My Project
Functions
wolfSSL Initialization/Shutdown

Functions

int wolfSSL_shutdown (WOLFSSL *)
 This function shuts down an active SSL/TLS connection using the SSL session, ssl. This function will try to send a “close notify” alert to the peer. The calling application can choose to wait for the peer to send its “close notify” alert in response or just go ahead and shut down the underlying connection after directly calling wolfSSL_shutdown (to save resources). Either option is allowed by the TLS specification. If the underlying connection will be used again in the future, the complete two-directional shutdown procedure must be performed to keep synchronization intact between the peers. wolfSSL_shutdown() works with both blocking and non-blocking I/O. When the underlying I/O is non-blocking, wolfSSL_shutdown() will return an error if the underlying I/O could not satisfy the needs of wolfSSL_shutdown() to continue. In this case, a call to wolfSSL_get_error() will yield either SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE. The calling process must then repeat the call to wolfSSL_shutdown() when the underlying I/O is ready. More...
 
int wolfSSL_SetServerID (WOLFSSL *ssl, const unsigned char *id, int len, int newSession)
 This function associates the client session with the server id. If the newSession flag is on, an existing session won’t be reused. More...
 
int wolfSSL_library_init (void)
 This function is called internally in wolfSSL_CTX_new(). This function is a wrapper around wolfSSL_Init() and exists for OpenSSL compatibility (SSL_library_init) when wolfSSL has been compiled with OpenSSL compatibility layer. wolfSSL_Init() is the more typically-used wolfSSL initialization function. More...
 
int wolfSSL_get_shutdown (const WOLFSSL *ssl)
 This function checks the shutdown conditions in closeNotify or connReset or sentNotify members of the Options structure. The Options structure is within the WOLFSSL structure. More...
 
int wolfSSL_is_init_finished (WOLFSSL *ssl)
 This function checks to see if the connection is established. More...
 
int wolfSSL_Init (void)
 Initializes the wolfSSL library for use. Must be called once per application and before any other call to the library. More...
 
int wolfSSL_Cleanup (void)
 Un-initializes the wolfSSL library from further use. Doesn’t have to be called, though it will free any resources used by the library. More...
 
int wolfSSL_SetMinVersion (WOLFSSL *ssl, int version)
 This function sets the minimum downgrade version allowed. Applicable only when the connection allows downgrade using (wolfSSLv23_client_method or wolfSSLv23_server_method). More...
 
int wolfSSL_ALPN_GetProtocol (WOLFSSL *ssl, char **protocol_name, unsigned short *size)
 This function gets the protocol name set by the server. More...
 
int wolfSSL_ALPN_GetPeerProtocol (WOLFSSL *ssl, char **list, unsigned short *listSz)
 This function copies the alpn_client_list data from the SSL object to the buffer. More...
 
int wolfSSL_MakeTlsMasterSecret (unsigned char *ms, word32 msLen, const unsigned char *pms, word32 pmsLen, const unsigned char *cr, const unsigned char *sr, int tls1_2, int hash_type)
 This function copies the values of cr and sr then passes through to wc_PRF (pseudo random function) and returns that value. More...
 
int wolfSSL_preferred_group (WOLFSSL *ssl)
 This function returns the key exchange group the client prefers to use in the TLS v1.3 handshake. Call this function to after a handshake is complete to determine which group the server prefers so that this information can be used in future connections to pre-generate a key pair for key exchange. More...
 
int wolfSSL_get_client_suites_sigalgs (const WOLFSSL *ssl, const byte **suites, word16 *suiteSz, const byte **hashSigAlgo, word16 *hashSigAlgoSz)
 This function returns the raw list of ciphersuites and signature algorithms offered by the client. The lists are only stored and returned inside a callback setup with wolfSSL_CTX_set_cert_cb(). This is useful to be able to dynamically load certificates and keys based on the available ciphersuites and signature algorithms. More...
 
WOLFSSL_CIPHERSUITE_INFO wolfSSL_get_ciphersuite_info (byte first, byte second)
 This returns information about the ciphersuite directly from the raw ciphersuite bytes. More...
 
int wolfSSL_get_sigalg_info (byte first, byte second, int *hashAlgo, int *sigAlgo)
 This returns information about the hash and signature algorithm directly from the raw ciphersuite bytes. More...
 

Detailed Description

Function Documentation

◆ wolfSSL_ALPN_GetPeerProtocol()

int wolfSSL_ALPN_GetPeerProtocol ( WOLFSSL *  ssl,
char **  list,
unsigned short *  listSz 
)

This function copies the alpn_client_list data from the SSL object to the buffer.

Returns
SSL_SUCCESS returned if the function executed without error. The alpn_client_list member of the SSL object has been copied to the list parameter.
BAD_FUNC_ARG returned if the list or listSz parameter is NULL.
BUFFER_ERROR returned if there will be a problem with the list buffer (either it’s NULL or the size is 0).
MEMORY_ERROR returned if there was a problem dynamically allocating memory.
Parameters
ssla pointer to a WOLFSSL structure, created using wolfSSL_new().
lista pointer to the buffer. The data from the SSL object will be copied into it.
listSzthe buffer size.

Example

#import <wolfssl/ssl.h>
WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method);
WOLFSSL* ssl = wolfSSL_new(ctx);
#ifdef HAVE_ALPN
char* list = NULL;
word16 listSz = 0;
err = wolfSSL_ALPN_GetPeerProtocol(ssl, &list, &listSz);
if(err == SSL_SUCCESS){
List of protocols names sent by client
}
wolfSSL_new
WOLFSSL * wolfSSL_new(WOLFSSL_CTX *)
This function creates a new SSL session, taking an already created SSL context as input.
wolfSSL_CTX_new
WOLFSSL_CTX * wolfSSL_CTX_new(WOLFSSL_METHOD *)
This function creates a new SSL context, taking a desired SSL/TLS protocol method for input.
wolfSSL_ALPN_GetPeerProtocol
int wolfSSL_ALPN_GetPeerProtocol(WOLFSSL *ssl, char **list, unsigned short *listSz)
This function copies the alpn_client_list data from the SSL object to the buffer.
See also
wolfSSL_UseALPN

◆ wolfSSL_ALPN_GetProtocol()

int wolfSSL_ALPN_GetProtocol ( WOLFSSL *  ssl,
char **  protocol_name,
unsigned short *  size 
)

This function gets the protocol name set by the server.

Returns
SSL_SUCCESS returned on successful execution where no errors were thrown.
SSL_FATAL_ERROR returned if the extension was not found or if there was no protocol match with peer. There will also be an error thrown if there is more than one protocol name accepted.
SSL_ALPN_NOT_FOUND returned signifying that no protocol match with peer was found.
BAD_FUNC_ARG returned if there was a NULL argument passed into the function.
Parameters
ssla pointer to a WOLFSSL structure, created using wolfSSL_new().
protocol_namea pointer to a char that represents the protocol name and will be held in the ALPN structure.
sizea word16 type that represents the size of the protocol_name.

Example

WOLFSSL_CTX* ctx = WOLFSSL_CTX_new( protocol method );
WOLFSSL* ssl = WOLFSSL_new(ctx);
...
int err;
char* protocol_name = NULL;
Word16 protocol_nameSz = 0;
err = wolfSSL_ALPN_GetProtocol(ssl, &protocol_name, &protocol_nameSz);
if(err == SSL_SUCCESS){
// Sent ALPN protocol
}
wolfSSL_ALPN_GetProtocol
int wolfSSL_ALPN_GetProtocol(WOLFSSL *ssl, char **protocol_name, unsigned short *size)
This function gets the protocol name set by the server.
See also
TLSX_ALPN_GetRequest
TLSX_Find

◆ wolfSSL_Cleanup()

int wolfSSL_Cleanup ( void  )

Un-initializes the wolfSSL library from further use. Doesn’t have to be called, though it will free any resources used by the library.

Returns
SSL_SUCCESS return no errors.
BAD_MUTEX_E a mutex error return.]

Example

wolfSSL_Cleanup();
wolfSSL_Cleanup
int wolfSSL_Cleanup(void)
Un-initializes the wolfSSL library from further use. Doesn’t have to be called, though it will free a...
See also
wolfSSL_Init

◆ wolfSSL_get_ciphersuite_info()

WOLFSSL_CIPHERSUITE_INFO wolfSSL_get_ciphersuite_info ( byte  first,
byte  second 
)

This returns information about the ciphersuite directly from the raw ciphersuite bytes.

Parameters
[in]firstFirst byte of the ciphersuite
[in]secondSecond byte of the ciphersuite
Returns
WOLFSSL_CIPHERSUITE_INFO A struct containing information about the type of authentication used in the ciphersuite.

Example

WOLFSSL_CIPHERSUITE_INFO info =
wolfSSL_get_ciphersuite_info(suites[0], suites[1]);
if (info.rsaAuth)
haveRSA = 1;
else if (info.eccAuth)
haveECC = 1;
wolfSSL_get_ciphersuite_info
WOLFSSL_CIPHERSUITE_INFO wolfSSL_get_ciphersuite_info(byte first, byte second)
This returns information about the ciphersuite directly from the raw ciphersuite bytes.
See also
wolfSSL_get_client_suites_sigalgs
wolfSSL_get_sigalg_info

◆ wolfSSL_get_client_suites_sigalgs()

int wolfSSL_get_client_suites_sigalgs ( const WOLFSSL *  ssl,
const byte **  suites,
word16 *  suiteSz,
const byte **  hashSigAlgo,
word16 *  hashSigAlgoSz 
)

This function returns the raw list of ciphersuites and signature algorithms offered by the client. The lists are only stored and returned inside a callback setup with wolfSSL_CTX_set_cert_cb(). This is useful to be able to dynamically load certificates and keys based on the available ciphersuites and signature algorithms.

Parameters
[in]sslThe WOLFSSL object to extract the lists from.
[out]optionalsuites Raw and unfiltered list of client ciphersuites
[out]optionalsuiteSz Size of suites in bytes
[out]optionalhashSigAlgo Raw and unfiltered list of client signature algorithms
[out]optionalhashSigAlgoSz Size of hashSigAlgo in bytes
Returns
WOLFSSL_SUCCESS when suites available
WOLFSSL_FAILURE when suites not available

Example

int certCB(WOLFSSL* ssl, void* arg)
{
const byte* suites = NULL;
word16 suiteSz = 0;
const byte* hashSigAlgo = NULL;
word16 hashSigAlgoSz = 0;
wolfSSL_get_client_suites_sigalgs(ssl, &suites, &suiteSz, &hashSigAlgo,
&hashSigAlgoSz);
// Choose certificate to load based on ciphersuites and sigalgs
}
WOLFSSL* ctx;
ctx = wolfSSL_CTX_new(wolfTLSv1_3_method_ex(NULL));
wolfSSL_CTX_set_cert_cb(ctx, certCB, NULL);
wolfTLSv1_3_method_ex
WOLFSSL_METHOD * wolfTLSv1_3_method_ex(void *heap)
This function returns a WOLFSSL_METHOD similar to wolfTLSv1_3_client_method except that it is not det...
wolfSSL_get_client_suites_sigalgs
int wolfSSL_get_client_suites_sigalgs(const WOLFSSL *ssl, const byte **suites, word16 *suiteSz, const byte **hashSigAlgo, word16 *hashSigAlgoSz)
This function returns the raw list of ciphersuites and signature algorithms offered by the client....
See also
wolfSSL_get_ciphersuite_info
wolfSSL_get_sigalg_info

◆ wolfSSL_get_shutdown()

int wolfSSL_get_shutdown ( const WOLFSSL *  ssl)

This function checks the shutdown conditions in closeNotify or connReset or sentNotify members of the Options structure. The Options structure is within the WOLFSSL structure.

Returns
1 SSL_SENT_SHUTDOWN is returned.
2 SSL_RECEIVED_SHUTDOWN is returned.
Parameters
ssla constant pointer to a WOLFSSL structure, created using wolfSSL_new().

Example

#include <wolfssl/ssl.h>
WOLFSSL_CTX* ctx = WOLFSSL_CTX_new( protocol method );
WOLFSSL* ssl = WOLFSSL_new(ctx);
int ret;
ret = wolfSSL_get_shutdown(ssl);
if(ret == 1){
SSL_SENT_SHUTDOWN
} else if(ret == 2){
SSL_RECEIVED_SHUTDOWN
} else {
Fatal error.
}
wolfSSL_get_shutdown
int wolfSSL_get_shutdown(const WOLFSSL *ssl)
This function checks the shutdown conditions in closeNotify or connReset or sentNotify members of the...
See also
wolfSSL_SESSION_free

◆ wolfSSL_get_sigalg_info()

int wolfSSL_get_sigalg_info ( byte  first,
byte  second,
int *  hashAlgo,
int *  sigAlgo 
)

This returns information about the hash and signature algorithm directly from the raw ciphersuite bytes.

Parameters
[in]firstFirst byte of the hash and signature algorithm
[in]secondSecond byte of the hash and signature algorithm
[out]hashAlgoThe enum wc_HashType of the MAC algorithm
[out]sigAlgoThe enum Key_Sum of the authentication algorithm
Returns
0 when info was correctly set
BAD_FUNC_ARG when either input parameters are NULL or the bytes are not a recognized sigalg suite

Example

enum wc_HashType hashAlgo;
enum Key_Sum sigAlgo;
wolfSSL_get_sigalg_info(hashSigAlgo[idx+0], hashSigAlgo[idx+1],
&hashAlgo, &sigAlgo);
if (sigAlgo == RSAk || sigAlgo == RSAPSSk)
haveRSA = 1;
else if (sigAlgo == ECDSAk)
haveECC = 1;
wolfSSL_get_sigalg_info
int wolfSSL_get_sigalg_info(byte first, byte second, int *hashAlgo, int *sigAlgo)
This returns information about the hash and signature algorithm directly from the raw ciphersuite byt...
See also
wolfSSL_get_client_suites_sigalgs
wolfSSL_get_ciphersuite_info

◆ wolfSSL_Init()

int wolfSSL_Init ( void  )

Initializes the wolfSSL library for use. Must be called once per application and before any other call to the library.

Returns
SSL_SUCCESS If successful the call will return.
BAD_MUTEX_E is an error that may be returned.
WC_INIT_E wolfCrypt initialization error returned.

Example

int ret = 0;
ret = wolfSSL_Init();
if (ret != SSL_SUCCESS) {
failed to initialize wolfSSL library
}
wolfSSL_Init
int wolfSSL_Init(void)
Initializes the wolfSSL library for use. Must be called once per application and before any other cal...
See also
wolfSSL_Cleanup

◆ wolfSSL_is_init_finished()

int wolfSSL_is_init_finished ( WOLFSSL *  ssl)

This function checks to see if the connection is established.

Returns
0 returned if the connection is not established, i.e. the WOLFSSL struct is NULL or the handshake is not done.
1 returned if the connection is established i.e. the WOLFSSL handshake is done.
Parameters
ssla pointer to a WOLFSSL structure, created using wolfSSL_new().

EXAMPLE

#include <wolfssl/ssl.h>
WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method );
WOLFSSL* ssl = wolfSSL_new(ctx);
...
if(wolfSSL_is_init_finished(ssl)){
Handshake is done and connection is established
}
wolfSSL_is_init_finished
int wolfSSL_is_init_finished(WOLFSSL *ssl)
This function checks to see if the connection is established.
See also
wolfSSL_set_accept_state
wolfSSL_get_keys
wolfSSL_set_shutdown

◆ wolfSSL_library_init()

int wolfSSL_library_init ( void  )

This function is called internally in wolfSSL_CTX_new(). This function is a wrapper around wolfSSL_Init() and exists for OpenSSL compatibility (SSL_library_init) when wolfSSL has been compiled with OpenSSL compatibility layer. wolfSSL_Init() is the more typically-used wolfSSL initialization function.

Returns
SSL_SUCCESS If successful the call will return.
SSL_FATAL_ERROR is returned upon failure.
Parameters
noneNo parameters.

Example

int ret = 0;
ret = wolfSSL_library_init();
if (ret != SSL_SUCCESS) {
failed to initialize wolfSSL
}
...
wolfSSL_library_init
int wolfSSL_library_init(void)
This function is called internally in wolfSSL_CTX_new(). This function is a wrapper around wolfSSL_In...
See also
wolfSSL_Init
wolfSSL_Cleanup

◆ wolfSSL_MakeTlsMasterSecret()

int wolfSSL_MakeTlsMasterSecret ( unsigned char *  ms,
word32  msLen,
const unsigned char *  pms,
word32  pmsLen,
const unsigned char *  cr,
const unsigned char *  sr,
int  tls1_2,
int  hash_type 
)

This function copies the values of cr and sr then passes through to wc_PRF (pseudo random function) and returns that value.

Returns
0 on success
BUFFER_E returned if there will be an error with the size of the buffer.
MEMORY_E returned if a subroutine failed to allocate dynamic memory.
Parameters
msthe master secret held in the Arrays structure.
msLenthe length of the master secret.
pmsthe pre-master secret held in the Arrays structure.
pmsLenthe length of the pre-master secret.
crthe client random.
srthe server random.
tls1_2signifies that the version is at least tls version 1.2.
hash_typesignifies the hash type.

Example

WOLFSSL* ssl;
called in MakeTlsMasterSecret and retrieves the necessary
information as follows:
int MakeTlsMasterSecret(WOLFSSL* ssl){
int ret;
ret = wolfSSL_makeTlsMasterSecret(ssl->arrays->masterSecret, SECRET_LEN,
ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz,
ssl->arrays->clientRandom, ssl->arrays->serverRandom,
IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm);
return ret;
}
See also
wc_PRF
MakeTlsMasterSecret

◆ wolfSSL_preferred_group()

int wolfSSL_preferred_group ( WOLFSSL *  ssl)

This function returns the key exchange group the client prefers to use in the TLS v1.3 handshake. Call this function to after a handshake is complete to determine which group the server prefers so that this information can be used in future connections to pre-generate a key pair for key exchange.

Parameters
[in,out]ssla pointer to a WOLFSSL structure, created using wolfSSL_new().
Returns
BAD_FUNC_ARG if ssl is NULL or not using TLS v1.3.
SIDE_ERROR if called with a server.
NOT_READY_ERROR if called before handshake is complete.
Group identifier if successful.

Example

int ret;
int group;
WOLFSSL* ssl;
...
ret = wolfSSL_CTX_set1_groups_list(ssl)
if (ret < 0) {
// failed to get group
}
group = ret;
wolfSSL_CTX_set1_groups_list
int wolfSSL_CTX_set1_groups_list(WOLFSSL_CTX *ctx, char *list)
This function sets the list of elliptic curve groups to allow on a wolfSSL context in order of prefer...
See also
wolfSSL_UseKeyShare
wolfSSL_CTX_set_groups
wolfSSL_set_groups
wolfSSL_CTX_set1_groups_list
wolfSSL_set1_groups_list

◆ wolfSSL_SetMinVersion()

int wolfSSL_SetMinVersion ( WOLFSSL *  ssl,
int  version 
)

This function sets the minimum downgrade version allowed. Applicable only when the connection allows downgrade using (wolfSSLv23_client_method or wolfSSLv23_server_method).

Returns
SSL_SUCCESS returned if this function and its subroutine executes without error.
BAD_FUNC_ARG returned if the SSL object is NULL. In the subroutine this error is thrown if there is not a good version match.
Parameters
ssla pointer to a WOLFSSL structure, created using wolfSSL_new().
versionan integer representation of the version to be set as the minimum: WOLFSSL_SSLV3 = 0, WOLFSSL_TLSV1 = 1, WOLFSSL_TLSV1_1 = 2 or WOLFSSL_TLSV1_2 = 3.

Example

WOLFSSL_CTX* ctx = WOLFSSL_CTX_new(protocol method);
WOLFSSL* ssl = WOLFSSL_new(ctx);
int version; macro representation
if(wolfSSL_CTX_SetMinVersion(ssl->ctx, version) != SSL_SUCCESS){
Failed to set min version
}
wolfSSL_CTX_SetMinVersion
int wolfSSL_CTX_SetMinVersion(WOLFSSL_CTX *ctx, int version)
This function sets the minimum downgrade version allowed. Applicable only when the connection allows ...
See also
SetMinVersionHelper

◆ wolfSSL_SetServerID()

int wolfSSL_SetServerID ( WOLFSSL *  ssl,
const unsigned char *  id,
int  len,
int  newSession 
)

This function associates the client session with the server id. If the newSession flag is on, an existing session won’t be reused.

Returns
SSL_SUCCESS returned if the function executed without error.
BAD_FUNC_ARG returned if the WOLFSSL struct or id parameter is NULL or if len is not greater than zero.
Parameters
ssla pointer to a WOLFSSL structure, created using wolfSSL_new().
ida constant byte pointer that will be copied to the serverID member of the WOLFSSL_SESSION structure.
lenan int type representing the length of the session id parameter.
newSessionan int type representing the flag to denote whether to reuse a session or not.

Example

WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol );
WOLFSSL* ssl = WOLFSSL_new(ctx);
const byte id[MAX_SIZE]; // or dynamically create space
int len = 0; // initialize length
int newSession = 0; // flag to allow
int ret = wolfSSL_SetServerID(ssl, id, len, newSession);
if (ret == WOLFSSL_SUCCESS) {
// The Id was successfully set
}
wolfSSL_SetServerID
int wolfSSL_SetServerID(WOLFSSL *ssl, const unsigned char *id, int len, int newSession)
This function associates the client session with the server id. If the newSession flag is on,...
See also
wolfSSL_set_session

◆ wolfSSL_shutdown()

int wolfSSL_shutdown ( WOLFSSL *  )

This function shuts down an active SSL/TLS connection using the SSL session, ssl. This function will try to send a “close notify” alert to the peer. The calling application can choose to wait for the peer to send its “close notify” alert in response or just go ahead and shut down the underlying connection after directly calling wolfSSL_shutdown (to save resources). Either option is allowed by the TLS specification. If the underlying connection will be used again in the future, the complete two-directional shutdown procedure must be performed to keep synchronization intact between the peers. wolfSSL_shutdown() works with both blocking and non-blocking I/O. When the underlying I/O is non-blocking, wolfSSL_shutdown() will return an error if the underlying I/O could not satisfy the needs of wolfSSL_shutdown() to continue. In this case, a call to wolfSSL_get_error() will yield either SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE. The calling process must then repeat the call to wolfSSL_shutdown() when the underlying I/O is ready.

Returns
SSL_SUCCESS will be returned upon success.
SSL_SHUTDOWN_NOT_DONE will be returned when shutdown has not finished, and the function should be called again.
SSL_FATAL_ERROR will be returned upon failure. Call wolfSSL_get_error() for a more specific error code.
Parameters
sslpointer to the SSL session created with wolfSSL_new().

Example

#include <wolfssl/ssl.h>
int ret = 0;
WOLFSSL* ssl = 0;
...
ret = wolfSSL_shutdown(ssl);
if (ret != 0) {
// failed to shut down SSL connection
}
wolfSSL_shutdown
int wolfSSL_shutdown(WOLFSSL *)
This function shuts down an active SSL/TLS connection using the SSL session, ssl. This function will ...
See also
wolfSSL_free
wolfSSL_CTX_free