited by : */ +CYASSL_API int CyaSSL_CTX_set_cipher_list(CYASSL_CTX*, const char*); +CYASSL_API int CyaSSL_set_cipher_list(CYASSL*, const char*); + +/* Nonblocking DTLS helper functions */ +CYASSL_API int CyaSSL_dtls_get_current_timeout(CYASSL* ssl); +CYASSL_API int CyaSSL_dtls_set_timeout_init(CYASSL* ssl, int); +CYASSL_API int CyaSSL_dtls_set_timeout_max(CYASSL* ssl, int); +CYASSL_API int CyaSSL_dtls_got_timeout(CYASSL* ssl); +CYASSL_API int CyaSSL_dtls(CYASSL* ssl); + +CYASSL_API int CyaSSL_dtls_set_peer(CYASSL*, void*, unsigned int); +CYASSL_API int CyaSSL_dtls_get_peer(CYASSL*, void*, unsigned int*); + +CYASSL_API int CyaSSL_ERR_GET_REASON(int err); +CYASSL_API char* CyaSSL_ERR_error_string(unsigned long,char*); +CYASSL_API void CyaSSL_ERR_error_string_n(unsigned long e, char* buf, + unsigned long sz); +CYASSL_API const char* CyaSSL_ERR_reason_error_string(unsigned long); + +/* extras */ + +#define STACK_OF(x) x + +CYASSL_API int CyaSSL_set_ex_data(CYASSL*, int, void*); +CYASSL_API int CyaSSL_get_shutdown(const CYASSL*); +CYASSL_API int CyaSSL_set_rfd(CYASSL*, int); +CYASSL_API int CyaSSL_set_wfd(CYASSL*, int); +CYASSL_API void CyaSSL_set_shutdown(CYASSL*, int); +CYASSL_API int CyaSSL_set_session_id_context(CYASSL*, const unsigned char*, + unsigned int); +CYASSL_API void CyaSSL_set_connect_state(CYASSL*); +CYASSL_API void CyaSSL_set_accept_state(CYASSL*); +CYASSL_API int CyaSSL_session_reused(CYASSL*); +CYASSL_API void CyaSSL_SESSION_free(CYASSL_SESSION* session); +CYASSL_API int CyaSSL_is_init_finished(CYASSL*); + +CYASSL_API const char* CyaSSL_get_version(CYASSL*); +CYASSL_API int CyaSSL_get_current_cipher_suite(CYASSL* ssl); +CYASSL_API CYASSL_CIPHER* CyaSSL_get_current_cipher(CYASSL*); +CYASSL_API char* CyaSSL_CIPHER_description(CYASSL_CIPHER*, char*, int); +CYASSL_API const char* CyaSSL_CIPHER_get_name(const CYASSL_CIPHER* cipher); +CYASSL_API const char* CyaSSL_get_cipher(CYASSL*); +CYASSL_API CYASSL_SESSION* CyaSSL_get1_session(CYASSL* ssl); + /* what's ref count */ + +CYASSL_API void CyaSSL_X509_free(CYASSL_X509*); +CYASSL_API void CyaSSL_OPENSSL_free(void*); + +CYASSL_API int CyaSSL_OCSP_parse_url(char* url, char** host, char** port, + char** path, int* ssl); + +CYASSL_API CYASSL_METHOD* CyaSSLv23_client_method(void); +CYASSL_API CYASSL_METHOD* CyaSSLv2_client_method(void); +CYASSL_API CYASSL_METHOD* CyaSSLv2_server_method(void); + +CYASSL_API void CyaSSL_MD4_Init(CYASSL_MD4_CTX*); +CYASSL_API void CyaSSL_MD4_Update(CYASSL_MD4_CTX*, const void*, unsigned long); +CYASSL_API void CyaSSL_MD4_Final(unsigned char*, CYASSL_MD4_CTX*); + + +CYASSL_API CYASSL_BIO* CyaSSL_BIO_new(CYASSL_BIO_METHOD*); +CYASSL_API int CyaSSL_BIO_free(CYASSL_BIO*); +CYASSL_API int CyaSSL_BIO_free_all(CYASSL_BIO*); +CYASSL_API int CyaSSL_BIO_read(CYASSL_BIO*, void*, int); +CYASSL_API int CyaSSL_BIO_write(CYASSL_BIO*, const void*, int); +CYASSL_API CYASSL_BIO* CyaSSL_BIO_push(CYASSL_BIO*, CYASSL_BIO* append); +CYASSL_API CYASSL_BIO* CyaSSL_BIO_pop(CYASSL_BIO*); +CYASSL_API int CyaSSL_BIO_flush(CYASSL_BIO*); +CYASSL_API int CyaSSL_BIO_pending(CYASSL_BIO*); + +CYASSL_API CYASSL_BIO_METHOD* CyaSSL_BIO_f_buffer(void); +CYASSL_API long CyaSSL_BIO_set_write_buffer_size(CYASSL_BIO*, long size); +CYASSL_API CYASSL_BIO_METHOD* CyaSSL_BIO_f_ssl(void); +CYASSL_API CYASSL_BIO* CyaSSL_BIO_new_socket(int sfd, int flag); +CYASSL_API int CyaSSL_BIO_eof(CYASSL_BIO*); + +CYASSL_API CYASSL_BIO_METHOD* CyaSSL_BIO_s_mem(void); +CYASSL_API CYASSL_BIO_METHOD* CyaSSL_BIO_f_base64(void); +CYASSL_API void CyaSSL_BIO_set_flags(CYASSL_BIO*, int); + +CYASSL_API int CyaSSL_BIO_get_mem_data(CYASSL_BIO* bio,const unsigned char** p); +CYASSL_API CYASSL_BIO* CyaSSL_BIO_new_mem_buf(void* buf, int len); + + +CYASSL_API long CyaSSL_BIO_set_ssl(CYASSL_BIO*, CYASSL*, int flag); +CYASSL_API void CyaSSL_set_bio(CYASSL*, CYASSL_BIO* rd, CYASSL_BIO* wr); + +CYASSL_API int CyaSSL_add_all_algorithms(void); + +CYASSL_API void CyaSSL_RAND_screen(void); +CYASSL_API const char* CyaSSL_RAND_file_name(char*, unsigned long); +CYASSL_API int CyaSSL_RAND_write_file(const char*); +CYASSL_API int CyaSSL_RAND_load_file(const char*, long); +CYASSL_API int CyaSSL_RAND_egd(const char*); +CYASSL_API int CyaSSL_RAND_seed(const void*, int); +CYASSL_API void CyaSSL_RAND_add(const void*, int, double); + +CYASSL_API CYASSL_COMP_METHOD* CyaSSL_COMP_zlib(void); +CYASSL_API CYASSL_COMP_METHOD* CyaSSL_COMP_rle(void); +CYASSL_API int CyaSSL_COMP_add_compression_method(int, void*); + +CYASSL_API int CyaSSL_get_ex_new_index(long, void*, void*, void*, void*); + +CYASSL_API void CyaSSL_set_id_callback(unsigned long (*f)(void)); +CYASSL_API void CyaSSL_set_locking_callback(void (*f)(int, int, const char*, + int)); +CYASSL_API void CyaSSL_set_dynlock_create_callback(CYASSL_dynlock_value* (*f) + (const char*, int)); +CYASSL_API void CyaSSL_set_dynlock_lock_callback(void (*f)(int, + CYASSL_dynlock_value*, const char*, int)); +CYASSL_API void CyaSSL_set_dynlock_destroy_callback(void (*f) + (CYASSL_dynlock_value*, const char*, int)); +CYASSL_API int CyaSSL_num_locks(void); + +CYASSL_API CYASSL_X509* CyaSSL_X509_STORE_CTX_get_current_cert( + CYASSL_X509_STORE_CTX*); +CYASSL_API int CyaSSL_X509_STORE_CTX_get_error(CYASSL_X509_STORE_CTX*); +CYASSL_API int CyaSSL_X509_STORE_CTX_get_error_depth(CYASSL_X509_STORE_CTX*); + +CYASSL_API char* CyaSSL_X509_NAME_oneline(CYASSL_X509_NAME*, char*, int); +CYASSL_API CYASSL_X509_NAME* CyaSSL_X509_get_issuer_name(CYASSL_X509*); +CYASSL_API CYASSL_X509_NAME* CyaSSL_X509_get_subject_name(CYASSL_X509*); +CYASSL_API int CyaSSL_X509_ext_isSet_by_NID(CYASSL_X509*, int); +CYASSL_API int CyaSSL_X509_ext_get_critical_by_NID(CYASSL_X509*, int); +CYASSL_API int CyaSSL_X509_get_isCA(CYASSL_X509*); +CYASSL_API int CyaSSL_X509_get_isSet_pathLength(CYASSL_X509*); +CYASSL_API unsigned int CyaSSL_X509_get_pathLength(CYASSL_X509*); +CYASSL_API unsigned int CyaSSL_X509_get_keyUsage(CYASSL_X509*); +CYASSL_API unsigned char* CyaSSL_X509_get_authorityKeyID( + CYASSL_X509*, unsigned char*, int*); +CYASSL_API unsigned char* CyaSSL_X509_get_subjectKeyID( + CYASSL_X509*, unsigned char*, int*); +CYASSL_API int CyaSSL_X509_NAME_entry_count(CYASSL_X509_NAME*); +CYASSL_API int CyaSSL_X509_NAME_get_text_by_NID( + CYASSL_X509_NAME*, int, char*, int); +CYASSL_API int CyaSSL_X509_verify_cert(CYASSL_X509_STORE_CTX*); +CYASSL_API const char* CyaSSL_X509_verify_cert_error_string(long); +CYASSL_API int CyaSSL_X509_get_signature_type(CYASSL_X509*); +CYASSL_API int CyaSSL_X509_get_signature(CYASSL_X509*, unsigned char*, int*); + +CYASSL_API int CyaSSL_X509_LOOKUP_add_dir(CYASSL_X509_LOOKUP*,const char*,long); +CYASSL_API int CyaSSL_X509_LOOKUP_load_file(CYASSL_X509_LOOKUP*, const char*, + long); +CYASSL_API CYASSL_X509_LOOKUP_METHOD* CyaSSL_X509_LOOKUP_hash_dir(void); +CYASSL_API CYASSL_X509_LOOKUP_METHOD* CyaSSL_X509_LOOKUP_file(void); + +CYASSL_API CYASSL_X509_LOOKUP* CyaSSL_X509_STORE_add_lookup(CYASSL_X509_STORE*, + CYASSL_X509_LOOKUP_METHOD*); +CYASSL_API CYASSL_X509_STORE* CyaSSL_X509_STORE_new(void); +CYASSL_API void CyaSSL_X509_STORE_free(CYASSL_X509_STORE*); +CYASSL_API int CyaSSL_X509_STORE_add_cert( + CYASSL_X509_STORE*, CYASSL_X509*); +CYASSL_API int CyaSSL_X509_STORE_set_default_paths(CYASSL_X509_STORE*); +CYASSL_API int CyaSSL_X509_STORE_get_by_subject(CYASSL_X509_STORE_CTX*, + int, CYASSL_X509_NAME*, CYASSL_X509_OBJECT*); +CYASSL_API CYASSL_X509_STORE_CTX* CyaSSL_X509_STORE_CTX_new(void); +CYASSL_API int CyaSSL_X509_STORE_CTX_init(CYASSL_X509_STORE_CTX*, + CYASSL_X509_STORE*, CYASSL_X509*, STACK_OF(CYASSL_X509)*); +CYASSL_API void CyaSSL_X509_STORE_CTX_free(CYASSL_X509_STORE_CTX*); +CYASSL_API void CyaSSL_X509_STORE_CTX_cleanup(CYASSL_X509_STORE_CTX*); + +CYASSL_API CYASSL_ASN1_TIME* CyaSSL_X509_CRL_get_lastUpdate(CYASSL_X509_CRL*); +CYASSL_API CYASSL_ASN1_TIME* CyaSSL_X509_CRL_get_nextUpdate(CYASSL_X509_CRL*); + +CYASSL_API CYASSL_EVP_PKEY* CyaSSL_X509_get_pubkey(CYASSL_X509*); +CYASSL_API int CyaSSL_X509_CRL_verify(CYASSL_X509_CRL*, CYASSL_EVP_PKEY*); +CYASSL_API void CyaSSL_X509_STORE_CTX_set_error(CYASSL_X509_STORE_CTX*, + int); +CYASSL_API void CyaSSL_X509_OBJECT_free_contents(CYASSL_X509_OBJECT*); +CYASSL_API void CyaSSL_EVP_PKEY_free(CYASSL_EVP_PKEY*); +CYASSL_API int CyaSSL_X509_cmp_current_time(const CYASSL_ASN1_TIME*); +CYASSL_API int CyaSSL_sk_X509_REVOKED_num(CYASSL_X509_REVOKED*); + +CYASSL_API CYASSL_X509_REVOKED* CyaSSL_X509_CRL_get_REVOKED(CYASSL_X509_CRL*); +CYASSL_API CYASSL_X509_REVOKED* CyaSSL_sk_X509_REVOKED_value( + CYASSL_X509_REVOKED*,int); +CYASSL_API CYASSL_ASN1_INTEGER* CyaSSL_X509_get_serialNumber(CYASSL_X509*); + +CYASSL_API int CyaSSL_ASN1_TIME_print(CYASSL_BIO*, const CYASSL_ASN1_TIME*); + +CYASSL_API int CyaSSL_ASN1_INTEGER_cmp(const CYASSL_ASN1_INTEGER*, + const CYASSL_ASN1_INTEGER*); +CYASSL_API long CyaSSL_ASN1_INTEGER_get(const CYASSL_ASN1_INTEGER*); + +CYASSL_API STACK_OF(CYASSL_X509_NAME)* CyaSSL_load_client_CA_file(const char*); + +CYASSL_API void CyaSSL_CTX_set_client_CA_list(CYASSL_CTX*, + STACK_OF(CYASSL_X509_NAME)*); +CYASSL_API void* CyaSSL_X509_STORE_CTX_get_ex_data(CYASSL_X509_STORE_CTX*, int); +CYASSL_API int CyaSSL_get_ex_data_X509_STORE_CTX_idx(void); +CYASSL_API void* CyaSSL_get_ex_data(const CYASSL*, int); + +CYASSL_API void CyaSSL_CTX_set_default_passwd_cb_userdata(CYASSL_CTX*, + void* userdata); +CYASSL_API void CyaSSL_CTX_set_default_passwd_cb(CYASSL_CTX*, pem_password_cb); + + +CYASSL_API void CyaSSL_CTX_set_info_callback(CYASSL_CTX*, void (*)(void)); + +CYASSL_API unsigned long CyaSSL_ERR_peek_error(void); +CYASSL_API int CyaSSL_GET_REASON(int); + +CYASSL_API char* CyaSSL_alert_type_string_long(int); +CYASSL_API char* CyaSSL_alert_desc_string_long(int); +CYASSL_API char* CyaSSL_state_string_long(CYASSL*); + +CYASSL_API CYASSL_RSA* CyaSSL_RSA_generate_key(int, unsigned long, + void(*)(int, int, void*), void*); +CYASSL_API void CyaSSL_CTX_set_tmp_rsa_callback(CYASSL_CTX*, + CYASSL_RSA*(*)(CYASSL*, int, int)); + +CYASSL_API int CyaSSL_PEM_def_callback(char*, int num, int w, void* key); + +CYASSL_API long CyaSSL_CTX_sess_accept(CYASSL_CTX*); +CYASSL_API long CyaSSL_CTX_sess_connect(CYASSL_CTX*); +CYASSL_API long CyaSSL_CTX_sess_accept_good(CYASSL_CTX*); +CYASSL_API long CyaSSL_CTX_sess_connect_good(CYASSL_CTX*); +CYASSL_API long CyaSSL_CTX_sess_accept_renegotiate(CYASSL_CTX*); +CYASSL_API long CyaSSL_CTX_sess_connect_renegotiate(CYASSL_CTX*); +CYASSL_API long CyaSSL_CTX_sess_hits(CYASSL_CTX*); +CYASSL_API long CyaSSL_CTX_sess_cb_hits(CYASSL_CTX*); +CYASSL_API long CyaSSL_CTX_sess_cache_full(CYASSL_CTX*); +CYASSL_API long CyaSSL_CTX_sess_misses(CYASSL_CTX*); +CYASSL_API long CyaSSL_CTX_sess_timeouts(CYASSL_CTX*); +CYASSL_API long CyaSSL_CTX_sess_number(CYASSL_CTX*); +CYASSL_API long CyaSSL_CTX_sess_get_cache_size(CYASSL_CTX*); + +#define CYASSL_DEFAULT_CIPHER_LIST "" /* default all */ +#define CYASSL_RSA_F4 0x10001L + +enum { + OCSP_NOCERTS = 1, + OCSP_NOINTERN = 2, + OCSP_NOSIGS = 4, + OCSP_NOCHAIN = 8, + OCSP_NOVERIFY = 16, + OCSP_NOEXPLICIT = 32, + OCSP_NOCASIGN = 64, + OCSP_NODELEGATED = 128, + OCSP_NOCHECKS = 256, + OCSP_TRUSTOTHER = 512, + OCSP_RESPID_KEY = 1024, + OCSP_NOTIME = 2048, + + OCSP_CERTID = 2, + OCSP_REQUEST = 4, + OCSP_RESPONSE = 8, + OCSP_BASICRESP = 16, + + CYASSL_OCSP_URL_OVERRIDE = 1, + CYASSL_OCSP_NO_NONCE = 2, + + CYASSL_CRL_CHECKALL = 1, + + ASN1_GENERALIZEDTIME = 4, + + SSL_OP_MICROSOFT_SESS_ID_BUG = 1, + SSL_OP_NETSCAPE_CHALLENGE_BUG = 2, + SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG = 3, + SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG = 4, + SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER = 5, + SSL_OP_MSIE_SSLV2_RSA_PADDING = 6, + SSL_OP_SSLEAY_080_CLIENT_DH_BUG = 7, + SSL_OP_TLS_D5_BUG = 8, + SSL_OP_TLS_BLOCK_PADDING_BUG = 9, + SSL_OP_TLS_ROLLBACK_BUG = 10, + SSL_OP_ALL = 11, + SSL_OP_EPHEMERAL_RSA = 12, + SSL_OP_NO_SSLv3 = 13, + SSL_OP_NO_TLSv1 = 14, + SSL_OP_PKCS1_CHECK_1 = 15, + SSL_OP_PKCS1_CHECK_2 = 16, + SSL_OP_NETSCAPE_CA_DN_BUG = 17, + SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG = 18, + SSL_OP_SINGLE_DH_USE = 19, + SSL_OP_NO_TICKET = 20, + SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS = 21, + SSL_OP_NO_QUERY_MTU = 22, + SSL_OP_COOKIE_EXCHANGE = 23, + SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION = 24, + SSL_OP_SINGLE_ECDH_USE = 25, + SSL_OP_CIPHER_SERVER_PREFERENCE = 26, + + SSL_MAX_SSL_SESSION_ID_LENGTH = 32, + + EVP_R_BAD_DECRYPT = 2, + + SSL_CB_LOOP = 4, + SSL_ST_CONNECT = 5, + SSL_ST_ACCEPT = 6, + SSL_CB_ALERT = 7, + SSL_CB_READ = 8, + SSL_CB_HANDSHAKE_DONE = 9, + + SSL_MODE_ENABLE_PARTIAL_WRITE = 2, + + BIO_FLAGS_BASE64_NO_NL = 1, + BIO_CLOSE = 1, + BIO_NOCLOSE = 0, + + NID_undef = 0, + + X509_FILETYPE_PEM = 8, + X509_LU_X509 = 9, + X509_LU_CRL = 12, + + X509_V_ERR_CRL_SIGNATURE_FAILURE = 13, + X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD = 14, + X509_V_ERR_CRL_HAS_EXPIRED = 15, + X509_V_ERR_CERT_REVOKED = 16, + X509_V_ERR_CERT_CHAIN_TOO_LONG = 17, + X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT = 18, + X509_V_ERR_CERT_NOT_YET_VALID = 19, + X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD = 20, + X509_V_ERR_CERT_HAS_EXPIRED = 21, + X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD = 22, + + X509_V_OK = 0, + + CRYPTO_LOCK = 1, + CRYPTO_NUM_LOCKS = 10 +}; + +/* extras end */ + +#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) +/* CyaSSL extension, provide last error from SSL_get_error + since not using thread storage error queue */ +CYASSL_API void CyaSSL_ERR_print_errors_fp(FILE*, int err); +#endif + +enum { /* ssl Constants */ + SSL_ERROR_NONE = 0, /* for most functions */ + SSL_FAILURE = 0, /* for some functions */ + SSL_SUCCESS = 1, + + SSL_BAD_CERTTYPE = -8, + SSL_BAD_STAT = -7, + SSL_BAD_PATH = -6, + SSL_BAD_FILETYPE = -5, + SSL_BAD_FILE = -4, + SSL_NOT_IMPLEMENTED = -3, + SSL_UNKNOWN = -2, + SSL_FATAL_ERROR = -1, + + SSL_FILETYPE_ASN1 = 2, + SSL_FILETYPE_PEM = 1, + SSL_FILETYPE_DEFAULT = 2, /* ASN1 */ + SSL_FILETYPE_RAW = 3, /* NTRU raw key blob */ + + SSL_VERIFY_NONE = 0, + SSL_VERIFY_PEER = 1, + SSL_VERIFY_FAIL_IF_NO_PEER_CERT = 2, + SSL_VERIFY_CLIENT_ONCE = 4, + + SSL_SESS_CACHE_OFF = 30, + SSL_SESS_CACHE_CLIENT = 31, + SSL_SESS_CACHE_SERVER = 32, + SSL_SESS_CACHE_BOTH = 33, + SSL_SESS_CACHE_NO_AUTO_CLEAR = 34, + SSL_SESS_CACHE_NO_INTERNAL_LOOKUP = 35, + + SSL_ERROR_WANT_READ = 2, + SSL_ERROR_WANT_WRITE = 3, + SSL_ERROR_WANT_CONNECT = 7, + SSL_ERROR_WANT_ACCEPT = 8, + SSL_ERROR_SYSCALL = 5, + SSL_ERROR_WANT_X509_LOOKUP = 83, + SSL_ERROR_ZERO_RETURN = 6, + SSL_ERROR_SSL = 85, + + SSL_SENT_SHUTDOWN = 1, + SSL_RECEIVED_SHUTDOWN = 2, + SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER = 4, + SSL_OP_NO_SSLv2 = 8, + + SSL_R_SSL_HANDSHAKE_FAILURE = 101, + SSL_R_TLSV1_ALERT_UNKNOWN_CA = 102, + SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN = 103, + SSL_R_SSLV3_ALERT_BAD_CERTIFICATE = 104, + + PEM_BUFSIZE = 1024 +}; + + +#ifndef NO_PSK + typedef unsigned int (*psk_client_callback)(CYASSL*, const char*, char*, + unsigned int, unsigned char*, unsigned int); + CYASSL_API void CyaSSL_CTX_set_psk_client_callback(CYASSL_CTX*, + psk_client_callback); + CYASSL_API void CyaSSL_set_psk_client_callback(CYASSL*,psk_client_callback); + + CYASSL_API const char* CyaSSL_get_psk_identity_hint(const CYASSL*); + CYASSL_API const char* CyaSSL_get_psk_identity(const CYASSL*); + + CYASSL_API int CyaSSL_CTX_use_psk_identity_hint(CYASSL_CTX*, const char*); + CYASSL_API int CyaSSL_use_psk_identity_hint(CYASSL*, const char*); + + typedef unsigned int (*psk_server_callback)(CYASSL*, const char*, + unsigned char*, unsigned int); + CYASSL_API void CyaSSL_CTX_set_psk_server_callback(CYASSL_CTX*, + psk_server_callback); + CYASSL_API void CyaSSL_set_psk_server_callback(CYASSL*,psk_server_callback); + + #define PSK_TYPES_DEFINED +#endif /* NO_PSK */ + + +#ifdef HAVE_ANON + CYASSL_API int CyaSSL_CTX_allow_anon_cipher(CYASSL_CTX*); +#endif /* HAVE_ANON */ + + +/* extra begins */ + +enum { /* ERR Constants */ + ERR_TXT_STRING = 1 +}; + +CYASSL_API unsigned long CyaSSL_ERR_get_error_line_data(const char**, int*, + const char**, int *); + +CYASSL_API unsigned long CyaSSL_ERR_get_error(void); +CYASSL_API void CyaSSL_ERR_clear_error(void); + + +CYASSL_API int CyaSSL_RAND_status(void); +CYASSL_API int CyaSSL_RAND_bytes(unsigned char* buf, int num); +CYASSL_API CYASSL_METHOD *CyaSSLv23_server_method(void); +CYASSL_API long CyaSSL_CTX_set_options(CYASSL_CTX*, long); +#ifndef NO_CERTS + CYASSL_API int CyaSSL_CTX_check_private_key(CYASSL_CTX*); +#endif /* !NO_CERTS */ + +CYASSL_API void CyaSSL_ERR_free_strings(void); +CYASSL_API void CyaSSL_ERR_remove_state(unsigned long); +CYASSL_API void CyaSSL_EVP_cleanup(void); + +CYASSL_API void CyaSSL_cleanup_all_ex_data(void); +CYASSL_API long CyaSSL_CTX_set_mode(CYASSL_CTX* ctx, long mode); +CYASSL_API long CyaSSL_CTX_get_mode(CYASSL_CTX* ctx); +CYASSL_API void CyaSSL_CTX_set_default_read_ahead(CYASSL_CTX* ctx, int m); + +CYASSL_API long CyaSSL_CTX_sess_set_cache_size(CYASSL_CTX*, long); + +CYASSL_API int CyaSSL_CTX_set_default_verify_paths(CYASSL_CTX*); +CYASSL_API int CyaSSL_CTX_set_session_id_context(CYASSL_CTX*, + const unsigned char*, unsigned int); +CYASSL_API CYASSL_X509* CyaSSL_get_peer_certificate(CYASSL* ssl); + +CYASSL_API int CyaSSL_want_read(CYASSL*); +CYASSL_API int CyaSSL_want_write(CYASSL*); + +CYASSL_API int CyaSSL_BIO_printf(CYASSL_BIO*, const char*, ...); +CYASSL_API int CyaSSL_ASN1_UTCTIME_print(CYASSL_BIO*, + const CYASSL_ASN1_UTCTIME*); +CYASSL_API int CyaSSL_sk_num(CYASSL_X509_REVOKED*); +CYASSL_API void* CyaSSL_sk_value(CYASSL_X509_REVOKED*, int); + +/* stunnel 4.28 needs */ +CYASSL_API void* CyaSSL_CTX_get_ex_data(const CYASSL_CTX*, int); +CYASSL_API int CyaSSL_CTX_set_ex_data(CYASSL_CTX*, int, void*); +CYASSL_API void CyaSSL_CTX_sess_set_get_cb(CYASSL_CTX*, + CYASSL_SESSION*(*f)(CYASSL*, unsigned char*, int, int*)); +CYASSL_API void CyaSSL_CTX_sess_set_new_cb(CYASSL_CTX*, + int (*f)(CYASSL*, CYASSL_SESSION*)); +CYASSL_API void CyaSSL_CTX_sess_set_remove_cb(CYASSL_CTX*, + void (*f)(CYASSL_CTX*, CYASSL_SESSION*)); + +CYASSL_API int CyaSSL_i2d_SSL_SESSION(CYASSL_SESSION*,unsigned char**); +CYASSL_API CYASSL_SESSION* CyaSSL_d2i_SSL_SESSION(CYASSL_SESSION**, + const unsigned char**, long); + +CYASSL_API long CyaSSL_SESSION_get_timeout(const CYASSL_SESSION*); +CYASSL_API long CyaSSL_SESSION_get_time(const CYASSL_SESSION*); +CYASSL_API int CyaSSL_CTX_get_ex_new_index(long, void*, void*, void*, void*); + +/* extra ends */ + + +/* CyaSSL extensions */ + +/* call before SSL_connect, if verifying will add name check to + date check and signature check */ +CYASSL_API int CyaSSL_check_domain_name(CYASSL* ssl, const char* dn); + +/* need to call once to load library (session cache) */ +CYASSL_API int CyaSSL_Init(void); +/* call when done to cleanup/free session cache mutex / resources */ +CYASSL_API int CyaSSL_Cleanup(void); + +/* turn logging on, only if compiled in */ +CYASSL_API int CyaSSL_Debugging_ON(void); +/* turn logging off */ +CYASSL_API void CyaSSL_Debugging_OFF(void); + +/* do accept or connect depedning on side */ +CYASSL_API int CyaSSL_negotiate(CYASSL* ssl); +/* turn on CyaSSL data compression */ +CYASSL_API int CyaSSL_set_compression(CYASSL* ssl); + +CYASSL_API int CyaSSL_set_timeout(CYASSL*, unsigned int); +CYASSL_API int CyaSSL_CTX_set_timeout(CYASSL_CTX*, unsigned int); + +/* get CyaSSL peer X509_CHAIN */ +CYASSL_API CYASSL_X509_CHAIN* CyaSSL_get_peer_chain(CYASSL* ssl); +/* peer chain count */ +CYASSL_API int CyaSSL_get_chain_count(CYASSL_X509_CHAIN* chain); +/* index cert length */ +CYASSL_API int CyaSSL_get_chain_length(CYASSL_X509_CHAIN*, int idx); +/* index cert */ +CYASSL_API unsigned char* CyaSSL_get_chain_cert(CYASSL_X509_CHAIN*, int idx); +/* index cert in X509 */ +CYASSL_API CYASSL_X509* CyaSSL_get_chain_X509(CYASSL_X509_CHAIN*, int idx); +/* free X509 */ +CYASSL_API void CyaSSL_FreeX509(CYASSL_X509*); +/* get index cert in PEM */ +CYASSL_API int CyaSSL_get_chain_cert_pem(CYASSL_X509_CHAIN*, int idx, + unsigned char* buffer, int inLen, int* outLen); +CYASSL_API const unsigned char* CyaSSL_get_sessionID(const CYASSL_SESSION* s); +CYASSL_API int CyaSSL_X509_get_serial_number(CYASSL_X509*,unsigned char*,int*); +CYASSL_API char* CyaSSL_X509_get_subjectCN(CYASSL_X509*); +CYASSL_API const unsigned char* CyaSSL_X509_get_der(CYASSL_X509*, int*); +CYASSL_API const unsigned char* CyaSSL_X509_notBefore(CYASSL_X509*); +CYASSL_API const unsigned char* CyaSSL_X509_notAfter(CYASSL_X509*); +CYASSL_API int CyaSSL_X509_version(CYASSL_X509*); +CYASSL_API + +CYASSL_API int CyaSSL_cmp_peer_cert_to_file(CYASSL*, const char*); + +CYASSL_API char* CyaSSL_X509_get_next_altname(CYASSL_X509*); + +CYASSL_API CYASSL_X509* + CyaSSL_X509_d2i(CYASSL_X509** x509, const unsigned char* in, int len); +#ifndef NO_FILESYSTEM + #ifndef NO_STDIO_FILESYSTEM + CYASSL_API CYASSL_X509* + CyaSSL_X509_d2i_fp(CYASSL_X509** x509, FILE* file); + #endif +CYASSL_API CYASSL_X509* + CyaSSL_X509_load_certificate_file(const char* fname, int format); +#endif + +#ifdef CYASSL_SEP + CYASSL_API unsigned char* + CyaSSL_X509_get_device_type(CYASSL_X509*, unsigned char*, int*); + CYASSL_API unsigned char* + CyaSSL_X509_get_hw_type(CYASSL_X509*, unsigned char*, int*); + CYASSL_API unsigned char* + CyaSSL_X509_get_hw_serial_number(CYASSL_X509*, unsigned char*, int*); +#endif + +/* connect enough to get peer cert */ +CYASSL_API int CyaSSL_connect_cert(CYASSL* ssl); + +/* XXX This should be #ifndef NO_DH */ +#ifndef NO_CERTS +/* server Diffie-Hellman parameters */ +CYASSL_API int CyaSSL_SetTmpDH(CYASSL*, const unsigned char* p, int pSz, + const unsigned char* g, int gSz); +CYASSL_API int CyaSSL_SetTmpDH_buffer(CYASSL*, const unsigned char* b, long sz, + int format); +CYASSL_API int CyaSSL_SetTmpEC_DHE_Sz(CYASSL*, unsigned short); +#ifndef NO_FILESYSTEM + CYASSL_API int CyaSSL_SetTmpDH_file(CYASSL*, const char* f, int format); +#endif + +/* server ctx Diffie-Hellman parameters */ +CYASSL_API int CyaSSL_CTX_SetTmpDH(CYASSL_CTX*, const unsigned char* p, + int pSz, const unsigned char* g, int gSz); +CYASSL_API int CyaSSL_CTX_SetTmpDH_buffer(CYASSL_CTX*, const unsigned char* b, + long sz, int format); +CYASSL_API int CyaSSL_CTX_SetTmpEC_DHE_Sz(CYASSL_CTX*, unsigned short); + +#ifndef NO_FILESYSTEM + CYASSL_API int CyaSSL_CTX_SetTmpDH_file(CYASSL_CTX*, const char* f, + int format); +#endif +#endif + +/* keyblock size in bytes or -1 */ +/* need to call CyaSSL_KeepArrays before handshake to save keys */ +CYASSL_API int CyaSSL_get_keyblock_size(CYASSL*); +CYASSL_API int CyaSSL_get_keys(CYASSL*,unsigned char** ms, unsigned int* msLen, + unsigned char** sr, unsigned int* srLen, + unsigned char** cr, unsigned int* crLen); + +/* Computes EAP-TLS and EAP-TTLS keying material from the master_secret. */ +CYASSL_API int CyaSSL_make_eap_keys(CYASSL*, void* key, unsigned int len, + const char* label); + + +#ifndef _WIN32 + #ifndef NO_WRITEV + #ifdef __PPU + #include + #include + #elif !defined(CYASSL_MDK_ARM) && !defined(CYASSL_IAR_ARM) + #include + #endif + /* allow writev style writing */ + CYASSL_API int CyaSSL_writev(CYASSL* ssl, const struct iovec* iov, + int iovcnt); + #endif +#endif + + +#ifndef NO_CERTS + /* SSL_CTX versions */ + CYASSL_API int CyaSSL_CTX_UnloadCAs(CYASSL_CTX*); + CYASSL_API int CyaSSL_CTX_load_verify_buffer(CYASSL_CTX*, + const unsigned char*, long, int); + CYASSL_API int CyaSSL_CTX_use_certificate_buffer(CYASSL_CTX*, + const unsigned char*, long, int); + CYASSL_API int CyaSSL_CTX_use_PrivateKey_buffer(CYASSL_CTX*, + const unsigned char*, long, int); + CYASSL_API int CyaSSL_CTX_use_certificate_chain_buffer(CYASSL_CTX*, + const unsigned char*, long); + + /* SSL versions */ + CYASSL_API int CyaSSL_use_certificate_buffer(CYASSL*, const unsigned char*, + long, int); + CYASSL_API int CyaSSL_use_PrivateKey_buffer(CYASSL*, const unsigned char*, + long, int); + CYASSL_API int CyaSSL_use_certificate_chain_buffer(CYASSL*, + const unsigned char*, long); + CYASSL_API int CyaSSL_UnloadCertsKeys(CYASSL*); +#endif + +CYASSL_API int CyaSSL_CTX_set_group_messages(CYASSL_CTX*); +CYASSL_API int CyaSSL_set_group_messages(CYASSL*); + +/* I/O callbacks */ +typedef int (*CallbackIORecv)(CYASSL *ssl, char *buf, int sz, void *ctx); +typedef int (*CallbackIOSend)(CYASSL *ssl, char *buf, int sz, void *ctx); + +#ifdef HAVE_FUZZER +enum fuzzer_type { + FUZZ_HMAC = 0, + FUZZ_ENCRYPT = 1, + FUZZ_SIGNATURE = 2, + FUZZ_HASH = 3, + FUZZ_HEAD = 4 +}; + +typedef int (*CallbackFuzzer)(CYASSL* ssl, const unsigned char* buf, int sz, + int type, void* fuzzCtx); + +CYASSL_API void CyaSSL_SetFuzzerCb(CYASSL* ssl, CallbackFuzzer cbf, void* fCtx); +#endif + +CYASSL_API void CyaSSL_SetIORecv(CYASSL_CTX*, CallbackIORecv); +CYASSL_API void CyaSSL_SetIOSend(CYASSL_CTX*, CallbackIOSend); + +CYASSL_API void CyaSSL_SetIOReadCtx( CYASSL* ssl, void *ctx); +CYASSL_API void CyaSSL_SetIOWriteCtx(CYASSL* ssl, void *ctx); + +CYASSL_API void* CyaSSL_GetIOReadCtx( CYASSL* ssl); +CYASSL_API void* CyaSSL_GetIOWriteCtx(CYASSL* ssl); + +CYASSL_API void CyaSSL_SetIOReadFlags( CYASSL* ssl, int flags); +CYASSL_API void CyaSSL_SetIOWriteFlags(CYASSL* ssl, int flags); + + +#ifndef CYASSL_USER_IO + /* default IO callbacks */ + CYASSL_API int EmbedReceive(CYASSL* ssl, char* buf, int sz, void* ctx); + CYASSL_API int EmbedSend(CYASSL* ssl, char* buf, int sz, void* ctx); + + #ifdef HAVE_OCSP + CYASSL_API int EmbedOcspLookup(void*, const char*, int, unsigned char*, + int, unsigned char**); + CYASSL_API void EmbedOcspRespFree(void*, unsigned char*); + #endif + + #ifdef CYASSL_DTLS + CYASSL_API int EmbedReceiveFrom(CYASSL* ssl, char* buf, int sz, void*); + CYASSL_API int EmbedSendTo(CYASSL* ssl, char* buf, int sz, void* ctx); + CYASSL_API int EmbedGenerateCookie(CYASSL* ssl, unsigned char* buf, + int sz, void*); + #endif /* CYASSL_DTLS */ +#endif /* CYASSL_USER_IO */ + + +#ifdef HAVE_NETX + CYASSL_API void CyaSSL_SetIO_NetX(CYASSL* ssl, NX_TCP_SOCKET* nxsocket, + ULONG waitoption); +#endif + +typedef int (*CallbackGenCookie)(CYASSL* ssl, unsigned char* buf, int sz, + void* ctx); +CYASSL_API void CyaSSL_CTX_SetGenCookie(CYASSL_CTX*, CallbackGenCookie); +CYASSL_API void CyaSSL_SetCookieCtx(CYASSL* ssl, void *ctx); +CYASSL_API void* CyaSSL_GetCookieCtx(CYASSL* ssl); + + +/* I/O Callback default errors */ +enum IOerrors { + CYASSL_CBIO_ERR_GENERAL = -1, /* general unexpected err */ + CYASSL_CBIO_ERR_WANT_READ = -2, /* need to call read again */ + CYASSL_CBIO_ERR_WANT_WRITE = -2, /* need to call write again */ + CYASSL_CBIO_ERR_CONN_RST = -3, /* connection reset */ + CYASSL_CBIO_ERR_ISR = -4, /* interrupt */ + CYASSL_CBIO_ERR_CONN_CLOSE = -5, /* connection closed or epipe */ + CYASSL_CBIO_ERR_TIMEOUT = -6 /* socket timeout */ +}; + + +/* CA cache callbacks */ +enum { + CYASSL_SSLV3 = 0, + CYASSL_TLSV1 = 1, + CYASSL_TLSV1_1 = 2, + CYASSL_TLSV1_2 = 3, + CYASSL_USER_CA = 1, /* user added as trusted */ + CYASSL_CHAIN_CA = 2 /* added to cache from trusted chain */ +}; + +CYASSL_API int CyaSSL_SetMinVersion(CYASSL* ssl, int version); +CYASSL_API int CyaSSL_GetObjectSize(void); /* object size based on build */ +CYASSL_API int CyaSSL_SetVersion(CYASSL* ssl, int version); +CYASSL_API int CyaSSL_KeyPemToDer(const unsigned char*, int sz, unsigned char*, + int, const char*); +CYASSL_API int CyaSSL_CertPemToDer(const unsigned char*, int sz, unsigned char*, + int, int); + +typedef void (*CallbackCACache)(unsigned char* der, int sz, int type); +typedef void (*CbMissingCRL)(const char* url); +typedef int (*CbOCSPIO)(void*, const char*, int, + unsigned char*, int, unsigned char**); +typedef void (*CbOCSPRespFree)(void*,unsigned char*); + +/* User Atomic Record Layer CallBacks */ +typedef int (*CallbackMacEncrypt)(CYASSL* ssl, unsigned char* macOut, + const unsigned char* macIn, unsigned int macInSz, int macContent, + int macVerify, unsigned char* encOut, const unsigned char* encIn, + unsigned int encSz, void* ctx); +CYASSL_API void CyaSSL_CTX_SetMacEncryptCb(CYASSL_CTX*, CallbackMacEncrypt); +CYASSL_API void CyaSSL_SetMacEncryptCtx(CYASSL* ssl, void *ctx); +CYASSL_API void* CyaSSL_GetMacEncryptCtx(CYASSL* ssl); + +typedef int (*CallbackDecryptVerify)(CYASSL* ssl, + unsigned char* decOut, const unsigned char* decIn, + unsigned int decSz, int content, int verify, unsigned int* padSz, + void* ctx); +CYASSL_API void CyaSSL_CTX_SetDecryptVerifyCb(CYASSL_CTX*, + CallbackDecryptVerify); +CYASSL_API void CyaSSL_SetDecryptVerifyCtx(CYASSL* ssl, void *ctx); +CYASSL_API void* CyaSSL_GetDecryptVerifyCtx(CYASSL* ssl); + +CYASSL_API const unsigned char* CyaSSL_GetMacSecret(CYASSL*, int); +CYASSL_API const unsigned char* CyaSSL_GetClientWriteKey(CYASSL*); +CYASSL_API const unsigned char* CyaSSL_GetClientWriteIV(CYASSL*); +CYASSL_API const unsigned char* CyaSSL_GetServerWriteKey(CYASSL*); +CYASSL_API const unsigned char* CyaSSL_GetServerWriteIV(CYASSL*); +CYASSL_API int CyaSSL_GetKeySize(CYASSL*); +CYASSL_API int CyaSSL_GetIVSize(CYASSL*); +CYASSL_API int CyaSSL_GetSide(CYASSL*); +CYASSL_API int CyaSSL_IsTLSv1_1(CYASSL*); +CYASSL_API int CyaSSL_GetBulkCipher(CYASSL*); +CYASSL_API int CyaSSL_GetCipherBlockSize(CYASSL*); +CYASSL_API int CyaSSL_GetAeadMacSize(CYASSL*); +CYASSL_API int CyaSSL_GetHmacSize(CYASSL*); +CYASSL_API int CyaSSL_GetHmacType(CYASSL*); +CYASSL_API int CyaSSL_GetCipherType(CYASSL*); +CYASSL_API int CyaSSL_SetTlsHmacInner(CYASSL*, unsigned char*, + unsigned int, int, int); + +/* Atomic User Needs */ +enum { + CYASSL_SERVER_END = 0, + CYASSL_CLIENT_END = 1, + CYASSL_BLOCK_TYPE = 2, + CYASSL_STREAM_TYPE = 3, + CYASSL_AEAD_TYPE = 4, + CYASSL_TLS_HMAC_INNER_SZ = 13 /* SEQ_SZ + ENUM + VERSION_SZ + LEN_SZ */ +}; + +/* for GetBulkCipher and internal use */ +enum BulkCipherAlgorithm { + cyassl_cipher_null, + cyassl_rc4, + cyassl_rc2, + cyassl_des, + cyassl_triple_des, /* leading 3 (3des) not valid identifier */ + cyassl_des40, + cyassl_idea, + cyassl_aes, + cyassl_aes_gcm, + cyassl_aes_ccm, + cyassl_chacha, + cyassl_camellia, + cyassl_hc128, /* CyaSSL extensions */ + cyassl_rabbit +}; + + +/* for KDF TLS 1.2 mac types */ +enum KDF_MacAlgorithm { + cyassl_sha256 = 4, /* needs to match internal MACAlgorithm */ + cyassl_sha384, + cyassl_sha512 +}; + + +/* Public Key Callback support */ +typedef int (*CallbackEccSign)(CYASSL* ssl, + const unsigned char* in, unsigned int inSz, + unsigned char* out, unsigned int* outSz, + const unsigned char* keyDer, unsigned int keySz, + void* ctx); +CYASSL_API void CyaSSL_CTX_SetEccSignCb(CYASSL_CTX*, CallbackEccSign); +CYASSL_API void CyaSSL_SetEccSignCtx(CYASSL* ssl, void *ctx); +CYASSL_API void* CyaSSL_GetEccSignCtx(CYASSL* ssl); + +typedef int (*CallbackEccVerify)(CYASSL* ssl, + const unsigned char* sig, unsigned int sigSz, + const unsigned char* hash, unsigned int hashSz, + const unsigned char* keyDer, unsigned int keySz, + int* result, void* ctx); +CYASSL_API void CyaSSL_CTX_SetEccVerifyCb(CYASSL_CTX*, CallbackEccVerify); +CYASSL_API void CyaSSL_SetEccVerifyCtx(CYASSL* ssl, void *ctx); +CYASSL_API void* CyaSSL_GetEccVerifyCtx(CYASSL* ssl); + +typedef int (*CallbackRsaSign)(CYASSL* ssl, + const unsigned char* in, unsigned int inSz, + unsigned char* out, unsigned int* outSz, + const unsigned char* keyDer, unsigned int keySz, + void* ctx); +CYASSL_API void CyaSSL_CTX_SetRsaSignCb(CYASSL_CTX*, CallbackRsaSign); +CYASSL_API void CyaSSL_SetRsaSignCtx(CYASSL* ssl, void *ctx); +CYASSL_API void* CyaSSL_GetRsaSignCtx(CYASSL* ssl); + +typedef int (*CallbackRsaVerify)(CYASSL* ssl, + unsigned char* sig, unsigned int sigSz, + unsigned char** out, + const unsigned char* keyDer, unsigned int keySz, + void* ctx); +CYASSL_API void CyaSSL_CTX_SetRsaVerifyCb(CYASSL_CTX*, CallbackRsaVerify); +CYASSL_API void CyaSSL_SetRsaVerifyCtx(CYASSL* ssl, void *ctx); +CYASSL_API void* CyaSSL_GetRsaVerifyCtx(CYASSL* ssl); + +/* RSA Public Encrypt cb */ +typedef int (*CallbackRsaEnc)(CYASSL* ssl, + const unsigned char* in, unsigned int inSz, + unsigned char* out, unsigned int* outSz, + const unsigned char* keyDer, unsigned int keySz, + void* ctx); +CYASSL_API void CyaSSL_CTX_SetRsaEncCb(CYASSL_CTX*, CallbackRsaEnc); +CYASSL_API void CyaSSL_SetRsaEncCtx(CYASSL* ssl, void *ctx); +CYASSL_API void* CyaSSL_GetRsaEncCtx(CYASSL* ssl); + +/* RSA Private Decrypt cb */ +typedef int (*CallbackRsaDec)(CYASSL* ssl, + unsigned char* in, unsigned int inSz, + unsigned char** out, + const unsigned char* keyDer, unsigned int keySz, + void* ctx); +CYASSL_API void CyaSSL_CTX_SetRsaDecCb(CYASSL_CTX*, CallbackRsaDec); +CYASSL_API void CyaSSL_SetRsaDecCtx(CYASSL* ssl, void *ctx); +CYASSL_API void* CyaSSL_GetRsaDecCtx(CYASSL* ssl); + + +#ifndef NO_CERTS + CYASSL_API void CyaSSL_CTX_SetCACb(CYASSL_CTX*, CallbackCACache); + + CYASSL_API CYASSL_CERT_MANAGER* CyaSSL_CertManagerNew(void); + CYASSL_API void CyaSSL_CertManagerFree(CYASSL_CERT_MANAGER*); + + CYASSL_API int CyaSSL_CertManagerLoadCA(CYASSL_CERT_MANAGER*, const char* f, + const char* d); + CYASSL_API int CyaSSL_CertManagerUnloadCAs(CYASSL_CERT_MANAGER* cm); + CYASSL_API int CyaSSL_CertManagerVerify(CYASSL_CERT_MANAGER*, const char* f, + int format); + CYASSL_API int CyaSSL_CertManagerVerifyBuffer(CYASSL_CERT_MANAGER* cm, + const unsigned char* buff, long sz, int format); + CYASSL_API int CyaSSL_CertManagerCheckCRL(CYASSL_CERT_MANAGER*, + unsigned char*, int sz); + CYASSL_API int CyaSSL_CertManagerEnableCRL(CYASSL_CERT_MANAGER*, + int options); + CYASSL_API int CyaSSL_CertManagerDisableCRL(CYASSL_CERT_MANAGER*); + CYASSL_API int CyaSSL_CertManagerLoadCRL(CYASSL_CERT_MANAGER*, const char*, + int, int); + CYASSL_API int CyaSSL_CertManagerSetCRL_Cb(CYASSL_CERT_MANAGER*, + CbMissingCRL); + CYASSL_API int CyaSSL_CertManagerCheckOCSP(CYASSL_CERT_MANAGER*, + unsigned char*, int sz); + CYASSL_API int CyaSSL_CertManagerEnableOCSP(CYASSL_CERT_MANAGER*, + int options); + CYASSL_API int CyaSSL_CertManagerDisableOCSP(CYASSL_CERT_MANAGER*); + CYASSL_API int CyaSSL_CertManagerSetOCSPOverrideURL(CYASSL_CERT_MANAGER*, + const char*); + CYASSL_API int CyaSSL_CertManagerSetOCSP_Cb(CYASSL_CERT_MANAGER*, + CbOCSPIO, CbOCSPRespFree, void*); + + CYASSL_API int CyaSSL_EnableCRL(CYASSL* ssl, int options); + CYASSL_API int CyaSSL_DisableCRL(CYASSL* ssl); + CYASSL_API int CyaSSL_LoadCRL(CYASSL*, const char*, int, int); + CYASSL_API int CyaSSL_SetCRL_Cb(CYASSL*, CbMissingCRL); + CYASSL_API int CyaSSL_EnableOCSP(CYASSL*, int options); + CYASSL_API int CyaSSL_DisableOCSP(CYASSL*); + CYASSL_API int CyaSSL_SetOCSP_OverrideURL(CYASSL*, const char*); + CYASSL_API int CyaSSL_SetOCSP_Cb(CYASSL*, CbOCSPIO, CbOCSPRespFree, void*); + + CYASSL_API int CyaSSL_CTX_EnableCRL(CYASSL_CTX* ctx, int options); + CYASSL_API int CyaSSL_CTX_DisableCRL(CYASSL_CTX* ctx); + CYASSL_API int CyaSSL_CTX_LoadCRL(CYASSL_CTX*, const char*, int, int); + CYASSL_API int CyaSSL_CTX_SetCRL_Cb(CYASSL_CTX*, CbMissingCRL); + CYASSL_API int CyaSSL_CTX_EnableOCSP(CYASSL_CTX*, int options); + CYASSL_API int CyaSSL_CTX_DisableOCSP(CYASSL_CTX*); + CYASSL_API int CyaSSL_CTX_SetOCSP_OverrideURL(CYASSL_CTX*, const char*); + CYASSL_API int CyaSSL_CTX_SetOCSP_Cb(CYASSL_CTX*, + CbOCSPIO, CbOCSPRespFree, void*); +#endif /* !NO_CERTS */ + +/* end of handshake frees temporary arrays, if user needs for get_keys or + psk hints, call KeepArrays before handshake and then FreeArrays when done + if don't want to wait for object free */ +CYASSL_API void CyaSSL_KeepArrays(CYASSL*); +CYASSL_API void CyaSSL_FreeArrays(CYASSL*); + + +/* cavium additions */ +CYASSL_API int CyaSSL_UseCavium(CYASSL*, int devId); +CYASSL_API int CyaSSL_CTX_UseCavium(CYASSL_CTX*, int devId); + +/* TLS Extensions */ + +/* Server Name Indication */ +#ifdef HAVE_SNI + +/* SNI types */ +enum { + CYASSL_SNI_HOST_NAME = 0 +}; + +CYASSL_API int CyaSSL_UseSNI(CYASSL* ssl, unsigned char type, const void* data, + unsigned short size); +CYASSL_API int CyaSSL_CTX_UseSNI(CYASSL_CTX* ctx, unsigned char type, + const void* data, unsigned short size); + +#ifndef NO_CYASSL_SERVER + +/* SNI options */ +enum { + CYASSL_SNI_CONTINUE_ON_MISMATCH = 0x01, /* do not abort on mismatch flag */ + CYASSL_SNI_ANSWER_ON_MISMATCH = 0x02 /* fake match on mismatch flag */ +}; + +CYASSL_API void CyaSSL_SNI_SetOptions(CYASSL* ssl, unsigned char type, + unsigned char options); +CYASSL_API void CyaSSL_CTX_SNI_SetOptions(CYASSL_CTX* ctx, unsigned char type, + unsigned char options); + +/* SNI status */ +enum { + CYASSL_SNI_NO_MATCH = 0, + CYASSL_SNI_FAKE_MATCH = 1, /* if CYASSL_SNI_ANSWER_ON_MISMATCH is enabled */ + CYASSL_SNI_REAL_MATCH = 2 +}; + +CYASSL_API unsigned char CyaSSL_SNI_Status(CYASSL* ssl, unsigned char type); + +CYASSL_API unsigned short CyaSSL_SNI_GetRequest(CYASSL *ssl, unsigned char type, + void** data); +CYASSL_API int CyaSSL_SNI_GetFromBuffer( + const unsigned char* clientHello, unsigned int helloSz, + unsigned char type, unsigned char* sni, unsigned int* inOutSz); + +#endif +#endif + +/* Maximum Fragment Length */ +#ifdef HAVE_MAX_FRAGMENT + +/* Fragment lengths */ +enum { + CYASSL_MFL_2_9 = 1, /* 512 bytes */ + CYASSL_MFL_2_10 = 2, /* 1024 bytes */ + CYASSL_MFL_2_11 = 3, /* 2048 bytes */ + CYASSL_MFL_2_12 = 4, /* 4096 bytes */ + CYASSL_MFL_2_13 = 5 /* 8192 bytes *//* CyaSSL ONLY!!! */ +}; + +#ifndef NO_CYASSL_CLIENT + +CYASSL_API int CyaSSL_UseMaxFragment(CYASSL* ssl, unsigned char mfl); +CYASSL_API int CyaSSL_CTX_UseMaxFragment(CYASSL_CTX* ctx, unsigned char mfl); + +#endif +#endif + +/* Truncated HMAC */ +#ifdef HAVE_TRUNCATED_HMAC +#ifndef NO_CYASSL_CLIENT + +CYASSL_API int CyaSSL_UseTruncatedHMAC(CYASSL* ssl); +CYASSL_API int CyaSSL_CTX_UseTruncatedHMAC(CYASSL_CTX* ctx); + +#endif +#endif + +/* Elliptic Curves */ +#ifdef HAVE_SUPPORTED_CURVES + +enum { + CYASSL_ECC_SECP160R1 = 0x10, + CYASSL_ECC_SECP192R1 = 0x13, + CYASSL_ECC_SECP224R1 = 0x15, + CYASSL_ECC_SECP256R1 = 0x17, + CYASSL_ECC_SECP384R1 = 0x18, + CYASSL_ECC_SECP521R1 = 0x19 +}; + +#ifndef NO_CYASSL_CLIENT + +CYASSL_API int CyaSSL_UseSupportedCurve(CYASSL* ssl, unsigned short name); +CYASSL_API int CyaSSL_CTX_UseSupportedCurve(CYASSL_CTX* ctx, + unsigned short name); + +#endif +#endif + +/* Secure Renegotiation */ +#ifdef HAVE_SECURE_RENEGOTIATION + +CYASSL_API int CyaSSL_UseSecureRenegotiation(CYASSL* ssl); +CYASSL_API int CyaSSL_Rehandshake(CYASSL* ssl); + +#endif + +/* Session Ticket */ +#ifdef HAVE_SESSION_TICKET +#ifndef NO_CYASSL_CLIENT + +CYASSL_API int CyaSSL_UseSessionTicket(CYASSL* ssl); +CYASSL_API int CyaSSL_CTX_UseSessionTicket(CYASSL_CTX* ctx); +CYASSL_API int CyaSSL_get_SessionTicket(CYASSL*, unsigned char*, unsigned int*); +CYASSL_API int CyaSSL_set_SessionTicket(CYASSL*, unsigned char*, unsigned int); +typedef int (*CallbackSessionTicket)(CYASSL*, const unsigned char*, int, void*); +CYASSL_API int CyaSSL_set_SessionTicket_cb(CYASSL*, + CallbackSessionTicket, void*); + +#endif +#endif + +#define CYASSL_CRL_MONITOR 0x01 /* monitor this dir flag */ +#define CYASSL_CRL_START_MON 0x02 /* start monitoring flag */ + + +/* External facing KDF */ +CYASSL_API +int CyaSSL_MakeTlsMasterSecret(unsigned char* ms, unsigned int msLen, + const unsigned char* pms, unsigned int pmsLen, + const unsigned char* cr, const unsigned char* sr, + int tls1_2, int hash_type); + +CYASSL_API +int CyaSSL_DeriveTlsKeys(unsigned char* key_data, unsigned int keyLen, + const unsigned char* ms, unsigned int msLen, + const unsigned char* sr, const unsigned char* cr, + int tls1_2, int hash_type); + +#ifdef CYASSL_CALLBACKS + +/* used internally by CyaSSL while OpenSSL types aren't */ +#include + +typedef int (*HandShakeCallBack)(HandShakeInfo*); +typedef int (*TimeoutCallBack)(TimeoutInfo*); + +/* CyaSSL connect extension allowing HandShakeCallBack and/or TimeoutCallBack + for diagnostics */ +CYASSL_API int CyaSSL_connect_ex(CYASSL*, HandShakeCallBack, TimeoutCallBack, + Timeval); +CYASSL_API int CyaSSL_accept_ex(CYASSL*, HandShakeCallBack, TimeoutCallBack, + Timeval); + +#endif /* CYASSL_CALLBACKS */ + + +#ifdef CYASSL_HAVE_WOLFSCEP + CYASSL_API void CyaSSL_wolfSCEP(void); +#endif /* CYASSL_HAVE_WOLFSCEP */ + +#ifdef CYASSL_HAVE_CERT_SERVICE + CYASSL_API void CyaSSL_cert_service(void); +#endif + + +#ifdef __cplusplus + } /* extern "C" */ +#endif + + +#endif /* CYASSL_SSL_H */ +