|
My Project
|
|
My Project
|
Functions | |
| int | wc_KeyPemToDer (const unsigned char *pem, int pemSz, unsigned char *buff, int buffSz, const char *pass) |
| Converts a key in PEM format to DER format. More... | |
| int | wc_CertPemToDer (const unsigned char *pem, int pemSz, unsigned char *buff, int buffSz, int type) |
| This function converts a PEM formatted certificate to DER format. Calls OpenSSL function PemToDer. More... | |
| int | wc_GetPubKeyDerFromCert (struct DecodedCert *cert, byte *derKey, word32 *derKeySz) |
| This function gets the public key in DER format from a populated DecodedCert struct. Users must call wc_InitDecodedCert() and wc_ParseCert() before calling this API. wc_InitDecodedCert() accepts a DER/ASN.1 encoded certificate. To convert a PEM cert to DER, first use wc_CertPemToDer() before calling wc_InitDecodedCert(). More... | |
| int | wolfSSL_CTX_use_certificate_file (WOLFSSL_CTX *ctx, const char *file, int format) |
| This function loads a certificate file into the SSL context (WOLFSSL_CTX). The file is provided by the file argument. The format argument specifies the format type of the file, either SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM. Please see the examples for proper usage. More... | |
| int | wolfSSL_CTX_use_PrivateKey_file (WOLFSSL_CTX *ctx, const char *file, int format) |
| This function loads a private key file into the SSL context (WOLFSSL_CTX). The file is provided by the file argument. The format argument specifies the format type of the file - SSL_FILETYPE_ASN1or SSL_FILETYPE_PEM. Please see the examples for proper usage. More... | |
| int | wolfSSL_CTX_load_verify_locations (WOLFSSL_CTX *ctx, const char *file, const char *path) |
| This function loads PEM-formatted CA certificate files into the SSL context (WOLFSSL_CTX). These certificates will be treated as trusted root certificates and used to verify certs received from peers during the SSL handshake. The root certificate file, provided by the file argument, may be a single certificate or a file containing multiple certificates. If multiple CA certs are included in the same file, wolfSSL will load them in the same order they are presented in the file. The path argument is a pointer to the name of a directory that contains certificates of trusted root CAs. If the value of file is not NULL, path may be specified as NULL if not needed. If path is specified and NO_WOLFSSL_DIR was not defined when building the library, wolfSSL will load all CA certificates located in the given directory. This function will attempt to load all files in the directory. This function expects PEM formatted CERT_TYPE file with header “--—BEGIN CERTIFICATE--—”. More... | |
| int | wolfSSL_CTX_load_verify_locations_ex (WOLFSSL_CTX *ctx, const char *file, const char *path, unsigned int flags) |
| This function loads PEM-formatted CA certificate files into the SSL context (WOLFSSL_CTX). These certificates will be treated as trusted root certificates and used to verify certs received from peers during the SSL handshake. The root certificate file, provided by the file argument, may be a single certificate or a file containing multiple certificates. If multiple CA certs are included in the same file, wolfSSL will load them in the same order they are presented in the file. The path argument is a pointer to the name of a directory that contains certificates of trusted root CAs. If the value of file is not NULL, path may be specified as NULL if not needed. If path is specified and NO_WOLFSSL_DIR was not defined when building the library, wolfSSL will load all CA certificates located in the given directory. This function will attempt to load all files in the directory based on flags specified. This function expects PEM formatted CERT_TYPE files with header “--—BEGIN CERTIFICATE--—”. More... | |
| const char ** | wolfSSL_get_system_CA_dirs (word32 *num) |
| This function returns a pointer to an array of strings representing directories wolfSSL will search for system CA certs when wolfSSL_CTX_load_system_CA_certs is called. On systems that don't store certificates in an accessible system directory (such as Apple platforms), this function will always return NULL. More... | |
| int | wolfSSL_CTX_load_system_CA_certs (WOLFSSL_CTX *ctx) |
| On most platforms (including Linux and Windows), this function attempts to load CA certificates into a WOLFSSL_CTX from an OS-dependent CA certificate store. Loaded certificates will be trusted. More... | |
| int | wolfSSL_CTX_use_certificate_chain_file (WOLFSSL_CTX *ctx, const char *file) |
| This function loads a chain of certificates into the SSL context (WOLFSSL_CTX). The file containing the certificate chain is provided by the file argument, and must contain PEM-formatted certificates. This function will process up to MAX_CHAIN_DEPTH (default = 9, defined in internal.h) certificates, plus the subject cert. More... | |
| int | wolfSSL_CTX_der_load_verify_locations (WOLFSSL_CTX *ctx, const char *file, int format) |
| This function is similar to wolfSSL_CTX_load_verify_locations, but allows the loading of DER-formatted CA files into the SSL context (WOLFSSL_CTX). It may still be used to load PEM-formatted CA files as well. These certificates will be treated as trusted root certificates and used to verify certs received from peers during the SSL handshake. The root certificate file, provided by the file argument, may be a single certificate or a file containing multiple certificates. If multiple CA certs are included in the same file, wolfSSL will load them in the same order they are presented in the file. The format argument specifies the format which the certificates are in either, SSL_FILETYPE_PEM or SSL_FILETYPE_ASN1 (DER). Unlike wolfSSL_CTX_load_verify_locations, this function does not allow the loading of CA certificates from a given directory path. Note that this function is only available when the wolfSSL library was compiled with WOLFSSL_DER_LOAD defined. More... | |
| void | wolfSSL_SetCertCbCtx (WOLFSSL *ssl, void *ctx) |
| This function stores user CTX object information for verify callback. More... | |
| void | wolfSSL_CTX_SetCertCbCtx (WOLFSSL_CTX *ctx, void *userCtx) |
| This function stores user CTX object information for verify callback. More... | |
| int | wolfSSL_CTX_save_cert_cache (WOLFSSL_CTX *ctx, const char *fname) |
| This function writes the cert cache from memory to file. More... | |
| int | wolfSSL_CTX_restore_cert_cache (WOLFSSL_CTX *ctx, const char *fname) |
| This function persistes certificate cache from a file. More... | |
| int | wolfSSL_CTX_memsave_cert_cache (WOLFSSL_CTX *ctx, void *mem, int sz, int *used) |
| This function persists the certificate cache to memory. More... | |
| int | wolfSSL_CTX_get_cert_cache_memsize (WOLFSSL_CTX *ctx) |
| Returns the size the certificate cache save buffer needs to be. More... | |
| char * | wolfSSL_X509_NAME_oneline (WOLFSSL_X509_NAME *name, char *in, int sz) |
| This function copies the name of the x509 into a buffer. More... | |
| WOLFSSL_X509_NAME * | wolfSSL_X509_get_issuer_name (WOLFSSL_X509 *cert) |
| This function returns the name of the certificate issuer. More... | |
| WOLFSSL_X509_NAME * | wolfSSL_X509_get_subject_name (WOLFSSL_X509 *cert) |
| This function returns the subject member of the WOLFSSL_X509 structure. More... | |
| int | wolfSSL_X509_get_isCA (WOLFSSL_X509 *cert) |
| Checks the isCa member of the WOLFSSL_X509 structure and returns the value. More... | |
| int | wolfSSL_X509_NAME_get_text_by_NID (WOLFSSL_X509_NAME *name, int nid, char *buf, int len) |
| This function gets the text related to the passed in NID value. More... | |
| int | wolfSSL_X509_get_signature_type (WOLFSSL_X509 *cert) |
| This function returns the value stored in the sigOID member of the WOLFSSL_X509 structure. More... | |
| int | wolfSSL_X509_get_signature (WOLFSSL_X509 *x509, unsigned char *buf, int *bufSz) |
| Gets the X509 signature and stores it in the buffer. More... | |
| int | wolfSSL_X509_STORE_add_cert (WOLFSSL_X509_STORE *store, WOLFSSL_X509 *x509) |
| This function adds a certificate to the WOLFSSL_X509_STRE structure. More... | |
| WOLFSSL_STACK * | wolfSSL_X509_STORE_CTX_get_chain (WOLFSSL_X509_STORE_CTX *ctx) |
| This function is a getter function for chain variable in WOLFSSL_X509_STORE_CTX structure. Currently chain is not populated. More... | |
| int | wolfSSL_X509_STORE_set_flags (WOLFSSL_X509_STORE *store, unsigned long flag) |
| This function takes in a flag to change the behavior of the WOLFSSL_X509_STORE structure passed in. An example of a flag used is WOLFSSL_CRL_CHECK. More... | |
| const byte * | wolfSSL_X509_notBefore (WOLFSSL_X509 *x509) |
| This function the certificate "not before" validity encoded as a byte array. More... | |
| const byte * | wolfSSL_X509_notAfter (WOLFSSL_X509 *x509) |
| This function the certificate "not after" validity encoded as a byte array. More... | |
| const char * | wolfSSL_get_psk_identity_hint (const WOLFSSL *) |
| This function returns the psk identity hint. More... | |
| const char * | wolfSSL_get_psk_identity (const WOLFSSL *) |
| The function returns a constant pointer to the client_identity member of the Arrays structure. More... | |
| int | wolfSSL_CTX_use_psk_identity_hint (WOLFSSL_CTX *ctx, const char *hint) |
| This function stores the hint argument in the server_hint member of the WOLFSSL_CTX structure. More... | |
| int | wolfSSL_use_psk_identity_hint (WOLFSSL *ssl, const char *hint) |
| This function stores the hint argument in the server_hint member of the Arrays structure within the WOLFSSL structure. More... | |
| WOLFSSL_X509 * | wolfSSL_get_peer_certificate (WOLFSSL *ssl) |
| This function gets the peer’s certificate. More... | |
| WOLFSSL_X509 * | wolfSSL_get_chain_X509 (WOLFSSL_X509_CHAIN *chain, int idx) |
| This function gets the peer’s wolfSSL_X509_certificate at index (idx) from the chain of certificates. More... | |
| char * | wolfSSL_X509_get_subjectCN (WOLFSSL_X509 *) |
| Returns the common name of the subject from the certificate. More... | |
| const unsigned char * | wolfSSL_X509_get_der (WOLFSSL_X509 *x509, int *outSz) |
| This function gets the DER encoded certificate in the WOLFSSL_X509 struct. More... | |
| WOLFSSL_ASN1_TIME * | wolfSSL_X509_get_notAfter (WOLFSSL_X509 *) |
| This function checks to see if x509 is NULL and if it’s not, it returns the notAfter member of the x509 struct. More... | |
| int | wolfSSL_X509_version (WOLFSSL_X509 *) |
| This function retrieves the version of the X509 certificate. More... | |
| WOLFSSL_X509 * | wolfSSL_X509_d2i_fp (WOLFSSL_X509 **x509, FILE *file) |
| If NO_STDIO_FILESYSTEM is defined this function will allocate heap memory, initialize a WOLFSSL_X509 structure and return a pointer to it. More... | |
| WOLFSSL_X509 * | wolfSSL_X509_load_certificate_file (const char *fname, int format) |
| The function loads the x509 certificate into memory. More... | |
| unsigned char * | wolfSSL_X509_get_device_type (WOLFSSL_X509 *x509, unsigned char *in, int *inOutSz) |
| This function copies the device type from the x509 structure to the buffer. More... | |
| unsigned char * | wolfSSL_X509_get_hw_type (WOLFSSL_X509 *x509, unsigned char *in, int *inOutSz) |
| The function copies the hwType member of the WOLFSSL_X509 structure to the buffer. More... | |
| unsigned char * | wolfSSL_X509_get_hw_serial_number (WOLFSSL_X509 *x509, unsigned char *in, int *inOutSz) |
| This function returns the hwSerialNum member of the x509 object. More... | |
| int | wolfSSL_SetTmpDH (WOLFSSL *ssl, const unsigned char *p, int pSz, const unsigned char *g, int gSz) |
| Server Diffie-Hellman Ephemeral parameters setting. This function sets up the group parameters to be used if the server negotiates a cipher suite that uses DHE. More... | |
| int | wolfSSL_SetTmpDH_buffer (WOLFSSL *ssl, const unsigned char *b, long sz, int format) |
| The function calls the wolfSSL_SetTMpDH_buffer_wrapper, which is a wrapper for Diffie-Hellman parameters. More... | |
| int | wolfSSL_SetTmpDH_file (WOLFSSL *ssl, const char *f, int format) |
| This function calls wolfSSL_SetTmpDH_file_wrapper to set server Diffie-Hellman parameters. More... | |
| int | wolfSSL_CTX_SetTmpDH (WOLFSSL_CTX *ctx, const unsigned char *p, int pSz, const unsigned char *g, int gSz) |
| Sets the parameters for the server CTX Diffie-Hellman. More... | |
| int | wolfSSL_CTX_SetTmpDH_buffer (WOLFSSL_CTX *ctx, const unsigned char *b, long sz, int format) |
| A wrapper function that calls wolfSSL_SetTmpDH_buffer_wrapper. More... | |
| int | wolfSSL_CTX_SetTmpDH_file (WOLFSSL_CTX *ctx, const char *f, int format) |
| The function calls wolfSSL_SetTmpDH_file_wrapper to set the server Diffie-Hellman parameters. More... | |
| int | wolfSSL_CTX_SetMinDhKey_Sz (WOLFSSL_CTX *ctx, word16) |
| This function sets the minimum size (in bits) of the Diffie Hellman key size by accessing the minDhKeySz member in the WOLFSSL_CTX structure. More... | |
| int | wolfSSL_SetMinDhKey_Sz (WOLFSSL *ssl, word16 keySz_bits) |
| Sets the minimum size (in bits) for a Diffie-Hellman key in the WOLFSSL structure. More... | |
| int | wolfSSL_CTX_SetMaxDhKey_Sz (WOLFSSL_CTX *ctx, word16 keySz_bits) |
| This function sets the maximum size (in bits) of the Diffie Hellman key size by accessing the maxDhKeySz member in the WOLFSSL_CTX structure. More... | |
| int | wolfSSL_SetMaxDhKey_Sz (WOLFSSL *ssl, word16 keySz_bits) |
| Sets the maximum size (in bits) for a Diffie-Hellman key in the WOLFSSL structure. More... | |
| int | wolfSSL_GetDhKey_Sz (WOLFSSL *) |
| Returns the value of dhKeySz (in bits) that is a member of the options structure. This value represents the Diffie-Hellman key size in bytes. More... | |
| int | wolfSSL_CTX_SetMinRsaKey_Sz (WOLFSSL_CTX *ctx, short keySz) |
| Sets the minimum RSA key size in both the WOLFSSL_CTX structure and the WOLFSSL_CERT_MANAGER structure. More... | |
| int | wolfSSL_SetMinRsaKey_Sz (WOLFSSL *ssl, short keySz) |
| Sets the minimum allowable key size in bits for RSA located in the WOLFSSL structure. More... | |
| int | wolfSSL_CTX_SetMinEccKey_Sz (WOLFSSL_CTX *ssl, short keySz) |
| Sets the minimum size in bits for the ECC key in the WOLF_CTX structure and the WOLFSSL_CERT_MANAGER structure. More... | |
| int | wolfSSL_SetMinEccKey_Sz (WOLFSSL *ssl, short keySz) |
| Sets the value of the minEccKeySz member of the options structure. The options struct is a member of the WOLFSSL structure and is accessed through the ssl parameter. More... | |
| int | wolfSSL_make_eap_keys (WOLFSSL *ssl, void *key, unsigned int len, const char *label) |
| This function is used by EAP_TLS and EAP-TTLS to derive keying material from the master secret. More... | |
| int | wolfSSL_CTX_load_verify_buffer (WOLFSSL_CTX *ctx, const unsigned char *in, long sz, int format) |
| This function loads a CA certificate buffer into the WOLFSSL Context. It behaves like the non-buffered version, only differing in its ability to be called with a buffer as input instead of a file. The buffer is provided by the in argument of size sz. format specifies the format type of the buffer; SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM. More than one CA certificate may be loaded per buffer as long as the format is in PEM. Please see the examples for proper usage. More... | |
| int | wolfSSL_CTX_load_verify_buffer_ex (WOLFSSL_CTX *ctx, const unsigned char *in, long sz, int format, int userChain, word32 flags) |
| This function loads a CA certificate buffer into the WOLFSSL Context. It behaves like the non-buffered version, only differing in its ability to be called with a buffer as input instead of a file. The buffer is provided by the in argument of size sz. format specifies the format type of the buffer; SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM. More than one CA certificate may be loaded per buffer as long as the format is in PEM. The _ex version was added in PR 2413 and supports additional arguments for userChain and flags. More... | |
| int | wolfSSL_CTX_load_verify_chain_buffer_format (WOLFSSL_CTX *ctx, const unsigned char *in, long sz, int format) |
| This function loads a CA certificate chain buffer into the WOLFSSL Context. It behaves like the non-buffered version, only differing in its ability to be called with a buffer as input instead of a file. The buffer is provided by the in argument of size sz. format specifies the format type of the buffer; SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM. More than one CA certificate may be loaded per buffer as long as the format is in PEM. Please see the examples for proper usage. More... | |
| int | wolfSSL_CTX_use_certificate_buffer (WOLFSSL_CTX *ctx, const unsigned char *in, long sz, int format) |
| This function loads a certificate buffer into the WOLFSSL Context. It behaves like the non-buffered version, only differing in its ability to be called with a buffer as input instead of a file. The buffer is provided by the in argument of size sz. format specifies the format type of the buffer; SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM. Please see the examples for proper usage. More... | |
| int | wolfSSL_CTX_use_PrivateKey_buffer (WOLFSSL_CTX *ctx, const unsigned char *in, long sz, int format) |
| This function loads a private key buffer into the SSL Context. It behaves like the non-buffered version, only differing in its ability to be called with a buffer as input instead of a file. The buffer is provided by the in argument of size sz. format specifies the format type of the buffer; SSL_FILETYPE_ASN1or SSL_FILETYPE_PEM. Please see the examples for proper usage. More... | |
| int | wolfSSL_CTX_use_certificate_chain_buffer (WOLFSSL_CTX *ctx, const unsigned char *in, long sz) |
| This function loads a certificate chain buffer into the WOLFSSL Context. It behaves like the non-buffered version, only differing in its ability to be called with a buffer as input instead of a file. The buffer is provided by the in argument of size sz. The buffer must be in PEM format and start with the subject’s certificate, ending with the root certificate. Please see the examples for proper usage. More... | |
| int | wolfSSL_use_certificate_buffer (WOLFSSL *ssl, const unsigned char *in, long sz, int format) |
| This function loads a certificate buffer into the WOLFSSL object. It behaves like the non-buffered version, only differing in its ability to be called with a buffer as input instead of a file. The buffer is provided by the in argument of size sz. format specifies the format type of the buffer; SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM. Please see the examples for proper usage. More... | |
| int | wolfSSL_use_PrivateKey_buffer (WOLFSSL *ssl, const unsigned char *in, long sz, int format) |
| This function loads a private key buffer into the WOLFSSL object. It behaves like the non-buffered version, only differing in its ability to be called with a buffer as input instead of a file. The buffer is provided by the in argument of size sz. format specifies the format type of the buffer; SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM. Please see the examples for proper usage. More... | |
| int | wolfSSL_use_certificate_chain_buffer (WOLFSSL *ssl, const unsigned char *in, long sz) |
| This function loads a certificate chain buffer into the WOLFSSL object. It behaves like the non-buffered version, only differing in its ability to be called with a buffer as input instead of a file. The buffer is provided by the in argument of size sz. The buffer must be in PEM format and start with the subject’s certificate, ending with the root certificate. Please see the examples for proper usage. More... | |
| int | wolfSSL_UnloadCertsKeys (WOLFSSL *) |
| This function unloads any certificates or keys that SSL owns. More... | |
| int | wolfSSL_GetIVSize (WOLFSSL *) |
| Returns the iv_size member of the specs structure held in the WOLFSSL struct. More... | |
| void | wolfSSL_KeepArrays (WOLFSSL *) |
| Normally, at the end of the SSL handshake, wolfSSL frees temporary arrays. Calling this function before the handshake begins will prevent wolfSSL from freeing temporary arrays. Temporary arrays may be needed for things such as wolfSSL_get_keys() or PSK hints. When the user is done with temporary arrays, either wolfSSL_FreeArrays() may be called to free the resources immediately, or alternatively the resources will be freed when the associated SSL object is freed. More... | |
| void | wolfSSL_FreeArrays (WOLFSSL *) |
| Normally, at the end of the SSL handshake, wolfSSL frees temporary arrays. If wolfSSL_KeepArrays() has been called before the handshake, wolfSSL will not free temporary arrays. This function explicitly frees temporary arrays and should be called when the user is done with temporary arrays and does not want to wait for the SSL object to be freed to free these resources. More... | |
| int | wolfSSL_DeriveTlsKeys (unsigned char *key_data, word32 keyLen, const unsigned char *ms, word32 msLen, const unsigned char *sr, const unsigned char *cr, int tls1_2, int hash_type) |
| An external facing wrapper to derive TLS Keys. More... | |
| int | wolfSSL_X509_get_ext_by_NID (const WOLFSSL_X509 *x509, int nid, int lastPos) |
| This function looks for and returns the extension index matching the passed in NID value. More... | |
| void * | wolfSSL_X509_get_ext_d2i (const WOLFSSL_X509 *x509, int nid, int *c, int *idx) |
| This function looks for and returns the extension matching the passed in NID value. More... | |
| int | wolfSSL_X509_digest (const WOLFSSL_X509 *x509, const WOLFSSL_EVP_MD *digest, unsigned char *buf, unsigned int *len) |
| This function returns the hash of the DER certificate. More... | |
| int | wolfSSL_use_PrivateKey (WOLFSSL *ssl, WOLFSSL_EVP_PKEY *pkey) |
| This is used to set the private key for the WOLFSSL structure. More... | |
| int | wolfSSL_use_PrivateKey_ASN1 (int pri, WOLFSSL *ssl, unsigned char *der, long derSz) |
| This is used to set the private key for the WOLFSSL structure. A DER formatted key buffer is expected. More... | |
| int | wolfSSL_use_RSAPrivateKey_ASN1 (WOLFSSL *ssl, unsigned char *der, long derSz) |
| This is used to set the private key for the WOLFSSL structure. A DER formatted RSA key buffer is expected. More... | |
| WOLFSSL_DH * | wolfSSL_DSA_dup_DH (const WOLFSSL_DSA *r) |
| This function duplicates the parameters in dsa to a newly created WOLFSSL_DH structure. More... | |
| WOLFSSL_X509 * | wolfSSL_d2i_X509_bio (WOLFSSL_BIO *bio, WOLFSSL_X509 **x509) |
| This function get the DER buffer from bio and converts it to a WOLFSSL_X509 structure. More... | |
| WOLFSSL_X509 * | wolfSSL_PEM_read_bio_X509_AUX (WOLFSSL_BIO *bp, WOLFSSL_X509 **x, wc_pem_password_cb *cb, void *u) |
| This function behaves the same as wolfSSL_PEM_read_bio_X509. AUX signifies containing extra information such as trusted/rejected use cases and friendly name for human readability. More... | |
| long | wolfSSL_CTX_set_tmp_dh (WOLFSSL_CTX *ctx, WOLFSSL_DH *dh) |
| Initializes the WOLFSSL_CTX structure’s dh member with the Diffie-Hellman parameters. More... | |
| WOLFSSL_DSA * | wolfSSL_PEM_read_bio_DSAparams (WOLFSSL_BIO *bp, WOLFSSL_DSA **x, wc_pem_password_cb *cb, void *u) |
| This function get the DSA parameters from a PEM buffer in bio. More... | |
| WOLF_STACK_OF (WOLFSSL_X509) *wolfSSL_get_peer_cert_chain(const WOLFSSL *) | |
| This function gets the peer’s certificate chain. More... | |
| char * | wolfSSL_X509_get_next_altname (WOLFSSL_X509 *) |
| This function returns the next, if any, altname from the peer certificate. More... | |
| WOLFSSL_ASN1_TIME * | wolfSSL_X509_get_notBefore (WOLFSSL_X509 *) |
| The function checks to see if x509 is NULL and if it’s not, it returns the notBefore member of the x509 struct. More... | |
| int wc_CertPemToDer | ( | const unsigned char * | pem, |
| int | pemSz, | ||
| unsigned char * | buff, | ||
| int | buffSz, | ||
| int | type | ||
| ) |
This function converts a PEM formatted certificate to DER format. Calls OpenSSL function PemToDer.
| pem | pointer PEM formatted certificate. |
| pemSz | size of the certificate. |
| buff | buffer to be copied to DER format. |
| buffSz | size of the buffer. |
| type | Certificate file type found in asn_public.h enum CertType. |
Example
| int wc_GetPubKeyDerFromCert | ( | struct DecodedCert * | cert, |
| byte * | derKey, | ||
| word32 * | derKeySz | ||
| ) |
This function gets the public key in DER format from a populated DecodedCert struct. Users must call wc_InitDecodedCert() and wc_ParseCert() before calling this API. wc_InitDecodedCert() accepts a DER/ASN.1 encoded certificate. To convert a PEM cert to DER, first use wc_CertPemToDer() before calling wc_InitDecodedCert().
| cert | populated DecodedCert struct holding X.509 certificate |
| derKey | output buffer to place DER encoded public key |
| derKeySz | [IN/OUT] size of derKey buffer on input, size of public key on return. If derKey is passed in as NULL, derKeySz will be set to required buffer size for public key and LENGTH_ONLY_E will be returned from function. |
| int wc_KeyPemToDer | ( | const unsigned char * | pem, |
| int | pemSz, | ||
| unsigned char * | buff, | ||
| int | buffSz, | ||
| const char * | pass | ||
| ) |
Converts a key in PEM format to DER format.
| pem | a pointer to the PEM encoded certificate. |
| pemSz | the size of the PEM buffer (pem) |
| buff | a pointer to the copy of the buffer member of the DerBuffer struct. |
| buffSz | size of the buffer space allocated in the DerBuffer struct. |
| pass | password passed into the function. |
Example
| WOLF_STACK_OF | ( | WOLFSSL_X509 | ) | const |
This function gets the peer’s certificate chain.
| ssl | a pointer to a WOLFSSL structure, created using wolfSSL_new(). |
Example
| int wolfSSL_CTX_der_load_verify_locations | ( | WOLFSSL_CTX * | ctx, |
| const char * | file, | ||
| int | format | ||
| ) |
This function is similar to wolfSSL_CTX_load_verify_locations, but allows the loading of DER-formatted CA files into the SSL context (WOLFSSL_CTX). It may still be used to load PEM-formatted CA files as well. These certificates will be treated as trusted root certificates and used to verify certs received from peers during the SSL handshake. The root certificate file, provided by the file argument, may be a single certificate or a file containing multiple certificates. If multiple CA certs are included in the same file, wolfSSL will load them in the same order they are presented in the file. The format argument specifies the format which the certificates are in either, SSL_FILETYPE_PEM or SSL_FILETYPE_ASN1 (DER). Unlike wolfSSL_CTX_load_verify_locations, this function does not allow the loading of CA certificates from a given directory path. Note that this function is only available when the wolfSSL library was compiled with WOLFSSL_DER_LOAD defined.
| ctx | a pointer to a WOLFSSL_CTX structure, created using wolfSSL_CTX_new() |
| file | a pointer to the name of the file containing the CA certificates to be loaded into the wolfSSL SSL context, with format as specified by format. |
| format | the encoding type of the certificates specified by file. Possible values include SSL_FILETYPE_PEM and SSL_FILETYPE_ASN1. |
Example
| int wolfSSL_CTX_get_cert_cache_memsize | ( | WOLFSSL_CTX * | ctx | ) |
Returns the size the certificate cache save buffer needs to be.
| ctx | a pointer to a wolfSSL_CTX structure, created using wolfSSL_CTX_new(). |
Example
| int wolfSSL_CTX_load_system_CA_certs | ( | WOLFSSL_CTX * | ctx | ) |
On most platforms (including Linux and Windows), this function attempts to load CA certificates into a WOLFSSL_CTX from an OS-dependent CA certificate store. Loaded certificates will be trusted.
On Apple platforms (excluding macOS), certificates can't be obtained from the system, and therefore cannot be loaded into the wolfSSL certificate manager. For these platforms, this function enables TLS connections bound to the WOLFSSL_CTX to use the native system trust APIs to verify authenticity of the peer certificate chain if the authenticity of the peer cannot first be authenticated against certificates loaded by the user.
The platforms supported and tested are: Linux (Debian, Ubuntu, Gentoo, Fedora, RHEL), Windows 10/11, Android, macOS, and iOS.
| ctx | pointer to the SSL context, created with wolfSSL_CTX_new(). |
Example
| int wolfSSL_CTX_load_verify_buffer | ( | WOLFSSL_CTX * | ctx, |
| const unsigned char * | in, | ||
| long | sz, | ||
| int | format | ||
| ) |
This function loads a CA certificate buffer into the WOLFSSL Context. It behaves like the non-buffered version, only differing in its ability to be called with a buffer as input instead of a file. The buffer is provided by the in argument of size sz. format specifies the format type of the buffer; SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM. More than one CA certificate may be loaded per buffer as long as the format is in PEM. Please see the examples for proper usage.
| ctx | pointer to the SSL context, created with wolfSSL_CTX_new(). |
| in | pointer to the CA certificate buffer. |
| sz | size of the input CA certificate buffer, in. |
| format | format of the buffer certificate, either SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM. |
Example
| int wolfSSL_CTX_load_verify_buffer_ex | ( | WOLFSSL_CTX * | ctx, |
| const unsigned char * | in, | ||
| long | sz, | ||
| int | format, | ||
| int | userChain, | ||
| word32 | flags | ||
| ) |
This function loads a CA certificate buffer into the WOLFSSL Context. It behaves like the non-buffered version, only differing in its ability to be called with a buffer as input instead of a file. The buffer is provided by the in argument of size sz. format specifies the format type of the buffer; SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM. More than one CA certificate may be loaded per buffer as long as the format is in PEM. The _ex version was added in PR 2413 and supports additional arguments for userChain and flags.
| ctx | pointer to the SSL context, created with wolfSSL_CTX_new(). |
| in | pointer to the CA certificate buffer. |
| sz | size of the input CA certificate buffer, in. |
| format | format of the buffer certificate, either SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM. |
| userChain | If using format WOLFSSL_FILETYPE_ASN1 this set to non-zero indicates a chain of DER's is being presented. |
| flags | See ssl.h around WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS. |
Example
| int wolfSSL_CTX_load_verify_chain_buffer_format | ( | WOLFSSL_CTX * | ctx, |
| const unsigned char * | in, | ||
| long | sz, | ||
| int | format | ||
| ) |
This function loads a CA certificate chain buffer into the WOLFSSL Context. It behaves like the non-buffered version, only differing in its ability to be called with a buffer as input instead of a file. The buffer is provided by the in argument of size sz. format specifies the format type of the buffer; SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM. More than one CA certificate may be loaded per buffer as long as the format is in PEM. Please see the examples for proper usage.
| ctx | pointer to the SSL context, created with wolfSSL_CTX_new(). |
| in | pointer to the CA certificate buffer. |
| sz | size of the input CA certificate buffer, in. |
| format | format of the buffer certificate, either SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM. |
Example
| int wolfSSL_CTX_load_verify_locations | ( | WOLFSSL_CTX * | ctx, |
| const char * | file, | ||
| const char * | path | ||
| ) |
This function loads PEM-formatted CA certificate files into the SSL context (WOLFSSL_CTX). These certificates will be treated as trusted root certificates and used to verify certs received from peers during the SSL handshake. The root certificate file, provided by the file argument, may be a single certificate or a file containing multiple certificates. If multiple CA certs are included in the same file, wolfSSL will load them in the same order they are presented in the file. The path argument is a pointer to the name of a directory that contains certificates of trusted root CAs. If the value of file is not NULL, path may be specified as NULL if not needed. If path is specified and NO_WOLFSSL_DIR was not defined when building the library, wolfSSL will load all CA certificates located in the given directory. This function will attempt to load all files in the directory. This function expects PEM formatted CERT_TYPE file with header “--—BEGIN CERTIFICATE--—”.
| ctx | pointer to the SSL context, created with wolfSSL_CTX_new(). |
| file | pointer to name of the file containing PEM-formatted CA certificates. |
| path | pointer to the name of a directory to load PEM-formatted certificates from. |
Example
| int wolfSSL_CTX_load_verify_locations_ex | ( | WOLFSSL_CTX * | ctx, |
| const char * | file, | ||
| const char * | path, | ||
| unsigned int | flags | ||
| ) |
This function loads PEM-formatted CA certificate files into the SSL context (WOLFSSL_CTX). These certificates will be treated as trusted root certificates and used to verify certs received from peers during the SSL handshake. The root certificate file, provided by the file argument, may be a single certificate or a file containing multiple certificates. If multiple CA certs are included in the same file, wolfSSL will load them in the same order they are presented in the file. The path argument is a pointer to the name of a directory that contains certificates of trusted root CAs. If the value of file is not NULL, path may be specified as NULL if not needed. If path is specified and NO_WOLFSSL_DIR was not defined when building the library, wolfSSL will load all CA certificates located in the given directory. This function will attempt to load all files in the directory based on flags specified. This function expects PEM formatted CERT_TYPE files with header “--—BEGIN CERTIFICATE--—”.
| ctx | pointer to the SSL context, created with wolfSSL_CTX_new(). |
| file | pointer to name of the file containing PEM-formatted CA certificates. |
| path | pointer to the name of a directory to load PEM-formatted certificates from. |
| flags | possible mask values are: WOLFSSL_LOAD_FLAG_IGNORE_ERR, WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY and WOLFSSL_LOAD_FLAG_PEM_CA_ONLY |
Example
| int wolfSSL_CTX_memsave_cert_cache | ( | WOLFSSL_CTX * | ctx, |
| void * | mem, | ||
| int | sz, | ||
| int * | used | ||
| ) |
This function persists the certificate cache to memory.
| ctx | a pointer to a WOLFSSL_CTX structure, created using wolfSSL_CTX_new(). |
| mem | a void pointer to the destination (output buffer). |
| sz | the size of the output buffer. |
| used | a pointer to size of the cert cache header. |
Example
| int wolfSSL_CTX_restore_cert_cache | ( | WOLFSSL_CTX * | ctx, |
| const char * | fname | ||
| ) |
This function persistes certificate cache from a file.
| ctx | a pointer to a WOLFSSL_CTX structure, holding the certificate information. |
| fname | a constant char pointer that points to a file for reading. |
Example
| int wolfSSL_CTX_save_cert_cache | ( | WOLFSSL_CTX * | ctx, |
| const char * | fname | ||
| ) |
This function writes the cert cache from memory to file.
| ctx | a pointer to a WOLFSSL_CTX structure, holding the certificate information. |
| fname | a constant char pointer that points to a file for writing. |
Example
| long wolfSSL_CTX_set_tmp_dh | ( | WOLFSSL_CTX * | ctx, |
| WOLFSSL_DH * | dh | ||
| ) |
Initializes the WOLFSSL_CTX structure’s dh member with the Diffie-Hellman parameters.
| ctx | a pointer to a WOLFSSL_CTX structure, created using wolfSSL_CTX_new(). |
| dh | a pointer to a WOLFSSL_DH structure. |
Example
| void wolfSSL_CTX_SetCertCbCtx | ( | WOLFSSL_CTX * | ctx, |
| void * | userCtx | ||
| ) |
This function stores user CTX object information for verify callback.
| ctx | a pointer to a WOLFSSL_CTX structure. |
| userCtx | a void pointer that is used to set WOLFSSL_CTX structure’s verifyCbCtx member’s value. |
Example
| int wolfSSL_CTX_SetMaxDhKey_Sz | ( | WOLFSSL_CTX * | ctx, |
| word16 | keySz_bits | ||
| ) |
This function sets the maximum size (in bits) of the Diffie Hellman key size by accessing the maxDhKeySz member in the WOLFSSL_CTX structure.
| ssl | a pointer to a WOLFSSL structure, created using wolfSSL_new(). |
| keySz_bits | a word16 type used to set the maximum DH key size in bits. The WOLFSSL_CTX struct holds this information in the maxDhKeySz member. |
Example
| int wolfSSL_CTX_SetMinDhKey_Sz | ( | WOLFSSL_CTX * | ctx, |
| word16 | |||
| ) |
This function sets the minimum size (in bits) of the Diffie Hellman key size by accessing the minDhKeySz member in the WOLFSSL_CTX structure.
| ssl | a pointer to a WOLFSSL structure, created using wolfSSL_new(). |
| keySz_bits | a word16 type used to set the minimum DH key size in bits. The WOLFSSL_CTX struct holds this information in the minDhKeySz member. |
Example
| int wolfSSL_CTX_SetMinEccKey_Sz | ( | WOLFSSL_CTX * | ssl, |
| short | keySz | ||
| ) |
Sets the minimum size in bits for the ECC key in the WOLF_CTX structure and the WOLFSSL_CERT_MANAGER structure.
| ctx | a pointer to a WOLFSSL_CTX structure, created using wolfSSL_CTX_new(). |
| keySz | a short integer type that represents the minimum ECC key size in bits. |
Example
| int wolfSSL_CTX_SetMinRsaKey_Sz | ( | WOLFSSL_CTX * | ctx, |
| short | keySz | ||
| ) |
Sets the minimum RSA key size in both the WOLFSSL_CTX structure and the WOLFSSL_CERT_MANAGER structure.
| ctx | a pointer to a WOLFSSL_CTX structure, created using wolfSSL_CTX_new(). |
| keySz | a short integer type stored in minRsaKeySz in the ctx structure and the cm structure converted to bytes. |
Example
| int wolfSSL_CTX_SetTmpDH | ( | WOLFSSL_CTX * | ctx, |
| const unsigned char * | p, | ||
| int | pSz, | ||
| const unsigned char * | g, | ||
| int | gSz | ||
| ) |
Sets the parameters for the server CTX Diffie-Hellman.
| ctx | a pointer to a WOLFSSL_CTX structure, created using wolfSSL_CTX_new(). |
| p | a constant unsigned char pointer loaded into the buffer member of the serverDH_P struct. |
| pSz | an int type representing the size of p, initialized to MAX_DH_SIZE. |
| g | a constant unsigned char pointer loaded into the buffer member of the serverDH_G struct. |
| gSz | an int type representing the size of g, initialized to MAX_DH_SIZE. |
Exmaple
| int wolfSSL_CTX_SetTmpDH_buffer | ( | WOLFSSL_CTX * | ctx, |
| const unsigned char * | b, | ||
| long | sz, | ||
| int | format | ||
| ) |
A wrapper function that calls wolfSSL_SetTmpDH_buffer_wrapper.
| ctx | a pointer to a WOLFSSL structure, created using wolfSSL_CTX_new(). |
| buf | a pointer to a constant unsigned char type that is allocated as the buffer and passed through to wolfSSL_SetTmpDH_buffer_wrapper. |
| sz | a long integer type that is derived from the fname parameter in wolfSSL_SetTmpDH_file_wrapper(). |
| format | an integer type passed through from wolfSSL_SetTmpDH_file_wrapper(). |
Example
| int wolfSSL_CTX_SetTmpDH_file | ( | WOLFSSL_CTX * | ctx, |
| const char * | f, | ||
| int | format | ||
| ) |
The function calls wolfSSL_SetTmpDH_file_wrapper to set the server Diffie-Hellman parameters.
| ctx | a pointer to a WOLFSSL_CTX structure, created using wolfSSL_CTX_new(). |
| fname | a constant character pointer to a certificate file. |
| format | an integer type passed through from wolfSSL_SetTmpDH_file_wrapper() that is a representation of the certificate format. |
Example
| int wolfSSL_CTX_use_certificate_buffer | ( | WOLFSSL_CTX * | ctx, |
| const unsigned char * | in, | ||
| long | sz, | ||
| int | format | ||
| ) |
This function loads a certificate buffer into the WOLFSSL Context. It behaves like the non-buffered version, only differing in its ability to be called with a buffer as input instead of a file. The buffer is provided by the in argument of size sz. format specifies the format type of the buffer; SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM. Please see the examples for proper usage.
| ctx | pointer to the SSL context, created with wolfSSL_CTX_new(). |
| in | the input buffer containing the certificate to be loaded. |
| sz | the size of the input buffer. |
| format | the format of the certificate located in the input buffer (in). Possible values are SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM. |
Example
| int wolfSSL_CTX_use_certificate_chain_buffer | ( | WOLFSSL_CTX * | ctx, |
| const unsigned char * | in, | ||
| long | sz | ||
| ) |
This function loads a certificate chain buffer into the WOLFSSL Context. It behaves like the non-buffered version, only differing in its ability to be called with a buffer as input instead of a file. The buffer is provided by the in argument of size sz. The buffer must be in PEM format and start with the subject’s certificate, ending with the root certificate. Please see the examples for proper usage.
| ctx | pointer to the SSL context, created with wolfSSL_CTX_new(). |
| in | the input buffer containing the PEM-formatted certificate chain to be loaded. |
| sz | the size of the input buffer. |
Example
| int wolfSSL_CTX_use_certificate_chain_file | ( | WOLFSSL_CTX * | ctx, |
| const char * | file | ||
| ) |
This function loads a chain of certificates into the SSL context (WOLFSSL_CTX). The file containing the certificate chain is provided by the file argument, and must contain PEM-formatted certificates. This function will process up to MAX_CHAIN_DEPTH (default = 9, defined in internal.h) certificates, plus the subject cert.
| ctx | a pointer to a WOLFSSL_CTX structure, created using wolfSSL_CTX_new() |
| file | a pointer to the name of the file containing the chain of certificates to be loaded into the wolfSSL SSL context. Certificates must be in PEM format. |
Example
| int wolfSSL_CTX_use_certificate_file | ( | WOLFSSL_CTX * | ctx, |
| const char * | file, | ||
| int | format | ||
| ) |
This function loads a certificate file into the SSL context (WOLFSSL_CTX). The file is provided by the file argument. The format argument specifies the format type of the file, either SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM. Please see the examples for proper usage.
| ctx | a pointer to a WOLFSSL_CTX structure, created using wolfSSL_CTX_new() |
| file | a pointer to the name of the file containing the certificate to be loaded into the wolfSSL SSL context. |
| format | - format of the certificates pointed to by file. Possible options are SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM. |
Example
| int wolfSSL_CTX_use_PrivateKey_buffer | ( | WOLFSSL_CTX * | ctx, |
| const unsigned char * | in, | ||
| long | sz, | ||
| int | format | ||
| ) |
This function loads a private key buffer into the SSL Context. It behaves like the non-buffered version, only differing in its ability to be called with a buffer as input instead of a file. The buffer is provided by the in argument of size sz. format specifies the format type of the buffer; SSL_FILETYPE_ASN1or SSL_FILETYPE_PEM. Please see the examples for proper usage.
| ctx | pointer to the SSL context, created with wolfSSL_CTX_new(). |
| in | the input buffer containing the private key to be loaded. |
| sz | the size of the input buffer. |
| format | the format of the private key located in the input buffer (in). Possible values are SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM. |
Example
| int wolfSSL_CTX_use_PrivateKey_file | ( | WOLFSSL_CTX * | ctx, |
| const char * | file, | ||
| int | format | ||
| ) |
This function loads a private key file into the SSL context (WOLFSSL_CTX). The file is provided by the file argument. The format argument specifies the format type of the file - SSL_FILETYPE_ASN1or SSL_FILETYPE_PEM. Please see the examples for proper usage.
If using an external key store and do not have the private key you can instead provide the public key and register the crypro callback to handle the signing. For this you can build with either build with crypto callbacks or PK callbacks. To enable crypto callbacks use –enable-cryptocb or WOLF_CRYPTO_CB and register a crypto callback using wc_CryptoCb_RegisterDevice and set the associated devId using wolfSSL_CTX_SetDevId.
| none | No parameters. |
Example
| int wolfSSL_CTX_use_psk_identity_hint | ( | WOLFSSL_CTX * | ctx, |
| const char * | hint | ||
| ) |
This function stores the hint argument in the server_hint member of the WOLFSSL_CTX structure.
| ctx | a pointer to a WOLFSSL_CTX structure, created using wolfSSL_CTX_new(). |
| hint | a constant char pointer that will be copied to the WOLFSSL_CTX structure. |
Example
| WOLFSSL_X509* wolfSSL_d2i_X509_bio | ( | WOLFSSL_BIO * | bio, |
| WOLFSSL_X509 ** | x509 | ||
| ) |
This function get the DER buffer from bio and converts it to a WOLFSSL_X509 structure.
| bio | pointer to the WOLFSSL_BIO structure that has the DER certificate buffer. |
| x509 | pointer that get set to new WOLFSSL_X509 structure created. |
Example
| int wolfSSL_DeriveTlsKeys | ( | unsigned char * | key_data, |
| word32 | keyLen, | ||
| const unsigned char * | ms, | ||
| word32 | msLen, | ||
| const unsigned char * | sr, | ||
| const unsigned char * | cr, | ||
| int | tls1_2, | ||
| int | hash_type | ||
| ) |
An external facing wrapper to derive TLS Keys.
| key_data | a byte pointer that is allocateded in DeriveTlsKeys and passed through to wc_PRF to hold the final hash. |
| keyLen | a word32 type that is derived in DeriveTlsKeys from the WOLFSSL structure’s specs member. |
| ms | a constant pointer type holding the master secret held in the arrays structure within the WOLFSSL structure. |
| msLen | a word32 type that holds the length of the master secret in an enumerated define, SECRET_LEN. |
| sr | a constant byte pointer to the serverRandom member of the arrays structure within the WOLFSSL structure. |
| cr | a constant byte pointer to the clientRandom member of the arrays structure within the WOLFSSL structure. |
| tls1_2 | an integer type returned from IsAtLeastTLSv1_2(). |
| hash_type | an integer type held in the WOLFSSL structure. |
Example
| WOLFSSL_DH* wolfSSL_DSA_dup_DH | ( | const WOLFSSL_DSA * | r | ) |
This function duplicates the parameters in dsa to a newly created WOLFSSL_DH structure.
| dsa | WOLFSSL_DSA structure to duplicate. |
Example
| void wolfSSL_FreeArrays | ( | WOLFSSL * | ) |
Normally, at the end of the SSL handshake, wolfSSL frees temporary arrays. If wolfSSL_KeepArrays() has been called before the handshake, wolfSSL will not free temporary arrays. This function explicitly frees temporary arrays and should be called when the user is done with temporary arrays and does not want to wait for the SSL object to be freed to free these resources.
| ssl | a pointer to a WOLFSSL structure, created using wolfSSL_new(). |
Example
| WOLFSSL_X509* wolfSSL_get_chain_X509 | ( | WOLFSSL_X509_CHAIN * | chain, |
| int | idx | ||
| ) |
This function gets the peer’s wolfSSL_X509_certificate at index (idx) from the chain of certificates.
| chain | a pointer to the WOLFSSL_X509_CHAIN used for no dynamic memory SESSION_CACHE. |
| idx | the index of the WOLFSSL_X509 certificate. |
Note that it is the user's responsibility to free the returned memory by calling wolfSSL_FreeX509().
Example
| WOLFSSL_X509* wolfSSL_get_peer_certificate | ( | WOLFSSL * | ssl | ) |
This function gets the peer’s certificate.
| ssl | a pointer to a WOLFSSL structure, created using wolfSSL_new(). |
Example
| const char* wolfSSL_get_psk_identity | ( | const WOLFSSL * | ) |
The function returns a constant pointer to the client_identity member of the Arrays structure.
| ssl | a pointer to a WOLFSSL structure, created using wolfSSL_new(). |
Example
| const char* wolfSSL_get_psk_identity_hint | ( | const WOLFSSL * | ) |
This function returns the psk identity hint.
| ssl | a pointer to a WOLFSSL structure, created using wolfSSL_new(). |
Example
| const char** wolfSSL_get_system_CA_dirs | ( | word32 * | num | ) |
This function returns a pointer to an array of strings representing directories wolfSSL will search for system CA certs when wolfSSL_CTX_load_system_CA_certs is called. On systems that don't store certificates in an accessible system directory (such as Apple platforms), this function will always return NULL.
| num | pointer to a word32 that will be populated with the length of the array of strings. |
Example
| int wolfSSL_GetDhKey_Sz | ( | WOLFSSL * | ) |
Returns the value of dhKeySz (in bits) that is a member of the options structure. This value represents the Diffie-Hellman key size in bytes.
| ssl | a pointer to a WOLFSSL structure, created using wolfSSL_new(). |
Example
| int wolfSSL_GetIVSize | ( | WOLFSSL * | ) |
Returns the iv_size member of the specs structure held in the WOLFSSL struct.
| ssl | a pointer to a WOLFSSL structure, created using wolfSSL_new(). |
Example
| void wolfSSL_KeepArrays | ( | WOLFSSL * | ) |
Normally, at the end of the SSL handshake, wolfSSL frees temporary arrays. Calling this function before the handshake begins will prevent wolfSSL from freeing temporary arrays. Temporary arrays may be needed for things such as wolfSSL_get_keys() or PSK hints. When the user is done with temporary arrays, either wolfSSL_FreeArrays() may be called to free the resources immediately, or alternatively the resources will be freed when the associated SSL object is freed.
| ssl | a pointer to a WOLFSSL structure, created using wolfSSL_new(). |
Example
| int wolfSSL_make_eap_keys | ( | WOLFSSL * | ssl, |
| void * | key, | ||
| unsigned int | len, | ||
| const char * | label | ||
| ) |
This function is used by EAP_TLS and EAP-TTLS to derive keying material from the master secret.
| ssl | a pointer to a WOLFSSL structure, created using wolfSSL_new(). |
| msk | a void pointer variable that will hold the result of the p_hash function. |
| len | an unsigned integer that represents the length of the msk variable. |
| label | a constant char pointer that is copied from in wc_PRF(). |
Example
| WOLFSSL_DSA* wolfSSL_PEM_read_bio_DSAparams | ( | WOLFSSL_BIO * | bp, |
| WOLFSSL_DSA ** | x, | ||
| wc_pem_password_cb * | cb, | ||
| void * | u | ||
| ) |
This function get the DSA parameters from a PEM buffer in bio.
| bio | pointer to the WOLFSSL_BIO structure for getting PEM memory pointer. |
| x | pointer to be set to new WOLFSSL_DSA structure. |
| cb | password callback function. |
| u | null terminated password string. |
Example
| WOLFSSL_X509* wolfSSL_PEM_read_bio_X509_AUX | ( | WOLFSSL_BIO * | bp, |
| WOLFSSL_X509 ** | x, | ||
| wc_pem_password_cb * | cb, | ||
| void * | u | ||
| ) |
This function behaves the same as wolfSSL_PEM_read_bio_X509. AUX signifies containing extra information such as trusted/rejected use cases and friendly name for human readability.
| bp | WOLFSSL_BIO structure to get PEM buffer from. |
| x | if setting WOLFSSL_X509 by function side effect. |
| cb | password callback. |
| u | NULL terminated user password. |
Example
| void wolfSSL_SetCertCbCtx | ( | WOLFSSL * | ssl, |
| void * | ctx | ||
| ) |
This function stores user CTX object information for verify callback.
| ssl | a pointer to a WOLFSSL structure, created using wolfSSL_new(). |
| ctx | a void pointer that is set to WOLFSSL structure’s verifyCbCtx member’s value. |
Example
| int wolfSSL_SetMaxDhKey_Sz | ( | WOLFSSL * | ssl, |
| word16 | keySz_bits | ||
| ) |
Sets the maximum size (in bits) for a Diffie-Hellman key in the WOLFSSL structure.
| ssl | a pointer to a WOLFSSL structure, created using wolfSSL_new(). |
| keySz | a word16 type representing the bit size of the maximum DH key. |
Example
| int wolfSSL_SetMinDhKey_Sz | ( | WOLFSSL * | ssl, |
| word16 | keySz_bits | ||
| ) |
Sets the minimum size (in bits) for a Diffie-Hellman key in the WOLFSSL structure.
| ssl | a pointer to a WOLFSSL structure, created using wolfSSL_new(). |
| keySz_bits | a word16 type used to set the minimum DH key size in bits. The WOLFSSL_CTX struct holds this information in the minDhKeySz member. |
Example
| int wolfSSL_SetMinEccKey_Sz | ( | WOLFSSL * | ssl, |
| short | keySz | ||
| ) |
Sets the value of the minEccKeySz member of the options structure. The options struct is a member of the WOLFSSL structure and is accessed through the ssl parameter.
| ssl | a pointer to a WOLFSSL structure, created using wolfSSL_new(). |
| keySz | value used to set the minimum ECC key size. Sets value in the options structure. |
Example
| int wolfSSL_SetMinRsaKey_Sz | ( | WOLFSSL * | ssl, |
| short | keySz | ||
| ) |
Sets the minimum allowable key size in bits for RSA located in the WOLFSSL structure.
| ssl | a pointer to a WOLFSSL structure, created using wolfSSL_new(). |
| keySz | a short integer value representing the the minimum key in bits. |
Example
| int wolfSSL_SetTmpDH | ( | WOLFSSL * | ssl, |
| const unsigned char * | p, | ||
| int | pSz, | ||
| const unsigned char * | g, | ||
| int | gSz | ||
| ) |
Server Diffie-Hellman Ephemeral parameters setting. This function sets up the group parameters to be used if the server negotiates a cipher suite that uses DHE.
| ssl | a pointer to a WOLFSSL structure, created using wolfSSL_new(). |
| p | Diffie-Hellman prime number parameter. |
| pSz | size of p. |
| g | Diffie-Hellman “generator” parameter. |
| gSz | size of g. |
Example
| int wolfSSL_SetTmpDH_buffer | ( | WOLFSSL * | ssl, |
| const unsigned char * | b, | ||
| long | sz, | ||
| int | format | ||
| ) |
The function calls the wolfSSL_SetTMpDH_buffer_wrapper, which is a wrapper for Diffie-Hellman parameters.
| ssl | a pointer to a WOLFSSL structure, created using wolfSSL_new(). |
| buf | allocated buffer passed in from wolfSSL_SetTMpDH_file_wrapper. |
| sz | a long int that holds the size of the file (fname within wolfSSL_SetTmpDH_file_wrapper). |
| format | an integer type passed through from wolfSSL_SetTmpDH_file_wrapper() that is a representation of the certificate format. |
Example
| int wolfSSL_SetTmpDH_file | ( | WOLFSSL * | ssl, |
| const char * | f, | ||
| int | format | ||
| ) |
This function calls wolfSSL_SetTmpDH_file_wrapper to set server Diffie-Hellman parameters.
| ssl | a pointer to a WOLFSSL structure, created using wolfSSL_new(). |
| fname | a constant char pointer holding the certificate. |
| format | an integer type that holds the format of the certification. |
Example
| int wolfSSL_UnloadCertsKeys | ( | WOLFSSL * | ) |
This function unloads any certificates or keys that SSL owns.
| ssl | a pointer to a WOLFSSL structure, created using wolfSSL_new(). |
Example
| int wolfSSL_use_certificate_buffer | ( | WOLFSSL * | ssl, |
| const unsigned char * | in, | ||
| long | sz, | ||
| int | format | ||
| ) |
This function loads a certificate buffer into the WOLFSSL object. It behaves like the non-buffered version, only differing in its ability to be called with a buffer as input instead of a file. The buffer is provided by the in argument of size sz. format specifies the format type of the buffer; SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM. Please see the examples for proper usage.
| ssl | pointer to the SSL session, created with wolfSSL_new(). |
| in | buffer containing certificate to load. |
| sz | size of the certificate located in buffer. |
| format | format of the certificate to be loaded. Possible values are SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM. |
Example
| int wolfSSL_use_certificate_chain_buffer | ( | WOLFSSL * | ssl, |
| const unsigned char * | in, | ||
| long | sz | ||
| ) |
This function loads a certificate chain buffer into the WOLFSSL object. It behaves like the non-buffered version, only differing in its ability to be called with a buffer as input instead of a file. The buffer is provided by the in argument of size sz. The buffer must be in PEM format and start with the subject’s certificate, ending with the root certificate. Please see the examples for proper usage.
| ssl | pointer to the SSL session, created with wolfSSL_new(). |
| in | buffer containing certificate to load. |
| sz | size of the certificate located in buffer. |
Example
| int wolfSSL_use_PrivateKey | ( | WOLFSSL * | ssl, |
| WOLFSSL_EVP_PKEY * | pkey | ||
| ) |
This is used to set the private key for the WOLFSSL structure.
| ssl | WOLFSSL structure to set argument in. |
| pkey | private key to use. |
Example
| int wolfSSL_use_PrivateKey_ASN1 | ( | int | pri, |
| WOLFSSL * | ssl, | ||
| unsigned char * | der, | ||
| long | derSz | ||
| ) |
This is used to set the private key for the WOLFSSL structure. A DER formatted key buffer is expected.
| pri | type of private key. |
| ssl | WOLFSSL structure to set argument in. |
| der | buffer holding DER key. |
| derSz | size of der buffer. |
Example
| int wolfSSL_use_PrivateKey_buffer | ( | WOLFSSL * | ssl, |
| const unsigned char * | in, | ||
| long | sz, | ||
| int | format | ||
| ) |
This function loads a private key buffer into the WOLFSSL object. It behaves like the non-buffered version, only differing in its ability to be called with a buffer as input instead of a file. The buffer is provided by the in argument of size sz. format specifies the format type of the buffer; SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM. Please see the examples for proper usage.
| ssl | pointer to the SSL session, created with wolfSSL_new(). |
| in | buffer containing private key to load. |
| sz | size of the private key located in buffer. |
| format | format of the private key to be loaded. Possible values are SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM. |
Example
| int wolfSSL_use_psk_identity_hint | ( | WOLFSSL * | ssl, |
| const char * | hint | ||
| ) |
This function stores the hint argument in the server_hint member of the Arrays structure within the WOLFSSL structure.
| ssl | a pointer to a WOLFSSL structure, created using wolfSSL_new(). |
| hint | a constant character pointer that holds the hint to be saved in memory. |
Example
| int wolfSSL_use_RSAPrivateKey_ASN1 | ( | WOLFSSL * | ssl, |
| unsigned char * | der, | ||
| long | derSz | ||
| ) |
This is used to set the private key for the WOLFSSL structure. A DER formatted RSA key buffer is expected.
| ssl | WOLFSSL structure to set argument in. |
| der | buffer holding DER key. |
| derSz | size of der buffer. |
Example
| WOLFSSL_X509* wolfSSL_X509_d2i_fp | ( | WOLFSSL_X509 ** | x509, |
| FILE * | file | ||
| ) |
If NO_STDIO_FILESYSTEM is defined this function will allocate heap memory, initialize a WOLFSSL_X509 structure and return a pointer to it.
| x509 | a pointer to a WOLFSSL_X509 pointer. |
| file | a defined type that is a pointer to a FILE. |
Example
| int wolfSSL_X509_digest | ( | const WOLFSSL_X509 * | x509, |
| const WOLFSSL_EVP_MD * | digest, | ||
| unsigned char * | buf, | ||
| unsigned int * | len | ||
| ) |
This function returns the hash of the DER certificate.
| x509 | certificate to get the hash of. |
| digest | the hash algorithm to use. |
| buf | buffer to hold hash. |
| len | length of buffer. |
Example
| const unsigned char* wolfSSL_X509_get_der | ( | WOLFSSL_X509 * | x509, |
| int * | outSz | ||
| ) |
This function gets the DER encoded certificate in the WOLFSSL_X509 struct.
| x509 | a pointer to a WOLFSSL_X509 structure containing certificate information. |
| outSz | length of the derBuffer member of the WOLFSSL_X509 struct. |
Example
| unsigned char* wolfSSL_X509_get_device_type | ( | WOLFSSL_X509 * | x509, |
| unsigned char * | in, | ||
| int * | inOutSz | ||
| ) |
This function copies the device type from the x509 structure to the buffer.
| x509 | pointer to a WOLFSSL_X509 structure, created with WOLFSSL_X509_new(). |
| in | a pointer to a byte type that will hold the device type (the buffer). |
| inOutSz | the minimum of either the parameter inOutSz or the deviceTypeSz member of the x509 structure. |
Example
| int wolfSSL_X509_get_ext_by_NID | ( | const WOLFSSL_X509 * | x509, |
| int | nid, | ||
| int | lastPos | ||
| ) |
This function looks for and returns the extension index matching the passed in NID value.
| x509 | certificate to get parse through for extension. |
| nid | extension OID to be found. |
| lastPos | start search from extension after lastPos. Set to -1 initially. |
Example
| void* wolfSSL_X509_get_ext_d2i | ( | const WOLFSSL_X509 * | x509, |
| int | nid, | ||
| int * | c, | ||
| int * | idx | ||
| ) |
This function looks for and returns the extension matching the passed in NID value.
| x509 | certificate to get parse through for extension. |
| nid | extension OID to be found. |
| c | if not NULL is set to -2 for multiple extensions found -1 if not found, 0 if found and not critical and 1 if found and critical. |
| idx | if NULL return first extension matched otherwise if not stored in x509 start at idx. |
Example
| unsigned char* wolfSSL_X509_get_hw_serial_number | ( | WOLFSSL_X509 * | x509, |
| unsigned char * | in, | ||
| int * | inOutSz | ||
| ) |
This function returns the hwSerialNum member of the x509 object.
| x509 | pointer to a WOLFSSL_X509 structure containing certificate information. |
| in | a pointer to the buffer that will be copied to. |
| inOutSz | a pointer to the size of the buffer. |
Example
| unsigned char* wolfSSL_X509_get_hw_type | ( | WOLFSSL_X509 * | x509, |
| unsigned char * | in, | ||
| int * | inOutSz | ||
| ) |
The function copies the hwType member of the WOLFSSL_X509 structure to the buffer.
| x509 | a pointer to a WOLFSSL_X509 structure containing certificate information. |
| in | pointer to type byte that represents the buffer. |
| inOutSz | pointer to type int that represents the size of the buffer. |
Example
| int wolfSSL_X509_get_isCA | ( | WOLFSSL_X509 * | cert | ) |
Checks the isCa member of the WOLFSSL_X509 structure and returns the value.
| cert | a pointer to a WOLFSSL_X509 structure. |
Example
| WOLFSSL_X509_NAME* wolfSSL_X509_get_issuer_name | ( | WOLFSSL_X509 * | cert | ) |
This function returns the name of the certificate issuer.
| cert | a pointer to a WOLFSSL_X509 structure. |
Example
| char* wolfSSL_X509_get_next_altname | ( | WOLFSSL_X509 * | ) |
This function returns the next, if any, altname from the peer certificate.
| cert | a pointer to the wolfSSL_X509 structure. |
Example
| WOLFSSL_ASN1_TIME* wolfSSL_X509_get_notAfter | ( | WOLFSSL_X509 * | ) |
This function checks to see if x509 is NULL and if it’s not, it returns the notAfter member of the x509 struct.
| x509 | a pointer to the WOLFSSL_X509 struct. |
Example
| WOLFSSL_ASN1_TIME* wolfSSL_X509_get_notBefore | ( | WOLFSSL_X509 * | ) |
The function checks to see if x509 is NULL and if it’s not, it returns the notBefore member of the x509 struct.
| x509 | a pointer to the WOLFSSL_X509 struct. |
Example
| int wolfSSL_X509_get_signature | ( | WOLFSSL_X509 * | x509, |
| unsigned char * | buf, | ||
| int * | bufSz | ||
| ) |
Gets the X509 signature and stores it in the buffer.
| x509 | pointer to a WOLFSSL_X509 structure. |
| buf | a char pointer to the buffer. |
| bufSz | an integer pointer to the size of the buffer. |
Example
| int wolfSSL_X509_get_signature_type | ( | WOLFSSL_X509 * | cert | ) |
This function returns the value stored in the sigOID member of the WOLFSSL_X509 structure.
| cert | a pointer to a WOLFSSL_X509 structure. |
Example
| WOLFSSL_X509_NAME* wolfSSL_X509_get_subject_name | ( | WOLFSSL_X509 * | cert | ) |
This function returns the subject member of the WOLFSSL_X509 structure.
| cert | a pointer to a WOLFSSL_X509 structure. |
Example
| char* wolfSSL_X509_get_subjectCN | ( | WOLFSSL_X509 * | ) |
Returns the common name of the subject from the certificate.
| x509 | a pointer to a WOLFSSL_X509 structure containing certificate information. |
Example
| WOLFSSL_X509* wolfSSL_X509_load_certificate_file | ( | const char * | fname, |
| int | format | ||
| ) |
The function loads the x509 certificate into memory.
| fname | the certificate file to be loaded. |
| format | the format of the certificate. |
Example
| int wolfSSL_X509_NAME_get_text_by_NID | ( | WOLFSSL_X509_NAME * | name, |
| int | nid, | ||
| char * | buf, | ||
| int | len | ||
| ) |
This function gets the text related to the passed in NID value.
| name | WOLFSSL_X509_NAME to search for text. |
| nid | NID to search for. |
| buf | buffer to hold text when found. |
| len | length of buffer. |
Example
| char* wolfSSL_X509_NAME_oneline | ( | WOLFSSL_X509_NAME * | name, |
| char * | in, | ||
| int | sz | ||
| ) |
This function copies the name of the x509 into a buffer.
| name | a pointer to a WOLFSSL_X509 structure. |
| in | a buffer to hold the name copied from the WOLFSSL_X509_NAME structure. |
| sz | the maximum size of the buffer. |
Example
| const byte* wolfSSL_X509_notAfter | ( | WOLFSSL_X509 * | x509 | ) |
This function the certificate "not after" validity encoded as a byte array.
| x509 | pointer to a WOLFSSL_X509 structure. |
Example
| const byte* wolfSSL_X509_notBefore | ( | WOLFSSL_X509 * | x509 | ) |
This function the certificate "not before" validity encoded as a byte array.
| x509 | pointer to a WOLFSSL_X509 structure. |
Example
| int wolfSSL_X509_STORE_add_cert | ( | WOLFSSL_X509_STORE * | store, |
| WOLFSSL_X509 * | x509 | ||
| ) |
This function adds a certificate to the WOLFSSL_X509_STRE structure.
| str | certificate store to add the certificate to. |
| x509 | certificate to add. |
Example
| WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get_chain | ( | WOLFSSL_X509_STORE_CTX * | ctx | ) |
This function is a getter function for chain variable in WOLFSSL_X509_STORE_CTX structure. Currently chain is not populated.
| ctx | certificate store ctx to get parse chain from. |
Example
| int wolfSSL_X509_STORE_set_flags | ( | WOLFSSL_X509_STORE * | store, |
| unsigned long | flag | ||
| ) |
This function takes in a flag to change the behavior of the WOLFSSL_X509_STORE structure passed in. An example of a flag used is WOLFSSL_CRL_CHECK.
| str | certificate store to set flag in. |
| flag | flag for behavior. |
Example
| int wolfSSL_X509_version | ( | WOLFSSL_X509 * | ) |
This function retrieves the version of the X509 certificate.
| ssl | a pointer to a WOLFSSL structure, created using wolfSSL_new(). |
Example
1.9.1