mirror of
https://github.com/FreeRTOS/FreeRTOS-Kernel.git
synced 2025-08-19 17:48:33 -04:00
Update CyaSSL to latest version.
This commit is contained in:
Richard Barry
parent
5fcd270398
commit
3d007d0b4b
445 changed files with 162375 additions and 26182 deletions
|
|
@ -1,6 +1,6 @@
|
|||
/* ssl.h
|
||||
*
|
||||
* Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
|
||||
* Copyright (C) 2006-2014 wolfSSL Inc.
|
||||
*
|
||||
* This file is part of CyaSSL.
|
||||
*
|
||||
|
|
@ -16,7 +16,7 @@
|
|||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
|
||||
*/
|
||||
|
||||
|
||||
|
|
@ -32,7 +32,11 @@
|
|||
|
||||
|
||||
#ifndef NO_FILESYSTEM
|
||||
#include <stdio.h> /* ERR_printf */
|
||||
#ifdef FREESCALE_MQX
|
||||
#include <fio.h>
|
||||
#else
|
||||
#include <stdio.h> /* ERR_printf */
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#ifdef YASSL_PREFIX
|
||||
|
|
@ -55,7 +59,6 @@
|
|||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
typedef struct CYASSL CYASSL;
|
||||
typedef struct CYASSL_SESSION CYASSL_SESSION;
|
||||
typedef struct CYASSL_METHOD CYASSL_METHOD;
|
||||
|
|
@ -66,6 +69,7 @@ typedef struct CYASSL_X509_NAME CYASSL_X509_NAME;
|
|||
typedef struct CYASSL_X509_CHAIN CYASSL_X509_CHAIN;
|
||||
|
||||
typedef struct CYASSL_CERT_MANAGER CYASSL_CERT_MANAGER;
|
||||
typedef struct CYASSL_SOCKADDR CYASSL_SOCKADDR;
|
||||
|
||||
/* redeclare guard */
|
||||
#define CYASSL_TYPES_DEFINED
|
||||
|
|
@ -91,6 +95,13 @@ typedef struct CYASSL_dynlock_value CYASSL_dynlock_value;
|
|||
typedef struct CYASSL_EVP_PKEY {
|
||||
int type; /* openssh dereference */
|
||||
int save_type; /* openssh dereference */
|
||||
int pkey_sz;
|
||||
union {
|
||||
char* ptr;
|
||||
} pkey;
|
||||
#ifdef HAVE_ECC
|
||||
int pkey_curve;
|
||||
#endif
|
||||
} CYASSL_EVP_PKEY;
|
||||
|
||||
typedef struct CYASSL_MD4_CTX {
|
||||
|
|
@ -104,9 +115,19 @@ typedef struct CYASSL_COMP_METHOD {
|
|||
|
||||
|
||||
typedef struct CYASSL_X509_STORE {
|
||||
int cache; /* stunnel dereference */
|
||||
int cache; /* stunnel dereference */
|
||||
CYASSL_CERT_MANAGER* cm;
|
||||
} CYASSL_X509_STORE;
|
||||
|
||||
typedef struct CYASSL_ALERT {
|
||||
int code;
|
||||
int level;
|
||||
} CYASSL_ALERT;
|
||||
|
||||
typedef struct CYASSL_ALERT_HISTORY {
|
||||
CYASSL_ALERT last_rx;
|
||||
CYASSL_ALERT last_tx;
|
||||
} CYASSL_ALERT_HISTORY;
|
||||
|
||||
typedef struct CYASSL_X509_REVOKED {
|
||||
CYASSL_ASN1_INTEGER* serialNumber; /* stunnel dereference */
|
||||
|
|
@ -121,17 +142,45 @@ typedef struct CYASSL_X509_OBJECT {
|
|||
} CYASSL_X509_OBJECT;
|
||||
|
||||
|
||||
/* in internal.h too, change there !! */
|
||||
typedef struct CYASSL_X509_STORE_CTX {
|
||||
int error;
|
||||
int error_depth;
|
||||
CYASSL_X509_STORE* store; /* Store full of a CA cert chain */
|
||||
CYASSL_X509* current_cert; /* stunnel dereference */
|
||||
char* domain; /* subject CN domain name */
|
||||
void* ex_data; /* external data, for fortress build */
|
||||
/* in internal.h too, change there !! */
|
||||
void* userCtx; /* user ctx */
|
||||
int error; /* current error */
|
||||
int error_depth; /* cert depth for this error */
|
||||
int discardSessionCerts; /* so verify callback can flag for discard */
|
||||
} CYASSL_X509_STORE_CTX;
|
||||
|
||||
|
||||
/* Valid Alert types from page 16/17 */
|
||||
enum AlertDescription {
|
||||
close_notify = 0,
|
||||
unexpected_message = 10,
|
||||
bad_record_mac = 20,
|
||||
decompression_failure = 30,
|
||||
handshake_failure = 40,
|
||||
no_certificate = 41,
|
||||
bad_certificate = 42,
|
||||
unsupported_certificate = 43,
|
||||
certificate_revoked = 44,
|
||||
certificate_expired = 45,
|
||||
certificate_unknown = 46,
|
||||
illegal_parameter = 47,
|
||||
decrypt_error = 51,
|
||||
protocol_version = 70,
|
||||
no_renegotiation = 100,
|
||||
unrecognized_name = 112
|
||||
};
|
||||
|
||||
|
||||
enum AlertLevel {
|
||||
alert_warning = 1,
|
||||
alert_fatal = 2
|
||||
};
|
||||
|
||||
|
||||
CYASSL_API CYASSL_METHOD *CyaSSLv3_server_method(void);
|
||||
CYASSL_API CYASSL_METHOD *CyaSSLv3_client_method(void);
|
||||
CYASSL_API CYASSL_METHOD *CyaTLSv1_server_method(void);
|
||||
|
|
@ -144,9 +193,11 @@ CYASSL_API CYASSL_METHOD *CyaTLSv1_2_client_method(void);
|
|||
#ifdef CYASSL_DTLS
|
||||
CYASSL_API CYASSL_METHOD *CyaDTLSv1_client_method(void);
|
||||
CYASSL_API CYASSL_METHOD *CyaDTLSv1_server_method(void);
|
||||
CYASSL_API CYASSL_METHOD *CyaDTLSv1_2_client_method(void);
|
||||
CYASSL_API CYASSL_METHOD *CyaDTLSv1_2_server_method(void);
|
||||
#endif
|
||||
|
||||
#ifndef NO_FILESYSTEM
|
||||
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
|
||||
|
||||
CYASSL_API int CyaSSL_CTX_use_certificate_file(CYASSL_CTX*, const char*, int);
|
||||
CYASSL_API int CyaSSL_CTX_use_PrivateKey_file(CYASSL_CTX*, const char*, int);
|
||||
|
|
@ -173,30 +224,47 @@ CYASSL_API int CyaSSL_use_RSAPrivateKey_file(CYASSL*, const char*, int);
|
|||
|
||||
CYASSL_API int CyaSSL_PemCertToDer(const char*, unsigned char*, int);
|
||||
|
||||
#endif /* NO_FILESYSTEM */
|
||||
#endif /* !NO_FILESYSTEM && !NO_CERTS */
|
||||
|
||||
CYASSL_API CYASSL_CTX* CyaSSL_CTX_new(CYASSL_METHOD*);
|
||||
CYASSL_API CYASSL* CyaSSL_new(CYASSL_CTX*);
|
||||
CYASSL_API int CyaSSL_set_fd (CYASSL*, int);
|
||||
CYASSL_API int CyaSSL_get_fd(const CYASSL*);
|
||||
CYASSL_API void CyaSSL_set_using_nonblock(CYASSL*, int);
|
||||
CYASSL_API int CyaSSL_get_using_nonblock(CYASSL*);
|
||||
CYASSL_API int CyaSSL_connect(CYASSL*); /* please see note at top of README
|
||||
if you get an error from connect */
|
||||
CYASSL_API int CyaSSL_write(CYASSL*, const void*, int);
|
||||
CYASSL_API int CyaSSL_read(CYASSL*, void*, int);
|
||||
CYASSL_API int CyaSSL_peek(CYASSL*, void*, int);
|
||||
CYASSL_API int CyaSSL_accept(CYASSL*);
|
||||
CYASSL_API void CyaSSL_CTX_free(CYASSL_CTX*);
|
||||
CYASSL_API void CyaSSL_free(CYASSL*);
|
||||
CYASSL_API int CyaSSL_shutdown(CYASSL*);
|
||||
CYASSL_API int CyaSSL_send(CYASSL*, const void*, int sz, int flags);
|
||||
CYASSL_API int CyaSSL_recv(CYASSL*, void*, int sz, int flags);
|
||||
|
||||
CYASSL_API void CyaSSL_CTX_set_quiet_shutdown(CYASSL_CTX*, int);
|
||||
CYASSL_API void CyaSSL_set_quiet_shutdown(CYASSL*, int);
|
||||
|
||||
CYASSL_API int CyaSSL_get_error(CYASSL*, int);
|
||||
CYASSL_API int CyaSSL_get_alert_history(CYASSL*, CYASSL_ALERT_HISTORY *);
|
||||
|
||||
CYASSL_API int CyaSSL_set_session(CYASSL* ssl,CYASSL_SESSION* session);
|
||||
CYASSL_API int CyaSSL_set_session(CYASSL* ssl,CYASSL_SESSION* session);
|
||||
CYASSL_API CYASSL_SESSION* CyaSSL_get_session(CYASSL* ssl);
|
||||
CYASSL_API void CyaSSL_flush_sessions(CYASSL_CTX *ctx, long tm);
|
||||
CYASSL_API void CyaSSL_flush_sessions(CYASSL_CTX *ctx, long tm);
|
||||
CYASSL_API int CyaSSL_SetServerID(CYASSL* ssl, const unsigned char*,
|
||||
int, int);
|
||||
|
||||
#ifdef SESSION_INDEX
|
||||
CYASSL_API int CyaSSL_GetSessionIndex(CYASSL* ssl);
|
||||
CYASSL_API int CyaSSL_GetSessionAtIndex(int index, CYASSL_SESSION* session);
|
||||
#endif /* SESSION_INDEX */
|
||||
|
||||
#if defined(SESSION_INDEX) && defined(SESSION_CERTS)
|
||||
CYASSL_API
|
||||
CYASSL_X509_CHAIN* CyaSSL_SESSION_get_peer_chain(CYASSL_SESSION* session);
|
||||
#endif /* SESSION_INDEX && SESSION_CERTS */
|
||||
|
||||
typedef int (*VerifyCallback)(int, CYASSL_X509_STORE_CTX*);
|
||||
typedef int (*pem_password_cb)(char*, int, int, void*);
|
||||
|
|
@ -204,6 +272,7 @@ typedef int (*pem_password_cb)(char*, int, int, void*);
|
|||
CYASSL_API void CyaSSL_CTX_set_verify(CYASSL_CTX*, int,
|
||||
VerifyCallback verify_callback);
|
||||
CYASSL_API void CyaSSL_set_verify(CYASSL*, int, VerifyCallback verify_callback);
|
||||
CYASSL_API void CyaSSL_SetCertCbCtx(CYASSL*, void*);
|
||||
|
||||
CYASSL_API int CyaSSL_pending(CYASSL*);
|
||||
|
||||
|
|
@ -211,14 +280,39 @@ CYASSL_API void CyaSSL_load_error_strings(void);
|
|||
CYASSL_API int CyaSSL_library_init(void);
|
||||
CYASSL_API long CyaSSL_CTX_set_session_cache_mode(CYASSL_CTX*, long);
|
||||
|
||||
/* session cache persistence */
|
||||
CYASSL_API int CyaSSL_save_session_cache(const char*);
|
||||
CYASSL_API int CyaSSL_restore_session_cache(const char*);
|
||||
CYASSL_API int CyaSSL_memsave_session_cache(void*, int);
|
||||
CYASSL_API int CyaSSL_memrestore_session_cache(const void*, int);
|
||||
CYASSL_API int CyaSSL_get_session_cache_memsize(void);
|
||||
|
||||
/* certificate cache persistence, uses ctx since certs are per ctx */
|
||||
CYASSL_API int CyaSSL_CTX_save_cert_cache(CYASSL_CTX*, const char*);
|
||||
CYASSL_API int CyaSSL_CTX_restore_cert_cache(CYASSL_CTX*, const char*);
|
||||
CYASSL_API int CyaSSL_CTX_memsave_cert_cache(CYASSL_CTX*, void*, int, int*);
|
||||
CYASSL_API int CyaSSL_CTX_memrestore_cert_cache(CYASSL_CTX*, const void*, int);
|
||||
CYASSL_API int CyaSSL_CTX_get_cert_cache_memsize(CYASSL_CTX*);
|
||||
|
||||
/* only supports full name from cipher_name[] delimited by : */
|
||||
CYASSL_API int CyaSSL_CTX_set_cipher_list(CYASSL_CTX*, const char*);
|
||||
CYASSL_API int CyaSSL_set_cipher_list(CYASSL*, const char*);
|
||||
|
||||
/* Nonblocking DTLS helper functions */
|
||||
CYASSL_API int CyaSSL_dtls_get_current_timeout(CYASSL* ssl);
|
||||
CYASSL_API int CyaSSL_dtls_set_timeout_init(CYASSL* ssl, int);
|
||||
CYASSL_API int CyaSSL_dtls_set_timeout_max(CYASSL* ssl, int);
|
||||
CYASSL_API int CyaSSL_dtls_got_timeout(CYASSL* ssl);
|
||||
CYASSL_API int CyaSSL_dtls(CYASSL* ssl);
|
||||
|
||||
CYASSL_API int CyaSSL_dtls_set_peer(CYASSL*, void*, unsigned int);
|
||||
CYASSL_API int CyaSSL_dtls_get_peer(CYASSL*, void*, unsigned int*);
|
||||
|
||||
CYASSL_API int CyaSSL_ERR_GET_REASON(int err);
|
||||
CYASSL_API char* CyaSSL_ERR_error_string(unsigned long,char*);
|
||||
CYASSL_API void CyaSSL_ERR_error_string_n(unsigned long e, char* buf,
|
||||
unsigned long sz);
|
||||
CYASSL_API const char* CyaSSL_ERR_reason_error_string(unsigned long);
|
||||
|
||||
/* extras */
|
||||
|
||||
|
|
@ -238,6 +332,7 @@ CYASSL_API void CyaSSL_SESSION_free(CYASSL_SESSION* session);
|
|||
CYASSL_API int CyaSSL_is_init_finished(CYASSL*);
|
||||
|
||||
CYASSL_API const char* CyaSSL_get_version(CYASSL*);
|
||||
CYASSL_API int CyaSSL_get_current_cipher_suite(CYASSL* ssl);
|
||||
CYASSL_API CYASSL_CIPHER* CyaSSL_get_current_cipher(CYASSL*);
|
||||
CYASSL_API char* CyaSSL_CIPHER_description(CYASSL_CIPHER*, char*, int);
|
||||
CYASSL_API const char* CyaSSL_CIPHER_get_name(const CYASSL_CIPHER* cipher);
|
||||
|
|
@ -322,7 +417,23 @@ CYASSL_API int CyaSSL_X509_STORE_CTX_get_error_depth(CYASSL_X509_STORE_CTX*);
|
|||
CYASSL_API char* CyaSSL_X509_NAME_oneline(CYASSL_X509_NAME*, char*, int);
|
||||
CYASSL_API CYASSL_X509_NAME* CyaSSL_X509_get_issuer_name(CYASSL_X509*);
|
||||
CYASSL_API CYASSL_X509_NAME* CyaSSL_X509_get_subject_name(CYASSL_X509*);
|
||||
CYASSL_API int CyaSSL_X509_ext_isSet_by_NID(CYASSL_X509*, int);
|
||||
CYASSL_API int CyaSSL_X509_ext_get_critical_by_NID(CYASSL_X509*, int);
|
||||
CYASSL_API int CyaSSL_X509_get_isCA(CYASSL_X509*);
|
||||
CYASSL_API int CyaSSL_X509_get_isSet_pathLength(CYASSL_X509*);
|
||||
CYASSL_API unsigned int CyaSSL_X509_get_pathLength(CYASSL_X509*);
|
||||
CYASSL_API unsigned int CyaSSL_X509_get_keyUsage(CYASSL_X509*);
|
||||
CYASSL_API unsigned char* CyaSSL_X509_get_authorityKeyID(
|
||||
CYASSL_X509*, unsigned char*, int*);
|
||||
CYASSL_API unsigned char* CyaSSL_X509_get_subjectKeyID(
|
||||
CYASSL_X509*, unsigned char*, int*);
|
||||
CYASSL_API int CyaSSL_X509_NAME_entry_count(CYASSL_X509_NAME*);
|
||||
CYASSL_API int CyaSSL_X509_NAME_get_text_by_NID(
|
||||
CYASSL_X509_NAME*, int, char*, int);
|
||||
CYASSL_API int CyaSSL_X509_verify_cert(CYASSL_X509_STORE_CTX*);
|
||||
CYASSL_API const char* CyaSSL_X509_verify_cert_error_string(long);
|
||||
CYASSL_API int CyaSSL_X509_get_signature_type(CYASSL_X509*);
|
||||
CYASSL_API int CyaSSL_X509_get_signature(CYASSL_X509*, unsigned char*, int*);
|
||||
|
||||
CYASSL_API int CyaSSL_X509_LOOKUP_add_dir(CYASSL_X509_LOOKUP*,const char*,long);
|
||||
CYASSL_API int CyaSSL_X509_LOOKUP_load_file(CYASSL_X509_LOOKUP*, const char*,
|
||||
|
|
@ -333,10 +444,16 @@ CYASSL_API CYASSL_X509_LOOKUP_METHOD* CyaSSL_X509_LOOKUP_file(void);
|
|||
CYASSL_API CYASSL_X509_LOOKUP* CyaSSL_X509_STORE_add_lookup(CYASSL_X509_STORE*,
|
||||
CYASSL_X509_LOOKUP_METHOD*);
|
||||
CYASSL_API CYASSL_X509_STORE* CyaSSL_X509_STORE_new(void);
|
||||
CYASSL_API void CyaSSL_X509_STORE_free(CYASSL_X509_STORE*);
|
||||
CYASSL_API int CyaSSL_X509_STORE_add_cert(
|
||||
CYASSL_X509_STORE*, CYASSL_X509*);
|
||||
CYASSL_API int CyaSSL_X509_STORE_set_default_paths(CYASSL_X509_STORE*);
|
||||
CYASSL_API int CyaSSL_X509_STORE_get_by_subject(CYASSL_X509_STORE_CTX*,
|
||||
int, CYASSL_X509_NAME*, CYASSL_X509_OBJECT*);
|
||||
CYASSL_API CYASSL_X509_STORE_CTX* CyaSSL_X509_STORE_CTX_new(void);
|
||||
CYASSL_API int CyaSSL_X509_STORE_CTX_init(CYASSL_X509_STORE_CTX*,
|
||||
CYASSL_X509_STORE*, CYASSL_X509*, STACK_OF(CYASSL_X509)*);
|
||||
CYASSL_API void CyaSSL_X509_STORE_CTX_free(CYASSL_X509_STORE_CTX*);
|
||||
CYASSL_API void CyaSSL_X509_STORE_CTX_cleanup(CYASSL_X509_STORE_CTX*);
|
||||
|
||||
CYASSL_API CYASSL_ASN1_TIME* CyaSSL_X509_CRL_get_lastUpdate(CYASSL_X509_CRL*);
|
||||
|
|
@ -405,7 +522,6 @@ CYASSL_API long CyaSSL_CTX_sess_timeouts(CYASSL_CTX*);
|
|||
CYASSL_API long CyaSSL_CTX_sess_number(CYASSL_CTX*);
|
||||
CYASSL_API long CyaSSL_CTX_sess_get_cache_size(CYASSL_CTX*);
|
||||
|
||||
|
||||
#define CYASSL_DEFAULT_CIPHER_LIST "" /* default all */
|
||||
#define CYASSL_RSA_F4 0x10001L
|
||||
|
||||
|
|
@ -428,6 +544,9 @@ enum {
|
|||
OCSP_RESPONSE = 8,
|
||||
OCSP_BASICRESP = 16,
|
||||
|
||||
CYASSL_OCSP_URL_OVERRIDE = 1,
|
||||
CYASSL_OCSP_NO_NONCE = 2,
|
||||
|
||||
CYASSL_CRL_CHECKALL = 1,
|
||||
|
||||
ASN1_GENERALIZEDTIME = 4,
|
||||
|
|
@ -501,7 +620,7 @@ enum {
|
|||
|
||||
/* extras end */
|
||||
|
||||
#ifndef NO_FILESYSTEM
|
||||
#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
|
||||
/* CyaSSL extension, provide last error from SSL_get_error
|
||||
since not using thread storage error queue */
|
||||
CYASSL_API void CyaSSL_ERR_print_errors_fp(FILE*, int err);
|
||||
|
|
@ -601,8 +720,9 @@ CYASSL_API int CyaSSL_RAND_status(void);
|
|||
CYASSL_API int CyaSSL_RAND_bytes(unsigned char* buf, int num);
|
||||
CYASSL_API CYASSL_METHOD *CyaSSLv23_server_method(void);
|
||||
CYASSL_API long CyaSSL_CTX_set_options(CYASSL_CTX*, long);
|
||||
CYASSL_API int CyaSSL_CTX_check_private_key(CYASSL_CTX*);
|
||||
|
||||
#ifndef NO_CERTS
|
||||
CYASSL_API int CyaSSL_CTX_check_private_key(CYASSL_CTX*);
|
||||
#endif /* !NO_CERTS */
|
||||
|
||||
CYASSL_API void CyaSSL_ERR_free_strings(void);
|
||||
CYASSL_API void CyaSSL_ERR_remove_state(unsigned long);
|
||||
|
|
@ -640,8 +760,8 @@ CYASSL_API void CyaSSL_CTX_sess_set_remove_cb(CYASSL_CTX*,
|
|||
void (*f)(CYASSL_CTX*, CYASSL_SESSION*));
|
||||
|
||||
CYASSL_API int CyaSSL_i2d_SSL_SESSION(CYASSL_SESSION*,unsigned char**);
|
||||
CYASSL_API CYASSL_SESSION* CyaSSL_d2i_SSL_SESSION(CYASSL_SESSION**,const unsigned char**,
|
||||
long);
|
||||
CYASSL_API CYASSL_SESSION* CyaSSL_d2i_SSL_SESSION(CYASSL_SESSION**,
|
||||
const unsigned char**, long);
|
||||
|
||||
CYASSL_API long CyaSSL_SESSION_get_timeout(const CYASSL_SESSION*);
|
||||
CYASSL_API long CyaSSL_SESSION_get_time(const CYASSL_SESSION*);
|
||||
|
|
@ -682,6 +802,10 @@ CYASSL_API int CyaSSL_get_chain_count(CYASSL_X509_CHAIN* chain);
|
|||
CYASSL_API int CyaSSL_get_chain_length(CYASSL_X509_CHAIN*, int idx);
|
||||
/* index cert */
|
||||
CYASSL_API unsigned char* CyaSSL_get_chain_cert(CYASSL_X509_CHAIN*, int idx);
|
||||
/* index cert in X509 */
|
||||
CYASSL_API CYASSL_X509* CyaSSL_get_chain_X509(CYASSL_X509_CHAIN*, int idx);
|
||||
/* free X509 */
|
||||
CYASSL_API void CyaSSL_FreeX509(CYASSL_X509*);
|
||||
/* get index cert in PEM */
|
||||
CYASSL_API int CyaSSL_get_chain_cert_pem(CYASSL_X509_CHAIN*, int idx,
|
||||
unsigned char* buffer, int inLen, int* outLen);
|
||||
|
|
@ -689,14 +813,40 @@ CYASSL_API const unsigned char* CyaSSL_get_sessionID(const CYASSL_SESSION* s);
|
|||
CYASSL_API int CyaSSL_X509_get_serial_number(CYASSL_X509*,unsigned char*,int*);
|
||||
CYASSL_API char* CyaSSL_X509_get_subjectCN(CYASSL_X509*);
|
||||
CYASSL_API const unsigned char* CyaSSL_X509_get_der(CYASSL_X509*, int*);
|
||||
CYASSL_API const unsigned char* CyaSSL_X509_notBefore(CYASSL_X509*);
|
||||
CYASSL_API const unsigned char* CyaSSL_X509_notAfter(CYASSL_X509*);
|
||||
CYASSL_API int CyaSSL_X509_version(CYASSL_X509*);
|
||||
CYASSL_API
|
||||
|
||||
CYASSL_API int CyaSSL_cmp_peer_cert_to_file(CYASSL*, const char*);
|
||||
|
||||
CYASSL_API char* CyaSSL_X509_get_next_altname(CYASSL_X509*);
|
||||
|
||||
CYASSL_API CYASSL_X509*
|
||||
CyaSSL_X509_d2i(CYASSL_X509** x509, const unsigned char* in, int len);
|
||||
#ifndef NO_FILESYSTEM
|
||||
#ifndef NO_STDIO_FILESYSTEM
|
||||
CYASSL_API CYASSL_X509*
|
||||
CyaSSL_X509_d2i_fp(CYASSL_X509** x509, FILE* file);
|
||||
#endif
|
||||
CYASSL_API CYASSL_X509*
|
||||
CyaSSL_X509_load_certificate_file(const char* fname, int format);
|
||||
#endif
|
||||
|
||||
#ifdef CYASSL_SEP
|
||||
CYASSL_API unsigned char*
|
||||
CyaSSL_X509_get_device_type(CYASSL_X509*, unsigned char*, int*);
|
||||
CYASSL_API unsigned char*
|
||||
CyaSSL_X509_get_hw_type(CYASSL_X509*, unsigned char*, int*);
|
||||
CYASSL_API unsigned char*
|
||||
CyaSSL_X509_get_hw_serial_number(CYASSL_X509*, unsigned char*, int*);
|
||||
#endif
|
||||
|
||||
/* connect enough to get peer cert */
|
||||
CYASSL_API int CyaSSL_connect_cert(CYASSL* ssl);
|
||||
|
||||
/* XXX This should be #ifndef NO_DH */
|
||||
#ifndef NO_CERTS
|
||||
/* server Diffie-Hellman parameters */
|
||||
CYASSL_API int CyaSSL_SetTmpDH(CYASSL*, const unsigned char* p, int pSz,
|
||||
const unsigned char* g, int gSz);
|
||||
|
|
@ -713,23 +863,31 @@ CYASSL_API int CyaSSL_CTX_SetTmpDH(CYASSL_CTX*, const unsigned char* p,
|
|||
CYASSL_API int CyaSSL_CTX_SetTmpDH_buffer(CYASSL_CTX*, const unsigned char* b,
|
||||
long sz, int format);
|
||||
CYASSL_API int CyaSSL_CTX_SetTmpEC_DHE_Sz(CYASSL_CTX*, unsigned short);
|
||||
|
||||
#ifndef NO_FILESYSTEM
|
||||
CYASSL_API int CyaSSL_CTX_SetTmpDH_file(CYASSL_CTX*, const char* f,
|
||||
int format);
|
||||
#endif
|
||||
#endif
|
||||
|
||||
/* keyblock size in bytes or -1 */
|
||||
/* need to call CyaSSL_KeepArrays before handshake to save keys */
|
||||
CYASSL_API int CyaSSL_get_keyblock_size(CYASSL*);
|
||||
CYASSL_API int CyaSSL_get_keys(CYASSL*,unsigned char** ms, unsigned int* msLen,
|
||||
unsigned char** sr, unsigned int* srLen,
|
||||
unsigned char** cr, unsigned int* crLen);
|
||||
|
||||
/* Computes EAP-TLS and EAP-TTLS keying material from the master_secret. */
|
||||
CYASSL_API int CyaSSL_make_eap_keys(CYASSL*, void* key, unsigned int len,
|
||||
const char* label);
|
||||
|
||||
|
||||
#ifndef _WIN32
|
||||
#ifndef NO_WRITEV
|
||||
#ifdef __PPU
|
||||
#include <sys/types.h>
|
||||
#include <sys/socket.h>
|
||||
#else
|
||||
#elif !defined(CYASSL_MDK_ARM) && !defined(CYASSL_IAR_ARM)
|
||||
#include <sys/uio.h>
|
||||
#endif
|
||||
/* allow writev style writing */
|
||||
|
|
@ -739,36 +897,92 @@ CYASSL_API int CyaSSL_get_keys(CYASSL*,unsigned char** ms, unsigned int* msLen,
|
|||
#endif
|
||||
|
||||
|
||||
/* SSL_CTX versions */
|
||||
CYASSL_API int CyaSSL_CTX_load_verify_buffer(CYASSL_CTX*, const unsigned char*,
|
||||
long, int);
|
||||
CYASSL_API int CyaSSL_CTX_use_certificate_buffer(CYASSL_CTX*,
|
||||
#ifndef NO_CERTS
|
||||
/* SSL_CTX versions */
|
||||
CYASSL_API int CyaSSL_CTX_UnloadCAs(CYASSL_CTX*);
|
||||
CYASSL_API int CyaSSL_CTX_load_verify_buffer(CYASSL_CTX*,
|
||||
const unsigned char*, long, int);
|
||||
CYASSL_API int CyaSSL_CTX_use_PrivateKey_buffer(CYASSL_CTX*,
|
||||
CYASSL_API int CyaSSL_CTX_use_certificate_buffer(CYASSL_CTX*,
|
||||
const unsigned char*, long, int);
|
||||
CYASSL_API int CyaSSL_CTX_use_certificate_chain_buffer(CYASSL_CTX*,
|
||||
CYASSL_API int CyaSSL_CTX_use_PrivateKey_buffer(CYASSL_CTX*,
|
||||
const unsigned char*, long, int);
|
||||
CYASSL_API int CyaSSL_CTX_use_certificate_chain_buffer(CYASSL_CTX*,
|
||||
const unsigned char*, long);
|
||||
CYASSL_API int CyaSSL_CTX_set_group_messages(CYASSL_CTX*);
|
||||
|
||||
/* SSL versions */
|
||||
CYASSL_API int CyaSSL_use_certificate_buffer(CYASSL*, const unsigned char*,
|
||||
long, int);
|
||||
CYASSL_API int CyaSSL_use_PrivateKey_buffer(CYASSL*, const unsigned char*, long,
|
||||
int);
|
||||
CYASSL_API int CyaSSL_use_certificate_chain_buffer(CYASSL*,
|
||||
const unsigned char*, long);
|
||||
/* SSL versions */
|
||||
CYASSL_API int CyaSSL_use_certificate_buffer(CYASSL*, const unsigned char*,
|
||||
long, int);
|
||||
CYASSL_API int CyaSSL_use_PrivateKey_buffer(CYASSL*, const unsigned char*,
|
||||
long, int);
|
||||
CYASSL_API int CyaSSL_use_certificate_chain_buffer(CYASSL*,
|
||||
const unsigned char*, long);
|
||||
CYASSL_API int CyaSSL_UnloadCertsKeys(CYASSL*);
|
||||
#endif
|
||||
|
||||
CYASSL_API int CyaSSL_CTX_set_group_messages(CYASSL_CTX*);
|
||||
CYASSL_API int CyaSSL_set_group_messages(CYASSL*);
|
||||
|
||||
/* I/O callbacks */
|
||||
typedef int (*CallbackIORecv)(char *buf, int sz, void *ctx);
|
||||
typedef int (*CallbackIOSend)(char *buf, int sz, void *ctx);
|
||||
typedef int (*CallbackIORecv)(CYASSL *ssl, char *buf, int sz, void *ctx);
|
||||
typedef int (*CallbackIOSend)(CYASSL *ssl, char *buf, int sz, void *ctx);
|
||||
|
||||
CYASSL_API void CyaSSL_SetIORecv(CYASSL_CTX*, CallbackIORecv);
|
||||
CYASSL_API void CyaSSL_SetIOSend(CYASSL_CTX*, CallbackIOSend);
|
||||
|
||||
CYASSL_API void CyaSSL_SetIOReadCtx(CYASSL* ssl, void *ctx);
|
||||
CYASSL_API void CyaSSL_SetIOReadCtx( CYASSL* ssl, void *ctx);
|
||||
CYASSL_API void CyaSSL_SetIOWriteCtx(CYASSL* ssl, void *ctx);
|
||||
|
||||
CYASSL_API void* CyaSSL_GetIOReadCtx( CYASSL* ssl);
|
||||
CYASSL_API void* CyaSSL_GetIOWriteCtx(CYASSL* ssl);
|
||||
|
||||
CYASSL_API void CyaSSL_SetIOReadFlags( CYASSL* ssl, int flags);
|
||||
CYASSL_API void CyaSSL_SetIOWriteFlags(CYASSL* ssl, int flags);
|
||||
|
||||
|
||||
#ifndef CYASSL_USER_IO
|
||||
/* default IO callbacks */
|
||||
CYASSL_API int EmbedReceive(CYASSL* ssl, char* buf, int sz, void* ctx);
|
||||
CYASSL_API int EmbedSend(CYASSL* ssl, char* buf, int sz, void* ctx);
|
||||
|
||||
#ifdef HAVE_OCSP
|
||||
CYASSL_API int EmbedOcspLookup(void*, const char*, int, unsigned char*,
|
||||
int, unsigned char**);
|
||||
CYASSL_API void EmbedOcspRespFree(void*, unsigned char*);
|
||||
#endif
|
||||
|
||||
#ifdef CYASSL_DTLS
|
||||
CYASSL_API int EmbedReceiveFrom(CYASSL* ssl, char* buf, int sz, void*);
|
||||
CYASSL_API int EmbedSendTo(CYASSL* ssl, char* buf, int sz, void* ctx);
|
||||
CYASSL_API int EmbedGenerateCookie(CYASSL* ssl, unsigned char* buf,
|
||||
int sz, void*);
|
||||
#endif /* CYASSL_DTLS */
|
||||
#endif /* CYASSL_USER_IO */
|
||||
|
||||
|
||||
#ifdef HAVE_NETX
|
||||
CYASSL_API void CyaSSL_SetIO_NetX(CYASSL* ssl, NX_TCP_SOCKET* nxsocket,
|
||||
ULONG waitoption);
|
||||
#endif
|
||||
|
||||
typedef int (*CallbackGenCookie)(CYASSL* ssl, unsigned char* buf, int sz,
|
||||
void* ctx);
|
||||
CYASSL_API void CyaSSL_CTX_SetGenCookie(CYASSL_CTX*, CallbackGenCookie);
|
||||
CYASSL_API void CyaSSL_SetCookieCtx(CYASSL* ssl, void *ctx);
|
||||
CYASSL_API void* CyaSSL_GetCookieCtx(CYASSL* ssl);
|
||||
|
||||
|
||||
/* I/O Callback default errors */
|
||||
enum IOerrors {
|
||||
CYASSL_CBIO_ERR_GENERAL = -1, /* general unexpected err */
|
||||
CYASSL_CBIO_ERR_WANT_READ = -2, /* need to call read again */
|
||||
CYASSL_CBIO_ERR_WANT_WRITE = -2, /* need to call write again */
|
||||
CYASSL_CBIO_ERR_CONN_RST = -3, /* connection reset */
|
||||
CYASSL_CBIO_ERR_ISR = -4, /* interrupt */
|
||||
CYASSL_CBIO_ERR_CONN_CLOSE = -5, /* connection closed or epipe */
|
||||
CYASSL_CBIO_ERR_TIMEOUT = -6 /* socket timeout */
|
||||
};
|
||||
|
||||
|
||||
/* CA cache callbacks */
|
||||
enum {
|
||||
CYASSL_SSLV3 = 0,
|
||||
|
|
@ -779,42 +993,299 @@ enum {
|
|||
CYASSL_CHAIN_CA = 2 /* added to cache from trusted chain */
|
||||
};
|
||||
|
||||
CYASSL_API int CyaSSL_GetObjectSize(void); /* object size based on build */
|
||||
CYASSL_API int CyaSSL_SetVersion(CYASSL* ssl, int version);
|
||||
CYASSL_API int CyaSSL_KeyPemToDer(const unsigned char*, int sz, unsigned char*,
|
||||
int, const char*);
|
||||
CYASSL_API int CyaSSL_CertPemToDer(const unsigned char*, int sz, unsigned char*,
|
||||
int, int);
|
||||
|
||||
typedef void (*CallbackCACache)(unsigned char* der, int sz, int type);
|
||||
typedef void (*CbMissingCRL)(const char* url);
|
||||
typedef int (*CbOCSPIO)(void*, const char*, int,
|
||||
unsigned char*, int, unsigned char**);
|
||||
typedef void (*CbOCSPRespFree)(void*,unsigned char*);
|
||||
|
||||
CYASSL_API void CyaSSL_CTX_SetCACb(CYASSL_CTX*, CallbackCACache);
|
||||
/* User Atomic Record Layer CallBacks */
|
||||
typedef int (*CallbackMacEncrypt)(CYASSL* ssl, unsigned char* macOut,
|
||||
const unsigned char* macIn, unsigned int macInSz, int macContent,
|
||||
int macVerify, unsigned char* encOut, const unsigned char* encIn,
|
||||
unsigned int encSz, void* ctx);
|
||||
CYASSL_API void CyaSSL_CTX_SetMacEncryptCb(CYASSL_CTX*, CallbackMacEncrypt);
|
||||
CYASSL_API void CyaSSL_SetMacEncryptCtx(CYASSL* ssl, void *ctx);
|
||||
CYASSL_API void* CyaSSL_GetMacEncryptCtx(CYASSL* ssl);
|
||||
|
||||
typedef int (*CallbackDecryptVerify)(CYASSL* ssl,
|
||||
unsigned char* decOut, const unsigned char* decIn,
|
||||
unsigned int decSz, int content, int verify, unsigned int* padSz,
|
||||
void* ctx);
|
||||
CYASSL_API void CyaSSL_CTX_SetDecryptVerifyCb(CYASSL_CTX*,
|
||||
CallbackDecryptVerify);
|
||||
CYASSL_API void CyaSSL_SetDecryptVerifyCtx(CYASSL* ssl, void *ctx);
|
||||
CYASSL_API void* CyaSSL_GetDecryptVerifyCtx(CYASSL* ssl);
|
||||
|
||||
CYASSL_API const unsigned char* CyaSSL_GetMacSecret(CYASSL*, int);
|
||||
CYASSL_API const unsigned char* CyaSSL_GetClientWriteKey(CYASSL*);
|
||||
CYASSL_API const unsigned char* CyaSSL_GetClientWriteIV(CYASSL*);
|
||||
CYASSL_API const unsigned char* CyaSSL_GetServerWriteKey(CYASSL*);
|
||||
CYASSL_API const unsigned char* CyaSSL_GetServerWriteIV(CYASSL*);
|
||||
CYASSL_API int CyaSSL_GetKeySize(CYASSL*);
|
||||
CYASSL_API int CyaSSL_GetIVSize(CYASSL*);
|
||||
CYASSL_API int CyaSSL_GetSide(CYASSL*);
|
||||
CYASSL_API int CyaSSL_IsTLSv1_1(CYASSL*);
|
||||
CYASSL_API int CyaSSL_GetBulkCipher(CYASSL*);
|
||||
CYASSL_API int CyaSSL_GetCipherBlockSize(CYASSL*);
|
||||
CYASSL_API int CyaSSL_GetAeadMacSize(CYASSL*);
|
||||
CYASSL_API int CyaSSL_GetHmacSize(CYASSL*);
|
||||
CYASSL_API int CyaSSL_GetHmacType(CYASSL*);
|
||||
CYASSL_API int CyaSSL_GetCipherType(CYASSL*);
|
||||
CYASSL_API int CyaSSL_SetTlsHmacInner(CYASSL*, unsigned char*,
|
||||
unsigned int, int, int);
|
||||
|
||||
/* Atomic User Needs */
|
||||
enum {
|
||||
CYASSL_SERVER_END = 0,
|
||||
CYASSL_CLIENT_END = 1,
|
||||
CYASSL_BLOCK_TYPE = 2,
|
||||
CYASSL_STREAM_TYPE = 3,
|
||||
CYASSL_AEAD_TYPE = 4,
|
||||
CYASSL_TLS_HMAC_INNER_SZ = 13 /* SEQ_SZ + ENUM + VERSION_SZ + LEN_SZ */
|
||||
};
|
||||
|
||||
/* for GetBulkCipher and internal use */
|
||||
enum BulkCipherAlgorithm {
|
||||
cyassl_cipher_null,
|
||||
cyassl_rc4,
|
||||
cyassl_rc2,
|
||||
cyassl_des,
|
||||
cyassl_triple_des, /* leading 3 (3des) not valid identifier */
|
||||
cyassl_des40,
|
||||
cyassl_idea,
|
||||
cyassl_aes,
|
||||
cyassl_aes_gcm,
|
||||
cyassl_aes_ccm,
|
||||
cyassl_camellia,
|
||||
cyassl_hc128, /* CyaSSL extensions */
|
||||
cyassl_rabbit
|
||||
};
|
||||
|
||||
|
||||
CYASSL_API CYASSL_CERT_MANAGER* CyaSSL_CertManagerNew(void);
|
||||
CYASSL_API void CyaSSL_CertManagerFree(CYASSL_CERT_MANAGER*);
|
||||
/* Public Key Callback support */
|
||||
typedef int (*CallbackEccSign)(CYASSL* ssl,
|
||||
const unsigned char* in, unsigned int inSz,
|
||||
unsigned char* out, unsigned int* outSz,
|
||||
const unsigned char* keyDer, unsigned int keySz,
|
||||
void* ctx);
|
||||
CYASSL_API void CyaSSL_CTX_SetEccSignCb(CYASSL_CTX*, CallbackEccSign);
|
||||
CYASSL_API void CyaSSL_SetEccSignCtx(CYASSL* ssl, void *ctx);
|
||||
CYASSL_API void* CyaSSL_GetEccSignCtx(CYASSL* ssl);
|
||||
|
||||
CYASSL_API int CyaSSL_CertManagerLoadCA(CYASSL_CERT_MANAGER*, const char* f,
|
||||
const char* d);
|
||||
CYASSL_API int CyaSSL_CertManagerVerify(CYASSL_CERT_MANAGER*, const char* f,
|
||||
int format);
|
||||
CYASSL_API int CyaSSL_CertManagerVerifyBuffer(CYASSL_CERT_MANAGER* cm,
|
||||
const unsigned char* buff, int sz, int format);
|
||||
CYASSL_API int CyaSSL_CertManagerCheckCRL(CYASSL_CERT_MANAGER*, unsigned char*,
|
||||
int sz);
|
||||
CYASSL_API int CyaSSL_CertManagerEnableCRL(CYASSL_CERT_MANAGER*, int options);
|
||||
CYASSL_API int CyaSSL_CertManagerDisableCRL(CYASSL_CERT_MANAGER*);
|
||||
CYASSL_API int CyaSSL_CertManagerLoadCRL(CYASSL_CERT_MANAGER*, const char*, int,
|
||||
int);
|
||||
CYASSL_API int CyaSSL_CertManagerSetCRL_Cb(CYASSL_CERT_MANAGER*, CbMissingCRL);
|
||||
typedef int (*CallbackEccVerify)(CYASSL* ssl,
|
||||
const unsigned char* sig, unsigned int sigSz,
|
||||
const unsigned char* hash, unsigned int hashSz,
|
||||
const unsigned char* keyDer, unsigned int keySz,
|
||||
int* result, void* ctx);
|
||||
CYASSL_API void CyaSSL_CTX_SetEccVerifyCb(CYASSL_CTX*, CallbackEccVerify);
|
||||
CYASSL_API void CyaSSL_SetEccVerifyCtx(CYASSL* ssl, void *ctx);
|
||||
CYASSL_API void* CyaSSL_GetEccVerifyCtx(CYASSL* ssl);
|
||||
|
||||
CYASSL_API int CyaSSL_EnableCRL(CYASSL* ssl, int options);
|
||||
CYASSL_API int CyaSSL_DisableCRL(CYASSL* ssl);
|
||||
CYASSL_API int CyaSSL_LoadCRL(CYASSL*, const char*, int, int);
|
||||
CYASSL_API int CyaSSL_SetCRL_Cb(CYASSL*, CbMissingCRL);
|
||||
typedef int (*CallbackRsaSign)(CYASSL* ssl,
|
||||
const unsigned char* in, unsigned int inSz,
|
||||
unsigned char* out, unsigned int* outSz,
|
||||
const unsigned char* keyDer, unsigned int keySz,
|
||||
void* ctx);
|
||||
CYASSL_API void CyaSSL_CTX_SetRsaSignCb(CYASSL_CTX*, CallbackRsaSign);
|
||||
CYASSL_API void CyaSSL_SetRsaSignCtx(CYASSL* ssl, void *ctx);
|
||||
CYASSL_API void* CyaSSL_GetRsaSignCtx(CYASSL* ssl);
|
||||
|
||||
typedef int (*CallbackRsaVerify)(CYASSL* ssl,
|
||||
unsigned char* sig, unsigned int sigSz,
|
||||
unsigned char** out,
|
||||
const unsigned char* keyDer, unsigned int keySz,
|
||||
void* ctx);
|
||||
CYASSL_API void CyaSSL_CTX_SetRsaVerifyCb(CYASSL_CTX*, CallbackRsaVerify);
|
||||
CYASSL_API void CyaSSL_SetRsaVerifyCtx(CYASSL* ssl, void *ctx);
|
||||
CYASSL_API void* CyaSSL_GetRsaVerifyCtx(CYASSL* ssl);
|
||||
|
||||
/* RSA Public Encrypt cb */
|
||||
typedef int (*CallbackRsaEnc)(CYASSL* ssl,
|
||||
const unsigned char* in, unsigned int inSz,
|
||||
unsigned char* out, unsigned int* outSz,
|
||||
const unsigned char* keyDer, unsigned int keySz,
|
||||
void* ctx);
|
||||
CYASSL_API void CyaSSL_CTX_SetRsaEncCb(CYASSL_CTX*, CallbackRsaEnc);
|
||||
CYASSL_API void CyaSSL_SetRsaEncCtx(CYASSL* ssl, void *ctx);
|
||||
CYASSL_API void* CyaSSL_GetRsaEncCtx(CYASSL* ssl);
|
||||
|
||||
/* RSA Private Decrypt cb */
|
||||
typedef int (*CallbackRsaDec)(CYASSL* ssl,
|
||||
unsigned char* in, unsigned int inSz,
|
||||
unsigned char** out,
|
||||
const unsigned char* keyDer, unsigned int keySz,
|
||||
void* ctx);
|
||||
CYASSL_API void CyaSSL_CTX_SetRsaDecCb(CYASSL_CTX*, CallbackRsaDec);
|
||||
CYASSL_API void CyaSSL_SetRsaDecCtx(CYASSL* ssl, void *ctx);
|
||||
CYASSL_API void* CyaSSL_GetRsaDecCtx(CYASSL* ssl);
|
||||
|
||||
|
||||
#ifndef NO_CERTS
|
||||
CYASSL_API void CyaSSL_CTX_SetCACb(CYASSL_CTX*, CallbackCACache);
|
||||
|
||||
CYASSL_API CYASSL_CERT_MANAGER* CyaSSL_CertManagerNew(void);
|
||||
CYASSL_API void CyaSSL_CertManagerFree(CYASSL_CERT_MANAGER*);
|
||||
|
||||
CYASSL_API int CyaSSL_CertManagerLoadCA(CYASSL_CERT_MANAGER*, const char* f,
|
||||
const char* d);
|
||||
CYASSL_API int CyaSSL_CertManagerUnloadCAs(CYASSL_CERT_MANAGER* cm);
|
||||
CYASSL_API int CyaSSL_CertManagerVerify(CYASSL_CERT_MANAGER*, const char* f,
|
||||
int format);
|
||||
CYASSL_API int CyaSSL_CertManagerVerifyBuffer(CYASSL_CERT_MANAGER* cm,
|
||||
const unsigned char* buff, long sz, int format);
|
||||
CYASSL_API int CyaSSL_CertManagerCheckCRL(CYASSL_CERT_MANAGER*,
|
||||
unsigned char*, int sz);
|
||||
CYASSL_API int CyaSSL_CertManagerEnableCRL(CYASSL_CERT_MANAGER*,
|
||||
int options);
|
||||
CYASSL_API int CyaSSL_CertManagerDisableCRL(CYASSL_CERT_MANAGER*);
|
||||
CYASSL_API int CyaSSL_CertManagerLoadCRL(CYASSL_CERT_MANAGER*, const char*,
|
||||
int, int);
|
||||
CYASSL_API int CyaSSL_CertManagerSetCRL_Cb(CYASSL_CERT_MANAGER*,
|
||||
CbMissingCRL);
|
||||
CYASSL_API int CyaSSL_CertManagerCheckOCSP(CYASSL_CERT_MANAGER*,
|
||||
unsigned char*, int sz);
|
||||
CYASSL_API int CyaSSL_CertManagerEnableOCSP(CYASSL_CERT_MANAGER*,
|
||||
int options);
|
||||
CYASSL_API int CyaSSL_CertManagerDisableOCSP(CYASSL_CERT_MANAGER*);
|
||||
CYASSL_API int CyaSSL_CertManagerSetOCSPOverrideURL(CYASSL_CERT_MANAGER*,
|
||||
const char*);
|
||||
CYASSL_API int CyaSSL_CertManagerSetOCSP_Cb(CYASSL_CERT_MANAGER*,
|
||||
CbOCSPIO, CbOCSPRespFree, void*);
|
||||
|
||||
CYASSL_API int CyaSSL_EnableCRL(CYASSL* ssl, int options);
|
||||
CYASSL_API int CyaSSL_DisableCRL(CYASSL* ssl);
|
||||
CYASSL_API int CyaSSL_LoadCRL(CYASSL*, const char*, int, int);
|
||||
CYASSL_API int CyaSSL_SetCRL_Cb(CYASSL*, CbMissingCRL);
|
||||
CYASSL_API int CyaSSL_EnableOCSP(CYASSL*, int options);
|
||||
CYASSL_API int CyaSSL_DisableOCSP(CYASSL*);
|
||||
CYASSL_API int CyaSSL_SetOCSP_OverrideURL(CYASSL*, const char*);
|
||||
CYASSL_API int CyaSSL_SetOCSP_Cb(CYASSL*, CbOCSPIO, CbOCSPRespFree, void*);
|
||||
|
||||
CYASSL_API int CyaSSL_CTX_EnableCRL(CYASSL_CTX* ctx, int options);
|
||||
CYASSL_API int CyaSSL_CTX_DisableCRL(CYASSL_CTX* ctx);
|
||||
CYASSL_API int CyaSSL_CTX_LoadCRL(CYASSL_CTX*, const char*, int, int);
|
||||
CYASSL_API int CyaSSL_CTX_SetCRL_Cb(CYASSL_CTX*, CbMissingCRL);
|
||||
CYASSL_API int CyaSSL_CTX_EnableOCSP(CYASSL_CTX*, int options);
|
||||
CYASSL_API int CyaSSL_CTX_DisableOCSP(CYASSL_CTX*);
|
||||
CYASSL_API int CyaSSL_CTX_SetOCSP_OverrideURL(CYASSL_CTX*, const char*);
|
||||
CYASSL_API int CyaSSL_CTX_SetOCSP_Cb(CYASSL_CTX*,
|
||||
CbOCSPIO, CbOCSPRespFree, void*);
|
||||
#endif /* !NO_CERTS */
|
||||
|
||||
/* end of handshake frees temporary arrays, if user needs for get_keys or
|
||||
psk hints, call KeepArrays before handshake and then FreeArrays when done
|
||||
if don't want to wait for object free */
|
||||
CYASSL_API void CyaSSL_KeepArrays(CYASSL*);
|
||||
CYASSL_API void CyaSSL_FreeArrays(CYASSL*);
|
||||
|
||||
|
||||
/* cavium additions */
|
||||
CYASSL_API int CyaSSL_UseCavium(CYASSL*, int devId);
|
||||
CYASSL_API int CyaSSL_CTX_UseCavium(CYASSL_CTX*, int devId);
|
||||
|
||||
/* TLS Extensions */
|
||||
|
||||
/* Server Name Indication */
|
||||
#ifdef HAVE_SNI
|
||||
/* SNI types */
|
||||
enum {
|
||||
CYASSL_SNI_HOST_NAME = 0
|
||||
};
|
||||
|
||||
CYASSL_API int CyaSSL_UseSNI(CYASSL* ssl, unsigned char type, const void* data,
|
||||
unsigned short size);
|
||||
CYASSL_API int CyaSSL_CTX_UseSNI(CYASSL_CTX* ctx, unsigned char type,
|
||||
const void* data, unsigned short size);
|
||||
|
||||
#ifndef NO_CYASSL_SERVER
|
||||
/* SNI options */
|
||||
enum {
|
||||
CYASSL_SNI_CONTINUE_ON_MISMATCH = 0x01, /* do not abort on mismatch flag */
|
||||
CYASSL_SNI_ANSWER_ON_MISMATCH = 0x02 /* fake match on mismatch flag */
|
||||
};
|
||||
|
||||
CYASSL_API void CyaSSL_SNI_SetOptions(CYASSL* ssl, unsigned char type,
|
||||
unsigned char options);
|
||||
CYASSL_API void CyaSSL_CTX_SNI_SetOptions(CYASSL_CTX* ctx, unsigned char type,
|
||||
unsigned char options);
|
||||
|
||||
/* SNI status */
|
||||
enum {
|
||||
CYASSL_SNI_NO_MATCH = 0,
|
||||
CYASSL_SNI_FAKE_MATCH = 1, /* if CYASSL_SNI_ANSWER_ON_MISMATCH is enabled */
|
||||
CYASSL_SNI_REAL_MATCH = 2
|
||||
};
|
||||
|
||||
CYASSL_API unsigned char CyaSSL_SNI_Status(CYASSL* ssl, unsigned char type);
|
||||
|
||||
CYASSL_API unsigned short CyaSSL_SNI_GetRequest(CYASSL *ssl, unsigned char type,
|
||||
void** data);
|
||||
|
||||
CYASSL_API int CyaSSL_SNI_GetFromBuffer(
|
||||
const unsigned char* clientHello, unsigned int helloSz,
|
||||
unsigned char type, unsigned char* sni, unsigned int* inOutSz);
|
||||
|
||||
#endif /* NO_CYASSL_SERVER */
|
||||
#endif /* HAVE_SNI */
|
||||
|
||||
/* Maximum Fragment Length */
|
||||
#ifdef HAVE_MAX_FRAGMENT
|
||||
/* Fragment lengths */
|
||||
enum {
|
||||
CYASSL_MFL_2_9 = 1, /* 512 bytes */
|
||||
CYASSL_MFL_2_10 = 2, /* 1024 bytes */
|
||||
CYASSL_MFL_2_11 = 3, /* 2048 bytes */
|
||||
CYASSL_MFL_2_12 = 4, /* 4096 bytes */
|
||||
CYASSL_MFL_2_13 = 5 /* 8192 bytes *//* CyaSSL ONLY!!! */
|
||||
};
|
||||
|
||||
#ifndef NO_CYASSL_CLIENT
|
||||
|
||||
CYASSL_API int CyaSSL_UseMaxFragment(CYASSL* ssl, unsigned char mfl);
|
||||
CYASSL_API int CyaSSL_CTX_UseMaxFragment(CYASSL_CTX* ctx, unsigned char mfl);
|
||||
|
||||
#endif /* NO_CYASSL_CLIENT */
|
||||
#endif /* HAVE_MAX_FRAGMENT */
|
||||
|
||||
/* Truncated HMAC */
|
||||
#ifdef HAVE_TRUNCATED_HMAC
|
||||
#ifndef NO_CYASSL_CLIENT
|
||||
|
||||
CYASSL_API int CyaSSL_UseTruncatedHMAC(CYASSL* ssl);
|
||||
CYASSL_API int CyaSSL_CTX_UseTruncatedHMAC(CYASSL_CTX* ctx);
|
||||
|
||||
#endif /* NO_CYASSL_CLIENT */
|
||||
#endif /* HAVE_TRUNCATED_HMAC */
|
||||
|
||||
/* Elliptic Curves */
|
||||
#ifdef HAVE_SUPPORTED_CURVES
|
||||
|
||||
enum {
|
||||
CYASSL_ECC_SECP160R1 = 0x10,
|
||||
CYASSL_ECC_SECP192R1 = 0x13,
|
||||
CYASSL_ECC_SECP224R1 = 0x15,
|
||||
CYASSL_ECC_SECP256R1 = 0x17,
|
||||
CYASSL_ECC_SECP384R1 = 0x18,
|
||||
CYASSL_ECC_SECP521R1 = 0x19
|
||||
};
|
||||
|
||||
#ifndef NO_CYASSL_CLIENT
|
||||
|
||||
CYASSL_API int CyaSSL_UseSupportedCurve(CYASSL* ssl, unsigned short name);
|
||||
CYASSL_API int CyaSSL_CTX_UseSupportedCurve(CYASSL_CTX* ctx,
|
||||
unsigned short name);
|
||||
|
||||
#endif /* NO_CYASSL_CLIENT */
|
||||
#endif /* HAVE_SUPPORTED_CURVES */
|
||||
|
||||
CYASSL_API int CyaSSL_CTX_EnableCRL(CYASSL_CTX* ctx, int options);
|
||||
CYASSL_API int CyaSSL_CTX_DisableCRL(CYASSL_CTX* ctx);
|
||||
CYASSL_API int CyaSSL_CTX_LoadCRL(CYASSL_CTX*, const char*, int, int);
|
||||
CYASSL_API int CyaSSL_CTX_SetCRL_Cb(CYASSL_CTX*, CbMissingCRL);
|
||||
|
||||
#define CYASSL_CRL_MONITOR 0x01 /* monitor this dir flag */
|
||||
#define CYASSL_CRL_START_MON 0x02 /* start monitoring flag */
|
||||
|
|
@ -837,13 +1308,13 @@ CYASSL_API int CyaSSL_accept_ex(CYASSL*, HandShakeCallBack, TimeoutCallBack,
|
|||
#endif /* CYASSL_CALLBACKS */
|
||||
|
||||
|
||||
CYASSL_API long CyaSSL_CTX_OCSP_set_options(CYASSL_CTX*, long);
|
||||
CYASSL_API int CyaSSL_CTX_OCSP_set_override_url(CYASSL_CTX*, const char*);
|
||||
#ifdef CYASSL_HAVE_WOLFSCEP
|
||||
CYASSL_API void CyaSSL_wolfSCEP(void);
|
||||
#endif /* CYASSL_HAVE_WOLFSCEP */
|
||||
|
||||
/* OCSP Options */
|
||||
#define CYASSL_OCSP_ENABLE 0x0001 /* Enable OCSP lookups */
|
||||
#define CYASSL_OCSP_URL_OVERRIDE 0x0002 /* Use the override URL instead of URL
|
||||
* in certificate */
|
||||
#ifdef CYASSL_HAVE_CERT_SERVICE
|
||||
CYASSL_API void CyaSSL_cert_service(void);
|
||||
#endif
|
||||
|
||||
|
||||
#ifdef __cplusplus
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue