/* * clients initial contact with server. (socket to connect, security layer) */ int ClientGreet(int sock, CYASSL* ssl) { /* data to send to the server, data recieved from the server */ char sendBuff[MAXDATASIZE], rcvBuff[MAXDATASIZE] = {0}; int ret = 0; /* variable for error checking */ printf("Message for server:\t"); fgets(sendBuff, MAXDATASIZE, stdin); if (CyaSSL_write(ssl, sendBuff, strlen(sendBuff)) != strlen(sendBuff)) { /* the message is not able to send, or error trying */ ret = CyaSSL_get_error(ssl, 0); printf("Write error: Error: %i\n", ret); return EXIT_FAILURE; } if (CyaSSL_read(ssl, rcvBuff, MAXDATASIZE) < 0) { /* the server failed to send data, or error trying */ ret = CyaSSL_get_error(ssl, 0); printf("Read error. Error: %i\n", ret); return EXIT_FAILURE; } printf("Recieved: \t%s\n", rcvBuff); return ret; }
/* * Handles response to client. */ int respond(CYASSL* ssl) { int n; /* length of string read */ char buf[MAXLINE]; /* string read from client */ char response[] = "I hear ya for shizzle"; memset(buf, 0, MAXLINE); do { if (NonBlockingSSL(ssl) != SSL_SUCCESS) return 1; n = CyaSSL_read(ssl, buf, MAXLINE); if (n > 0) { printf("%s\n", buf); } } while(n < 0); if (NonBlockingSSL(ssl) != SSL_SUCCESS) return 1; if (CyaSSL_write(ssl, response, strlen(response)) != strlen(response)) { printf("Fatal error : respond: write error\n"); return 1; } return 0; }
/* Send and receive function */ void DatagramClient (CYASSL* ssl) { int n = 0; char sendLine[MAXLINE], recvLine[MAXLINE - 1]; while (fgets(sendLine, MAXLINE, stdin) != NULL) { if ( ( CyaSSL_write(ssl, sendLine, strlen(sendLine))) != strlen(sendLine)) { printf("SSL_write failed"); } n = CyaSSL_read(ssl, recvLine, sizeof(recvLine)-1); if (n < 0) { int readErr = CyaSSL_get_error(ssl, 0); if(readErr != SSL_ERROR_WANT_READ) { printf("CyaSSL_read failed"); } } recvLine[n] = '\0'; fputs(recvLine, stdout); } }
void *incoming_connection(void *arg) { char readline[MAXLINE]; struct thread_argument *ta = (struct thread_argument *)arg; struct context *context = context_new(true, true); context->find = ta->find; for (;;) { bzero(readline, sizeof(readline)); int n; if (((n = CyaSSL_read(ta->ssl, readline, MAXLINE)) <= 0)) { fprintf(stderr, "client closed connection\n"); goto free_ssl; } fprintf(stderr, "%d bytes received: %s\n", n, readline); struct byte_array *raw_message = byte_array_new_size(n); raw_message->data = (uint8_t*)readline; int32_t raw_message_length = serial_decode_int(raw_message); assert_message(raw_message_length < MAXLINE, "todo: handle long messages"); struct variable *message = variable_deserialize(context, raw_message); struct variable *listener = (struct variable *)map_get(server_listeners, (void*)(VOID_INT)ta->fd); vm_call(context, listener, message); } free_ssl: CyaSSL_free(ta->ssl); // Free CYASSL object free(ta); context_del(context); return NULL; }
static int perform_get_test(int sockfd) { char buffer[CYASSL_MAX_ERROR_SZ]; char reply[HTTP_BUF_SIZE]; int err, ret, input; if (CyaSSL_Init() < 0) err_sys("Unable to init ssl library"); CYASSL_METHOD *method; method = CyaTLSv1_client_method(); if (method == NULL) { err_sys("Unable to get method"); } CYASSL_CTX *ctx = 0; ctx = CyaSSL_CTX_new(method); if (ctx == NULL) { err_sys("Unable to get ctx"); } CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); CYASSL* ssl = 0; ssl = CyaSSL_new(ctx); if (ssl == NULL) { err_sys("Unable to get ssl obj"); } if (CyaSSL_set_fd(ssl, sockfd) != SSL_SUCCESS) { err_sys("Can't set fd"); } ret = CyaSSL_connect(ssl); if (ret != SSL_SUCCESS) { err = CyaSSL_get_error(ssl, 0); } if (ret != SSL_SUCCESS) { LOG_E("err = %d, %s\n", err, CyaSSL_ERR_error_string(err, buffer)); err_sys("cyaSSL_connect failed"); } if (CyaSSL_write(ssl, msg, sizeof(msg)) != sizeof(msg)) { err_sys("SSL_write failed"); }; input = CyaSSL_read(ssl, reply, sizeof(reply)); if (input > 0) { if (!memcmp(reply, msg_200_ok, sizeof(msg_200_ok) - 1)) { return 0; } else { return -1; } } return -1; }
int capwap_decrypt_packet(struct capwap_dtls* dtls, void* encrybuffer, int size, void* plainbuffer, int maxsize) { int sslerror; int result = -1; char* clone = NULL; ASSERT(dtls != NULL); ASSERT(dtls->enable != 0); ASSERT((dtls->action == CAPWAP_DTLS_ACTION_HANDSHAKE) || (dtls->action == CAPWAP_DTLS_ACTION_DATA)); ASSERT(dtls->buffer == NULL); ASSERT(dtls->length == 0); ASSERT(encrybuffer != NULL); ASSERT(size > 0); ASSERT(maxsize > 0); /* */ if (!plainbuffer) { clone = capwap_clone(encrybuffer, size); } dtls->buffer = (clone ? clone : encrybuffer); dtls->length = size; /* */ if (dtls->action == CAPWAP_DTLS_ACTION_HANDSHAKE) { if (capwap_crypt_handshake(dtls) == CAPWAP_HANDSHAKE_ERROR) { capwap_logging_debug("Error in DTLS handshake"); result = CAPWAP_ERROR_CLOSE; /* Error handshake */ } else { result = CAPWAP_ERROR_AGAIN; /* Don't parsing DTLS packet */ } } else if (dtls->action == CAPWAP_DTLS_ACTION_DATA) { result = CyaSSL_read((CYASSL*)dtls->sslsession, (plainbuffer ? plainbuffer : encrybuffer), maxsize); if (!result) { dtls->action = CAPWAP_DTLS_ACTION_SHUTDOWN; result = CAPWAP_ERROR_SHUTDOWN; } else if (result < 0) { /* Check error */ sslerror = CyaSSL_get_error((CYASSL*)dtls->sslsession, 0); if ((sslerror == SSL_ERROR_WANT_READ) || (sslerror == SSL_ERROR_WANT_WRITE)) { result = CAPWAP_ERROR_AGAIN; /* DTLS Renegotiation */ } else { result = CAPWAP_ERROR_CLOSE; } } } /* Verify BIO read */ ASSERT(dtls->buffer == NULL); ASSERT(dtls->length == 0); /* Free clone */ if (clone) { capwap_free(clone); } return result; }
int main(int argc, char** argv) { int ret, sockfd, clientfd; char buff[80]; const char reply[] = "I hear ya fa shizzle!\n"; CYASSL* ssl; CYASSL_CTX* ctx = CyaSSL_CTX_new(CyaSSLv23_server_method()); if (ctx == NULL) err_sys("bad ctx new"); if (CyaSSL_CTX_use_certificate_file(ctx, "../certs/server-cert.pem", SSL_FILETYPE_PEM) != SSL_SUCCESS) { err_sys("Error loading server-cert.pem"); return EXIT_FAILURE; } if (CyaSSL_CTX_use_PrivateKey_file(ctx, "../certs/server-key.pem", SSL_FILETYPE_PEM) != SSL_SUCCESS) { err_sys("Error loading server-key.pem"); return EXIT_FAILURE; } printf("Waiting for a connection...\n"); tcp_accept(&sockfd, &clientfd, NULL, yasslPort, 1, 0); if ((ssl = CyaSSL_new(ctx)) == NULL) err_sys("bad cyassl setup"); if (CyaSSL_set_fd(ssl, clientfd) != SSL_SUCCESS) err_sys("bad set fd"); ret = CyaSSL_read(ssl, buff, sizeof(buff)-1); if (ret > 0) { buff[ret] = '\0'; printf("Recieved: %s\n", buff); if ((ret = CyaSSL_write(ssl, reply, sizeof(reply)-1)) < 0) err_sys("bad cyassl write"); } else err_sys("bad cyassl read"); close(sockfd); close(clientfd); CyaSSL_free(ssl); CyaSSL_CTX_free(ctx); CyaSSL_Cleanup(); return 0; }
/* * Handles response to client. */ int respond(struct epoll_event povent, int epollfd) { int n; /* length of string read */ char buf[MAXLINE]; /* string read from client */ struct client_ssl* info = povent.data.ptr; int sockfd = info->fd; CyaSSL_accept(info->ssl); CyaSSL_get_error(info->ssl, 0); memset(buf, 0, MAXLINE); n = CyaSSL_read(info->ssl, buf, MAXLINE); if (n > 0) { printf("%s\n", buf); if (CyaSSL_write(info->ssl, buf, strlen(buf)) != strlen(buf)) { printf("write error"); } } if (n < 0) { if (errno != EAGAIN) { printf("respond: read error\n"); numCon--; CyaSSL_shutdown(info->ssl); CyaSSL_free(info->ssl); free(info); epoll_ctl(epollfd, EPOLL_CTL_DEL, sockfd, &povent); printf("disconected client that had error\n"); return 1; } return 0; } if (n == 0) { numCon--; CyaSSL_shutdown(info->ssl); CyaSSL_free(info->ssl); free(info); epoll_ctl(epollfd, EPOLL_CTL_DEL, sockfd, &povent); printf("a client has disconected\n"); } return 0; }
/* * this function will send the inputted string to the server and then * recieve the string from the server outputing it to the termial */ int SendReceive(CYASSL* ssl) { char sendline[MAXLINE]="Hello Server"; /* string to send to the server */ char recvline[MAXLINE]; /* string received from the server */ /* write string to the server */ if (CyaSSL_write(ssl, sendline, MAXLINE) != sizeof(sendline)) { printf("Write Error to Server\n"); return 1; } /* flags if the Server stopped before the client could end */ if (CyaSSL_read(ssl, recvline, MAXLINE) < 0 ) { printf("Client: Server Terminated Prematurely!\n"); return 1; } /* show message from the server */ printf("Server Message: %s\n", recvline); return 0; }
bool_t exosite_pal_sock_read( void *sock, char *data, int *dataLen) { int *sockfd = (int *)sock; int sslCtxIndex; if((sslCtxIndex = create_ssl_ctx_instance(*sockfd)) < 0) { printf("read, sslCtxIndex = %d\r\n", sslCtxIndex); exosite_pal_sock_close(sock); return FALSE; } bzero(data, *dataLen); *dataLen = CyaSSL_read(sslContextSet[sslCtxIndex].ssl, data, *dataLen); CyaSSL_Cleanup(); return ((*dataLen) > 0 ? TRUE : FALSE); }
static THREAD_RETURN CYASSL_THREAD run_cyassl_server(void* args) { callback_functions* callbacks = ((func_args*)args)->callbacks; CYASSL_CTX* ctx = CyaSSL_CTX_new(callbacks->method()); CYASSL* ssl = NULL; SOCKET_T sfd = 0; SOCKET_T cfd = 0; word16 port = yasslPort; char msg[] = "I hear you fa shizzle!"; int len = (int) XSTRLEN(msg); char input[1024]; int idx; #ifdef CYASSL_TIRTOS fdOpenSession(Task_self()); #endif ((func_args*)args)->return_code = TEST_FAIL; #if defined(NO_MAIN_DRIVER) && !defined(USE_WINDOWS_API) && \ !defined(CYASSL_SNIFFER) && !defined(CYASSL_MDK_SHELL) && \ !defined(CYASSL_TIRTOS) port = 0; #endif CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0); #ifdef OPENSSL_EXTRA CyaSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); #endif AssertIntEQ(SSL_SUCCESS, CyaSSL_CTX_load_verify_locations(ctx, cliCert, 0)); AssertIntEQ(SSL_SUCCESS, CyaSSL_CTX_use_certificate_file(ctx, svrCert, SSL_FILETYPE_PEM)); AssertIntEQ(SSL_SUCCESS, CyaSSL_CTX_use_PrivateKey_file(ctx, svrKey, SSL_FILETYPE_PEM)); if (callbacks->ctx_ready) callbacks->ctx_ready(ctx); ssl = CyaSSL_new(ctx); tcp_accept(&sfd, &cfd, (func_args*)args, port, 0, 0); CloseSocket(sfd); CyaSSL_set_fd(ssl, cfd); #ifdef NO_PSK #if !defined(NO_FILESYSTEM) && !defined(NO_DH) CyaSSL_SetTmpDH_file(ssl, dhParam, SSL_FILETYPE_PEM); #elif !defined(NO_DH) SetDH(ssl); /* will repick suites with DHE, higher priority than PSK */ #endif #endif if (callbacks->ssl_ready) callbacks->ssl_ready(ssl); /* AssertIntEQ(SSL_SUCCESS, CyaSSL_accept(ssl)); */ if (CyaSSL_accept(ssl) != SSL_SUCCESS) { int err = CyaSSL_get_error(ssl, 0); char buffer[CYASSL_MAX_ERROR_SZ]; printf("error = %d, %s\n", err, CyaSSL_ERR_error_string(err, buffer)); } else { if (0 < (idx = CyaSSL_read(ssl, input, sizeof(input)-1))) { input[idx] = 0; printf("Client message: %s\n", input); } AssertIntEQ(len, CyaSSL_write(ssl, msg, len)); #ifdef CYASSL_TIRTOS Task_yield(); #endif CyaSSL_shutdown(ssl); } if (callbacks->on_result) callbacks->on_result(ssl); CyaSSL_free(ssl); CyaSSL_CTX_free(ctx); CloseSocket(cfd); ((func_args*)args)->return_code = TEST_SUCCESS; #ifdef CYASSL_TIRTOS fdCloseSession(Task_self()); #endif #if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \ && defined(HAVE_THREAD_LS) ecc_fp_free(); /* free per thread cache */ #endif #ifndef CYASSL_TIRTOS return 0; #endif }
static void test_client_nofail(void* args) { SOCKET_T sockfd = 0; CYASSL_METHOD* method = 0; CYASSL_CTX* ctx = 0; CYASSL* ssl = 0; char msg[64] = "hello cyassl!"; char reply[1024]; int input; int msgSz = (int)strlen(msg); #ifdef CYASSL_TIRTOS fdOpenSession(Task_self()); #endif ((func_args*)args)->return_code = TEST_FAIL; method = CyaSSLv23_client_method(); ctx = CyaSSL_CTX_new(method); #ifdef OPENSSL_EXTRA CyaSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); #endif if (CyaSSL_CTX_load_verify_locations(ctx, caCert, 0) != SSL_SUCCESS) { /* err_sys("can't load ca file, Please run from CyaSSL home dir");*/ goto done2; } if (CyaSSL_CTX_use_certificate_file(ctx, cliCert, SSL_FILETYPE_PEM) != SSL_SUCCESS) { /*err_sys("can't load client cert file, " "Please run from CyaSSL home dir");*/ goto done2; } if (CyaSSL_CTX_use_PrivateKey_file(ctx, cliKey, SSL_FILETYPE_PEM) != SSL_SUCCESS) { /*err_sys("can't load client key file, " "Please run from CyaSSL home dir");*/ goto done2; } tcp_connect(&sockfd, yasslIP, ((func_args*)args)->signal->port, 0); ssl = CyaSSL_new(ctx); CyaSSL_set_fd(ssl, sockfd); if (CyaSSL_connect(ssl) != SSL_SUCCESS) { int err = CyaSSL_get_error(ssl, 0); char buffer[CYASSL_MAX_ERROR_SZ]; printf("err = %d, %s\n", err, CyaSSL_ERR_error_string(err, buffer)); /*printf("SSL_connect failed");*/ goto done2; } if (CyaSSL_write(ssl, msg, msgSz) != msgSz) { /*err_sys("SSL_write failed");*/ goto done2; } input = CyaSSL_read(ssl, reply, sizeof(reply)-1); if (input > 0) { reply[input] = 0; printf("Server response: %s\n", reply); } done2: CyaSSL_free(ssl); CyaSSL_CTX_free(ctx); CloseSocket(sockfd); ((func_args*)args)->return_code = TEST_SUCCESS; #ifdef CYASSL_TIRTOS fdCloseSession(Task_self()); #endif return; }
static THREAD_RETURN CYASSL_THREAD test_server_nofail(void* args) { SOCKET_T sockfd = 0; SOCKET_T clientfd = 0; word16 port = yasslPort; CYASSL_METHOD* method = 0; CYASSL_CTX* ctx = 0; CYASSL* ssl = 0; char msg[] = "I hear you fa shizzle!"; char input[1024]; int idx; #ifdef CYASSL_TIRTOS fdOpenSession(Task_self()); #endif ((func_args*)args)->return_code = TEST_FAIL; method = CyaSSLv23_server_method(); ctx = CyaSSL_CTX_new(method); #if defined(NO_MAIN_DRIVER) && !defined(USE_WINDOWS_API) && \ !defined(CYASSL_SNIFFER) && !defined(CYASSL_MDK_SHELL) && \ !defined(CYASSL_TIRTOS) port = 0; #endif CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0); #ifdef OPENSSL_EXTRA CyaSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); #endif if (CyaSSL_CTX_load_verify_locations(ctx, cliCert, 0) != SSL_SUCCESS) { /*err_sys("can't load ca file, Please run from CyaSSL home dir");*/ goto done; } if (CyaSSL_CTX_use_certificate_file(ctx, svrCert, SSL_FILETYPE_PEM) != SSL_SUCCESS) { /*err_sys("can't load server cert chain file, " "Please run from CyaSSL home dir");*/ goto done; } if (CyaSSL_CTX_use_PrivateKey_file(ctx, svrKey, SSL_FILETYPE_PEM) != SSL_SUCCESS) { /*err_sys("can't load server key file, " "Please run from CyaSSL home dir");*/ goto done; } ssl = CyaSSL_new(ctx); tcp_accept(&sockfd, &clientfd, (func_args*)args, port, 0, 0); CloseSocket(sockfd); CyaSSL_set_fd(ssl, clientfd); #ifdef NO_PSK #if !defined(NO_FILESYSTEM) && !defined(NO_DH) CyaSSL_SetTmpDH_file(ssl, dhParam, SSL_FILETYPE_PEM); #elif !defined(NO_DH) SetDH(ssl); /* will repick suites with DHE, higher priority than PSK */ #endif #endif if (CyaSSL_accept(ssl) != SSL_SUCCESS) { int err = CyaSSL_get_error(ssl, 0); char buffer[CYASSL_MAX_ERROR_SZ]; printf("error = %d, %s\n", err, CyaSSL_ERR_error_string(err, buffer)); /*err_sys("SSL_accept failed");*/ goto done; } idx = CyaSSL_read(ssl, input, sizeof(input)-1); if (idx > 0) { input[idx] = 0; printf("Client message: %s\n", input); } if (CyaSSL_write(ssl, msg, sizeof(msg)) != sizeof(msg)) { /*err_sys("SSL_write failed");*/ #ifdef CYASSL_TIRTOS return; #else return 0; #endif } #ifdef CYASSL_TIRTOS Task_yield(); #endif done: CyaSSL_shutdown(ssl); CyaSSL_free(ssl); CyaSSL_CTX_free(ctx); CloseSocket(clientfd); ((func_args*)args)->return_code = TEST_SUCCESS; #ifdef CYASSL_TIRTOS fdCloseSession(Task_self()); #endif #if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \ && defined(HAVE_THREAD_LS) ecc_fp_free(); /* free per thread cache */ #endif #ifndef CYASSL_TIRTOS return 0; #endif }
/* * ======== tcpHandler ======== * Creates new Task to handle new TCP connections. */ Void tcpHandler(UArg arg0, UArg arg1) { int sockfd; int ret; struct sockaddr_in servAddr; Error_Block eb; bool flag = true; bool internal_flag = true; int nbytes; char *buffer; char msg[] = "Hello from TM4C1294XL Connected Launchpad"; CYASSL* ssl = (CYASSL *) arg0; fdOpenSession(TaskSelf()); CyaSSL_Init(); CYASSL_CTX* ctx = NULL; ctx = CyaSSL_CTX_new(CyaTLSv1_2_client_method()); if (ctx == 0) { System_printf("tcpHandler: CyaSSL_CTX_new error.\n"); exitApp(ctx); } if (CyaSSL_CTX_load_verify_buffer(ctx, ca_cert_der_2048, sizeof(ca_cert_der_2048) / sizeof(char), SSL_FILETYPE_ASN1) != SSL_SUCCESS) { System_printf("tcpHandler: Error loading ca_cert_der_2048" " please check the cyassl/certs_test.h file.\n"); exitApp(ctx); } if (CyaSSL_CTX_use_certificate_buffer(ctx, client_cert_der_2048, sizeof(client_cert_der_2048) / sizeof(char), SSL_FILETYPE_ASN1) != SSL_SUCCESS) { System_printf("tcpHandler: Error loading client_cert_der_2048," " please check the cyassl/certs_test.h file.\n"); exitApp(ctx); } if (CyaSSL_CTX_use_PrivateKey_buffer(ctx, client_key_der_2048, sizeof(client_key_der_2048) / sizeof(char), SSL_FILETYPE_ASN1) != SSL_SUCCESS) { System_printf("tcpHandler: Error loading client_key_der_2048," " please check the cyassl/certs_test.h file.\n"); exitApp(ctx); } /* Init the Error_Block */ Error_init(&eb); do { sockfd = socket(AF_INET, SOCK_STREAM, 0); if (sockfd < 0) { System_printf("tcpHandler: socket failed\n"); Task_sleep(2000); continue; } memset((char *) &servAddr, 0, sizeof(servAddr)); servAddr.sin_family = AF_INET; servAddr.sin_port = htons(TCPPORT); inet_aton(IP_ADDR, &servAddr.sin_addr); ret = connect(sockfd, (struct sockaddr *) &servAddr, sizeof(servAddr)); if (ret < 0) { fdClose((SOCKET) sockfd); Task_sleep(2000); continue; } } while (ret != 0); if ((ssl = CyaSSL_new(ctx)) == NULL) { System_printf("tcpHandler: CyaSSL_new error.\n"); exitApp(ctx); } CyaSSL_set_fd(ssl, sockfd); ret = CyaSSL_connect(ssl); /* Delete "TOP_LINE" and "END_LINE" for debugging. */ /* TOP_LINE System_printf("looked for: %d.\n", SSL_SUCCESS); System_printf("return was: %d.\n", ret); int err; char err_buffer[80]; err = CyaSSL_get_error(ssl, 0); System_printf("CyaSSL error: %d\n", err); System_printf("CyaSSL error string: %s\n", CyaSSL_ERR_error_string(err, err_buffer)); END_LINE */ if (ret == SSL_SUCCESS) { sockfd = CyaSSL_get_fd(ssl); /* Get a buffer to receive incoming packets. Use the default heap. */ buffer = Memory_alloc(NULL, TCPPACKETSIZE, 0, &eb); if (buffer == NULL) { System_printf("tcpWorker: failed to alloc memory\n"); exitApp(ctx); } /* Say hello to the server */ while (flag) { if (CyaSSL_write(ssl, msg, strlen(msg)) != strlen(msg)) { ret = CyaSSL_get_error(ssl, 0); System_printf("Write error: %i.\n", ret); } while (internal_flag) { nbytes = CyaSSL_read(ssl, (char *) buffer, TCPPACKETSIZE); if (nbytes > 0) { internal_flag = false; } } /* success */ System_printf("Heard: \"%s\".\n", buffer); CyaSSL_free(ssl); fdClose((SOCKET) sockfd); flag = false; } /* Free the buffer back to the heap */ Memory_free(NULL, buffer, TCPPACKETSIZE); /* * Since deleteTerminatedTasks is set in the cfg file, * the Task will be deleted when the idle task runs. */ exitApp(ctx); } else { CyaSSL_free(ssl); fdClose((SOCKET) sockfd); System_printf("CyaSSL_connect failed.\n"); fdCloseSession(TaskSelf()); exitApp(ctx); } }
THREAD_RETURN CYASSL_THREAD echoserver_test(void* args) { SOCKET_T sockfd = 0; CYASSL_METHOD* method = 0; CYASSL_CTX* ctx = 0; int ret = 0; int doDTLS = 0; int doPSK = 0; int outCreated = 0; int shutDown = 0; int useAnyAddr = 0; word16 port; int argc = ((func_args*)args)->argc; char** argv = ((func_args*)args)->argv; #ifdef ECHO_OUT FILE* fout = stdout; if (argc >= 2) { fout = fopen(argv[1], "w"); outCreated = 1; } if (!fout) err_sys("can't open output file"); #endif (void)outCreated; (void)argc; (void)argv; ((func_args*)args)->return_code = -1; /* error state */ #ifdef CYASSL_DTLS doDTLS = 1; #endif #ifdef CYASSL_LEANPSK doPSK = 1; #endif #if defined(NO_RSA) && !defined(HAVE_ECC) doPSK = 1; #endif #if defined(NO_MAIN_DRIVER) && !defined(CYASSL_SNIFFER) && \ !defined(WOLFSSL_MDK_SHELL) && !defined(CYASSL_TIRTOS) && \ !defined(USE_WINDOWS_API) /* Let tcp_listen assign port */ port = 0; #else /* Use default port */ port = wolfSSLPort; #endif #if defined(USE_ANY_ADDR) useAnyAddr = 1; #endif #ifdef CYASSL_TIRTOS fdOpenSession(Task_self()); #endif tcp_listen(&sockfd, &port, useAnyAddr, doDTLS, 0); #if defined(CYASSL_DTLS) method = CyaDTLSv1_2_server_method(); #elif !defined(NO_TLS) method = CyaSSLv23_server_method(); #elif defined(WOLFSSL_ALLOW_SSLV3) method = CyaSSLv3_server_method(); #else #error "no valid server method built in" #endif ctx = CyaSSL_CTX_new(method); /* CyaSSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF); */ #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) CyaSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); #endif #if defined(HAVE_SESSION_TICKET) && defined(HAVE_CHACHA) && \ defined(HAVE_POLY1305) if (TicketInit() != 0) err_sys("unable to setup Session Ticket Key context"); wolfSSL_CTX_set_TicketEncCb(ctx, myTicketEncCb); #endif #ifndef NO_FILESYSTEM if (doPSK == 0) { #if defined(HAVE_NTRU) && defined(WOLFSSL_STATIC_RSA) /* ntru */ if (CyaSSL_CTX_use_certificate_file(ctx, ntruCertFile, SSL_FILETYPE_PEM) != SSL_SUCCESS) err_sys("can't load ntru cert file, " "Please run from wolfSSL home dir"); if (CyaSSL_CTX_use_NTRUPrivateKey_file(ctx, ntruKeyFile) != SSL_SUCCESS) err_sys("can't load ntru key file, " "Please run from wolfSSL home dir"); #elif defined(HAVE_ECC) && !defined(CYASSL_SNIFFER) /* ecc */ if (CyaSSL_CTX_use_certificate_file(ctx, eccCertFile, SSL_FILETYPE_PEM) != SSL_SUCCESS) err_sys("can't load server cert file, " "Please run from wolfSSL home dir"); if (CyaSSL_CTX_use_PrivateKey_file(ctx, eccKeyFile, SSL_FILETYPE_PEM) != SSL_SUCCESS) err_sys("can't load server key file, " "Please run from wolfSSL home dir"); #elif defined(NO_CERTS) /* do nothing, just don't load cert files */ #else /* normal */ if (CyaSSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM) != SSL_SUCCESS) err_sys("can't load server cert file, " "Please run from wolfSSL home dir"); if (CyaSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM) != SSL_SUCCESS) err_sys("can't load server key file, " "Please run from wolfSSL home dir"); #endif } /* doPSK */ #elif !defined(NO_CERTS) if (!doPSK) { load_buffer(ctx, svrCertFile, WOLFSSL_CERT); load_buffer(ctx, svrKeyFile, WOLFSSL_KEY); } #endif #if defined(CYASSL_SNIFFER) /* don't use EDH, can't sniff tmp keys */ CyaSSL_CTX_set_cipher_list(ctx, "AES256-SHA"); #endif if (doPSK) { #ifndef NO_PSK const char *defaultCipherList; CyaSSL_CTX_set_psk_server_callback(ctx, my_psk_server_cb); CyaSSL_CTX_use_psk_identity_hint(ctx, "cyassl server"); #ifdef HAVE_NULL_CIPHER defaultCipherList = "PSK-NULL-SHA256"; #elif defined(HAVE_AESGCM) && !defined(NO_DH) defaultCipherList = "DHE-PSK-AES128-GCM-SHA256"; #else defaultCipherList = "PSK-AES128-CBC-SHA256"; #endif if (CyaSSL_CTX_set_cipher_list(ctx, defaultCipherList) != SSL_SUCCESS) err_sys("server can't set cipher list 2"); #endif } #ifdef WOLFSSL_ASYNC_CRYPT ret = wolfAsync_DevOpen(&devId); if (ret != 0) { err_sys("Async device open failed"); } wolfSSL_CTX_UseAsync(ctx, devId); #endif /* WOLFSSL_ASYNC_CRYPT */ SignalReady(args, port); while (!shutDown) { CYASSL* ssl = NULL; CYASSL* write_ssl = NULL; /* may have separate w/ HAVE_WRITE_DUP */ char command[SVR_COMMAND_SIZE+1]; int echoSz = 0; int clientfd; int firstRead = 1; int gotFirstG = 0; int err = 0; SOCKADDR_IN_T client; socklen_t client_len = sizeof(client); #ifndef CYASSL_DTLS clientfd = accept(sockfd, (struct sockaddr*)&client, (ACCEPT_THIRD_T)&client_len); #else clientfd = sockfd; { /* For DTLS, peek at the next datagram so we can get the client's * address and set it into the ssl object later to generate the * cookie. */ int n; byte b[1500]; n = (int)recvfrom(clientfd, (char*)b, sizeof(b), MSG_PEEK, (struct sockaddr*)&client, &client_len); if (n <= 0) err_sys("recvfrom failed"); } #endif if (WOLFSSL_SOCKET_IS_INVALID(clientfd)) err_sys("tcp accept failed"); ssl = CyaSSL_new(ctx); if (ssl == NULL) err_sys("SSL_new failed"); CyaSSL_set_fd(ssl, clientfd); #ifdef CYASSL_DTLS wolfSSL_dtls_set_peer(ssl, &client, client_len); #endif #if !defined(NO_FILESYSTEM) && !defined(NO_DH) && !defined(NO_ASN) CyaSSL_SetTmpDH_file(ssl, dhParamFile, SSL_FILETYPE_PEM); #elif !defined(NO_DH) SetDH(ssl); /* will repick suites with DHE, higher than PSK */ #endif do { #ifdef WOLFSSL_ASYNC_CRYPT if (err == WC_PENDING_E) { ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); if (ret < 0) { break; } else if (ret == 0) { continue; } } #endif err = 0; /* Reset error */ ret = CyaSSL_accept(ssl); if (ret != SSL_SUCCESS) { err = CyaSSL_get_error(ssl, 0); } } while (ret != SSL_SUCCESS && err == WC_PENDING_E); if (ret != SSL_SUCCESS) { char buffer[CYASSL_MAX_ERROR_SZ]; err = CyaSSL_get_error(ssl, 0); printf("error = %d, %s\n", err, CyaSSL_ERR_error_string(err, buffer)); printf("SSL_accept failed\n"); CyaSSL_free(ssl); CloseSocket(clientfd); continue; } #if defined(PEER_INFO) showPeer(ssl); #endif #ifdef HAVE_WRITE_DUP write_ssl = wolfSSL_write_dup(ssl); if (write_ssl == NULL) { printf("wolfSSL_write_dup failed\n"); CyaSSL_free(ssl); CloseSocket(clientfd); continue; } #else write_ssl = ssl; #endif while ( (echoSz = CyaSSL_read(ssl, command, sizeof(command)-1)) > 0) { if (firstRead == 1) { firstRead = 0; /* browser may send 1 byte 'G' to start */ if (echoSz == 1 && command[0] == 'G') { gotFirstG = 1; continue; } } else if (gotFirstG == 1 && strncmp(command, "ET /", 4) == 0) { strncpy(command, "GET", 4); /* fall through to normal GET */ } if ( strncmp(command, "quit", 4) == 0) { printf("client sent quit command: shutting down!\n"); shutDown = 1; break; } if ( strncmp(command, "break", 5) == 0) { printf("client sent break command: closing session!\n"); break; } #ifdef PRINT_SESSION_STATS if ( strncmp(command, "printstats", 10) == 0) { CyaSSL_PrintSessionStats(); break; } #endif if ( strncmp(command, "GET", 3) == 0) { char type[] = "HTTP/1.0 200 ok\r\nContent-type:" " text/html\r\n\r\n"; char header[] = "<html><body BGCOLOR=\"#ffffff\">\n<pre>\n"; char body[] = "greetings from wolfSSL\n"; char footer[] = "</body></html>\r\n\r\n"; strncpy(command, type, sizeof(type)); echoSz = sizeof(type) - 1; strncpy(&command[echoSz], header, sizeof(header)); echoSz += (int)sizeof(header) - 1; strncpy(&command[echoSz], body, sizeof(body)); echoSz += (int)sizeof(body) - 1; strncpy(&command[echoSz], footer, sizeof(footer)); echoSz += (int)sizeof(footer); if (CyaSSL_write(write_ssl, command, echoSz) != echoSz) err_sys("SSL_write failed"); break; } command[echoSz] = 0; #ifdef ECHO_OUT fputs(command, fout); #endif if (CyaSSL_write(write_ssl, command, echoSz) != echoSz) err_sys("SSL_write failed"); } #ifndef CYASSL_DTLS CyaSSL_shutdown(ssl); #endif #ifdef HAVE_WRITE_DUP CyaSSL_free(write_ssl); #endif CyaSSL_free(ssl); CloseSocket(clientfd); #ifdef CYASSL_DTLS tcp_listen(&sockfd, &port, useAnyAddr, doDTLS, 0); SignalReady(args, port); #endif } CloseSocket(sockfd); CyaSSL_CTX_free(ctx); #ifdef ECHO_OUT if (outCreated) fclose(fout); #endif ((func_args*)args)->return_code = 0; #if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \ && defined(HAVE_THREAD_LS) ecc_fp_free(); /* free per thread cache */ #endif #ifdef CYASSL_TIRTOS fdCloseSession(Task_self()); #endif #if defined(HAVE_SESSION_TICKET) && defined(HAVE_CHACHA) && \ defined(HAVE_POLY1305) TicketCleanup(); #endif #ifdef WOLFSSL_ASYNC_CRYPT wolfAsync_DevClose(&devId); #endif #ifndef CYASSL_TIRTOS return 0; #endif }
void* ThreadControl(void* openSock) { pthread_detach(pthread_self()); threadArgs* args = (threadArgs*)openSock; int recvLen = 0; /* length of message */ int activefd = args->activefd; /* the active descriptor */ int msgLen = args->size; /* the size of message */ unsigned char buff[msgLen]; /* the incoming message */ char ack[] = "I hear you fashizzle!\n"; CYASSL* ssl; memcpy(buff, args->b, msgLen); /* Create the CYASSL Object */ if ((ssl = CyaSSL_new(ctx)) == NULL) { printf("CyaSSL_new error.\n"); cleanup = 1; return NULL; } /* set the session ssl to client connection port */ CyaSSL_set_fd(ssl, activefd); if (CyaSSL_accept(ssl) != SSL_SUCCESS) { int e = CyaSSL_get_error(ssl, 0); printf("error = %d, %s\n", e, CyaSSL_ERR_reason_error_string(e)); printf("SSL_accept failed.\n"); return NULL; } if ((recvLen = CyaSSL_read(ssl, buff, msgLen-1)) > 0) { printf("heard %d bytes\n", recvLen); buff[recvLen] = 0; printf("I heard this: \"%s\"\n", buff); } else if (recvLen < 0) { int readErr = CyaSSL_get_error(ssl, 0); if(readErr != SSL_ERROR_WANT_READ) { printf("SSL_read failed.\n"); cleanup = 1; return NULL; } } if (CyaSSL_write(ssl, ack, sizeof(ack)) < 0) { printf("CyaSSL_write fail.\n"); cleanup = 1; return NULL; } else { printf("Sending reply.\n"); } printf("reply sent \"%s\"\n", ack); CyaSSL_shutdown(ssl); CyaSSL_free(ssl); close(activefd); free(openSock); /* valgrind friendly free */ printf("Client left return to idle state\n"); printf("Exiting thread.\n\n"); pthread_exit(openSock); }
static int main_handle( short* cs , CYASSL* cya_obj , Conn_t* conn , const char* data , const size_t data_size ) { assert( cya_obj != 0 && conn != 0 && "cya_obj and conn must not be null at the same time!" ); // locals that must exist through yields static int state = 0; static size_t data_sent = 0; static size_t data_recv = 0; static char recv_buffer[ 256 ] = { '\0' }; int valopt = 0; socklen_t lon = sizeof( int ); BEGIN_CORO( *cs ) // restarted state = SSL_SUCCESS; // first part of the coroutine is about connecting to the endpoint { if( connect( conn->sock_fd, ( struct sockaddr* ) &conn->endpoint_addr, sizeof( conn->endpoint_addr ) ) == 0 ) { EXIT( *cs, -1 ); } } debug_log( "Connecting..." ); int errval = errno; if( errval != EINPROGRESS ) { debug_log( "Connection failed" ); return -1; } YIELD( *cs, ( int ) WANT_WRITE ); if( getsockopt( conn->sock_fd, SOL_SOCKET, SO_ERROR, ( void* )( &valopt ), &lon ) < 0 ) { debug_fmt( "Error while getsockopt %s", strerror( errno ) ); return -1; } if ( valopt ) { debug_fmt( "Error while connecting %s", strerror( valopt ) ); return -1; } debug_fmt( "Connected! state = %d", state ); // part two is actually to do the ssl handshake { do { if( state == SSL_ERROR_WANT_READ ) { YIELD( *cs, ( int ) WANT_READ ); } if( state == SSL_ERROR_WANT_WRITE ) { YIELD( *cs, ( int ) WANT_WRITE ); } debug_log( "Connecting SSL..." ); int ret = CyaSSL_connect( cya_obj ); state = ret <= 0 ? CyaSSL_get_error( cya_obj, ret ) : ret; debug_fmt( "Connecting SSL state [%d][%d][%d]", state, ret, ( int ) SSL_SUCCESS ); } while( state != SSL_SUCCESS && ( state == SSL_ERROR_WANT_READ || state == SSL_ERROR_WANT_WRITE ) ); // we've connected or failed if( state != SSL_SUCCESS ) { // something went wrong EXIT( *cs, -1 ); } } // part three sending a message { data_sent = 0; do { do { if( state == SSL_ERROR_WANT_READ ) { YIELD( *cs, ( int ) WANT_READ ); } if( state == SSL_ERROR_WANT_WRITE ) { YIELD( *cs, ( int ) WANT_WRITE ); } size_t offset = data_sent; size_t size_left = data_size - data_sent; debug_fmt( "Sending SSL... data_size = [%zu], data_sent = [%zu]", data_size, data_sent ); int ret = CyaSSL_write( cya_obj, data + offset, size_left ); state = ret <= 0 ? CyaSSL_get_error( cya_obj, ret ) : SSL_SUCCESS; debug_fmt( "Sending SSL state state = [%d], ret = [%d]", state, ret ); if( ret > 0 ) { data_sent += ret; } } while( data_sent < data_size && state == SSL_SUCCESS ); } while( state != SSL_SUCCESS && ( state == SSL_ERROR_WANT_READ || state == SSL_ERROR_WANT_WRITE ) ); if( state != SSL_SUCCESS ) { debug_log( "Exiting" ); EXIT( *cs, -1 ); } } // part four receive { do { do { if( state == SSL_ERROR_WANT_READ ) { YIELD( *cs, ( int ) WANT_READ ); } if( state == SSL_ERROR_WANT_WRITE ) { YIELD( *cs, ( int ) WANT_WRITE ); } int ret = CyaSSL_read( cya_obj, recv_buffer, sizeof( recv_buffer ) - 1 ); state = ret <= 0 ? CyaSSL_get_error( cya_obj, ret ) : SSL_SUCCESS; if( ret > 0 ) { recv_buffer[ ret ] = '\0'; debug_fmt( "<<<%s>>>", recv_buffer ); debug_fmt( "Received SSL... size = [%d], state = [%d]", ret, state ); data_recv = ret; } } while( data_recv == sizeof( recv_buffer ) - 1 && state == SSL_SUCCESS ); } while( state != SSL_SUCCESS && ( state == SSL_ERROR_WANT_READ || state == SSL_ERROR_WANT_WRITE ) ); if( state != SSL_SUCCESS ) { EXIT( *cs, -1 ); } } RESTART( *cs, 0 ); END_CORO() }
void client_test(void* args) { SOCKET_T sockfd = 0; CYASSL_METHOD* method = 0; CYASSL_CTX* ctx = 0; CYASSL* ssl = 0; #ifdef TEST_RESUME CYASSL* sslResume = 0; CYASSL_SESSION* session = 0; char resumeMsg[] = "resuming cyassl!"; int resumeSz = sizeof(resumeMsg); #endif char msg[64] = "hello cyassl!"; char reply[1024]; int input; int msgSz = strlen(msg); int port = yasslPort; char* host = (char*)yasslIP; char* domain = "www.yassl.com"; int ch; int version = CLIENT_DEFAULT_VERSION; int usePsk = 0; int sendGET = 0; int benchmark = 0; int doDTLS = 0; int matchName = 0; int doPeerCheck = 1; char* cipherList = NULL; char* verifyCert = (char*)caCert; char* ourCert = (char*)cliCert; char* ourKey = (char*)cliKey; int argc = ((func_args*)args)->argc; char** argv = ((func_args*)args)->argv; ((func_args*)args)->return_code = -1; /* error state */ while ((ch = mygetopt(argc, argv, "?gdusmh:p:v:l:A:c:k:b:")) != -1) { switch (ch) { case '?' : Usage(); exit(EXIT_SUCCESS); case 'g' : sendGET = 1; break; case 'd' : doPeerCheck = 0; break; case 'u' : doDTLS = 1; version = -1; /* DTLS flag */ break; case 's' : usePsk = 1; break; case 'm' : matchName = 1; break; case 'h' : host = myoptarg; domain = myoptarg; break; case 'p' : port = atoi(myoptarg); break; case 'v' : version = atoi(myoptarg); if (version < 0 || version > 3) { Usage(); exit(MY_EX_USAGE); } if (doDTLS) version = -1; /* DTLS flag */ break; case 'l' : cipherList = myoptarg; break; case 'A' : verifyCert = myoptarg; break; case 'c' : ourCert = myoptarg; break; case 'k' : ourKey = myoptarg; break; case 'b' : benchmark = atoi(myoptarg); if (benchmark < 0 || benchmark > 1000000) { Usage(); exit(MY_EX_USAGE); } break; default: Usage(); exit(MY_EX_USAGE); } } argc -= myoptind; argv += myoptind; myoptind = 0; /* reset for test cases */ switch (version) { case 0: method = CyaSSLv3_client_method(); break; case 1: method = CyaTLSv1_client_method(); break; case 2: method = CyaTLSv1_1_client_method(); break; case 3: method = CyaTLSv1_2_client_method(); break; #ifdef CYASSL_DTLS case -1: method = CyaDTLSv1_client_method(); break; #endif default: err_sys("Bad SSL version"); } if (method == NULL) err_sys("unable to get method"); ctx = CyaSSL_CTX_new(method); if (ctx == NULL) err_sys("unable to get ctx"); if (cipherList) if (CyaSSL_CTX_set_cipher_list(ctx, cipherList) != SSL_SUCCESS) err_sys("can't set cipher list"); #ifndef NO_PSK if (usePsk) CyaSSL_CTX_set_psk_client_callback(ctx, my_psk_client_cb); #endif #ifdef OPENSSL_EXTRA CyaSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); #endif #if defined(CYASSL_SNIFFER) && !defined(HAVE_NTRU) && !defined(HAVE_ECC) /* don't use EDH, can't sniff tmp keys */ if (cipherList == NULL) if (CyaSSL_CTX_set_cipher_list(ctx, "AES256-SHA") != SSL_SUCCESS) err_sys("can't set cipher list"); #endif #ifdef USER_CA_CB CyaSSL_CTX_SetCACb(ctx, CaCb); #endif #ifdef VERIFY_CALLBACK CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myVerify); #endif if (CyaSSL_CTX_use_certificate_file(ctx, ourCert, SSL_FILETYPE_PEM) != SSL_SUCCESS) err_sys("can't load client cert file, check file and run from" " CyaSSL home dir"); if (CyaSSL_CTX_use_PrivateKey_file(ctx, ourKey, SSL_FILETYPE_PEM) != SSL_SUCCESS) err_sys("can't load client cert file, check file and run from" " CyaSSL home dir"); if (CyaSSL_CTX_load_verify_locations(ctx, verifyCert, 0) != SSL_SUCCESS) err_sys("can't load ca file, Please run from CyaSSL home dir"); if (doPeerCheck == 0) CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); if (benchmark) { /* time passed in number of connects give average */ int times = benchmark; int i = 0; double start = current_time(), avg; for (i = 0; i < times; i++) { tcp_connect(&sockfd, host, port, doDTLS); ssl = CyaSSL_new(ctx); CyaSSL_set_fd(ssl, sockfd); if (CyaSSL_connect(ssl) != SSL_SUCCESS) err_sys("SSL_connect failed"); CyaSSL_shutdown(ssl); CyaSSL_free(ssl); CloseSocket(sockfd); } avg = current_time() - start; avg /= times; avg *= 1000; /* milliseconds */ printf("CyaSSL_connect avg took: %8.3f milliseconds\n", avg); CyaSSL_CTX_free(ctx); ((func_args*)args)->return_code = 0; exit(EXIT_SUCCESS); } tcp_connect(&sockfd, host, port, doDTLS); ssl = CyaSSL_new(ctx); if (ssl == NULL) err_sys("unable to get SSL object"); CyaSSL_set_fd(ssl, sockfd); #ifdef HAVE_CRL if (CyaSSL_EnableCRL(ssl, CYASSL_CRL_CHECKALL) != SSL_SUCCESS) err_sys("can't enable crl check"); if (CyaSSL_LoadCRL(ssl, crlPemDir, SSL_FILETYPE_PEM, 0) != SSL_SUCCESS) err_sys("can't load crl, check crlfile and date validity"); if (CyaSSL_SetCRL_Cb(ssl, CRL_CallBack) != SSL_SUCCESS) err_sys("can't set crl callback"); #endif if (matchName && doPeerCheck) CyaSSL_check_domain_name(ssl, domain); #ifdef NON_BLOCKING tcp_set_nonblocking(&sockfd); NonBlockingSSL_Connect(ssl); #else #ifndef CYASSL_CALLBACKS if (CyaSSL_connect(ssl) != SSL_SUCCESS) {/* see note at top of README */ int err = CyaSSL_get_error(ssl, 0); char buffer[80]; printf("err = %d, %s\n", err, CyaSSL_ERR_error_string(err, buffer)); err_sys("SSL_connect failed");/* if you're getting an error here */ } #else timeout.tv_sec = 2; timeout.tv_usec = 0; NonBlockingSSL_Connect(ssl); /* will keep retrying on timeout */ #endif #endif showPeer(ssl); if (sendGET) { printf("SSL connect ok, sending GET...\n"); msgSz = 28; strncpy(msg, "GET /index.html HTTP/1.0\r\n\r\n", msgSz); } if (CyaSSL_write(ssl, msg, msgSz) != msgSz) err_sys("SSL_write failed"); input = CyaSSL_read(ssl, reply, sizeof(reply)); if (input > 0) { reply[input] = 0; printf("Server response: %s\n", reply); if (sendGET) { /* get html */ while (1) { input = CyaSSL_read(ssl, reply, sizeof(reply)); if (input > 0) { reply[input] = 0; printf("%s\n", reply); } else break; } } } #ifdef TEST_RESUME if (doDTLS) { strncpy(msg, "break", 6); msgSz = (int)strlen(msg); /* try to send session close */ CyaSSL_write(ssl, msg, msgSz); } session = CyaSSL_get_session(ssl); sslResume = CyaSSL_new(ctx); #endif if (doDTLS == 0) /* don't send alert after "break" command */ CyaSSL_shutdown(ssl); /* echoserver will interpret as new conn */ CyaSSL_free(ssl); CloseSocket(sockfd); #ifdef TEST_RESUME if (doDTLS) { #ifdef USE_WINDOWS_API Sleep(500); #else sleep(1); #endif } tcp_connect(&sockfd, host, port, doDTLS); CyaSSL_set_fd(sslResume, sockfd); CyaSSL_set_session(sslResume, session); showPeer(sslResume); #ifdef NON_BLOCKING tcp_set_nonblocking(&sockfd); NonBlockingSSL_Connect(sslResume); #else #ifndef CYASSL_CALLBACKS if (CyaSSL_connect(sslResume) != SSL_SUCCESS) err_sys("SSL resume failed"); #else timeout.tv_sec = 2; timeout.tv_usec = 0; NonBlockingSSL_Connect(ssl); /* will keep retrying on timeout */ #endif #endif #ifdef OPENSSL_EXTRA if (CyaSSL_session_reused(sslResume)) printf("reused session id\n"); else printf("didn't reuse session id!!!\n"); #endif if (CyaSSL_write(sslResume, resumeMsg, resumeSz) != resumeSz) err_sys("SSL_write failed"); #ifdef NON_BLOCKING /* need to give server a chance to bounce a message back to client */ #ifdef USE_WINDOWS_API Sleep(500); #else sleep(1); #endif #endif input = CyaSSL_read(sslResume, reply, sizeof(reply)); if (input > 0) { reply[input] = 0; printf("Server resume response: %s\n", reply); } /* try to send session break */ CyaSSL_write(sslResume, msg, msgSz); CyaSSL_shutdown(sslResume); CyaSSL_free(sslResume); #endif /* TEST_RESUME */ CyaSSL_CTX_free(ctx); CloseSocket(sockfd); ((func_args*)args)->return_code = 0; }
int Server(word16 port) { char msg[MAXSZ]; const char reply[] = "I hear ya fa shizzle!\n"; int n, listenfd, connfd; CYASSL_CTX* ctx; CYASSL* ssl; CyaSSL_Init(); /* create ctx and configure certificates */ if ((ctx = CyaSSL_CTX_new(CyaTLSv1_2_server_method())) == NULL) err_sys("Fatal error : CyaSSL_CTX_new error"); if (CyaSSL_CTX_use_certificate_file(ctx, svrCert, SSL_FILETYPE_PEM) != SSL_SUCCESS) err_sys("can't load server cert file," "Please run from CyaSSL home dir"); if (CyaSSL_CTX_use_PrivateKey_file(ctx, svrKey, SSL_FILETYPE_PEM) != SSL_SUCCESS) err_sys("can't load server key file, " "Please run from CyaSSL home dir"); /*sets the IO callback methods*/ CyaSSL_SetIORecv(ctx, CbIORecv); CyaSSL_SetIOSend(ctx, CbIOSend); tcp_accept(&listenfd, &connfd, NULL, port, 1, 0); if (connfd < 0) { err_sys("Fatal error : accept error"); } else { /* create CYASSL object and respond */ if ((ssl = CyaSSL_new(ctx)) == NULL) err_sys("Fatal error : CyaSSL_new error"); CyaSSL_set_fd(ssl, connfd); memset(msg, 0, MAXSZ); n = CyaSSL_read(ssl, msg, MAXSZ - 1); if (n > 0) { msg[n] = '\0'; printf("Client sent : %s\n", msg); if (CyaSSL_write(ssl, reply, strlen(reply)) > strlen(reply)) err_sys("Fatal error : respond: write error"); } if (n < 0) err_sys("Fatal error :respond: read error"); /* closes the connections after responding */ CyaSSL_shutdown(ssl); CyaSSL_free(ssl); if (close(listenfd) == -1 && close(connfd) == -1) err_sys("Fatal error : close error"); } /* free up memory used by CyaSSL */ CyaSSL_CTX_free(ctx); return 0; }
/* Checks if NonBlocking I/O is wanted, if it is wanted it will * wait until it's available on the socket before reading or writing */ int NonBlocking_ReadWriteAccept(CYASSL* ssl, socklen_t socketfd, enum read_write_t rw) { const char reply[] = "I hear ya fa shizzle!\n"; char buff[256]; int rwret = 0; int selectRet; int ret; /* Clear the buffer memory for anything possibly left over */ memset(&buff, 0, sizeof(buff)); if (rw == READ) rwret = CyaSSL_read(ssl, buff, sizeof(buff)-1); else if (rw == WRITE) rwret = CyaSSL_write(ssl, reply, sizeof(reply)-1); else if (rw == ACCEPT) rwret = CyaSSL_accept(ssl); if (rwret == 0) { printf("The client has closed the connection!\n"); return 0; } else if (rwret != SSL_SUCCESS) { int error = CyaSSL_get_error(ssl, 0); /* while I/O is not ready, keep waiting */ while ((error == SSL_ERROR_WANT_READ || error == SSL_ERROR_WANT_WRITE)) { if (error == SSL_ERROR_WANT_READ) printf("... server would read block\n"); else printf("... server would write block\n"); selectRet = TCPSelect(socketfd); if ((selectRet == 1) || (selectRet == 2)) { if (rw == READ) rwret = CyaSSL_read(ssl, buff, sizeof(buff)-1); else if (rw == WRITE) rwret = CyaSSL_write(ssl, reply, sizeof(reply)-1); else if (rw == ACCEPT) rwret = CyaSSL_accept(ssl); error = CyaSSL_get_error(ssl, 0); } else { error = SSL_FATAL_ERROR; return -1; } } /* Print any data the client sends to the console */ if (rw == READ) printf("Client: %s\n", buff); /* Reply back to the client */ else if (rw == WRITE) { if ((ret = CyaSSL_write(ssl, reply, sizeof(reply)-1)) < 0) { printf("CyaSSL_write error = %d\n", CyaSSL_get_error(ssl, ret)); } } } return 1; }
THREAD_RETURN CYASSL_THREAD test_server_nofail(void* args) { SOCKET_T sockfd = 0; int clientfd = 0; CYASSL_METHOD* method = 0; CYASSL_CTX* ctx = 0; CYASSL* ssl = 0; char msg[] = "I hear you fa shizzle!"; char input[1024]; int idx; ((func_args*)args)->return_code = TEST_FAIL; method = CyaSSLv23_server_method(); ctx = CyaSSL_CTX_new(method); CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0); #ifdef OPENSSL_EXTRA CyaSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); #endif if (CyaSSL_CTX_load_verify_locations(ctx, cliCert, 0) != SSL_SUCCESS) { /*err_sys("can't load ca file, Please run from CyaSSL home dir");*/ goto done; } if (CyaSSL_CTX_use_certificate_file(ctx, svrCert, SSL_FILETYPE_PEM) != SSL_SUCCESS) { /*err_sys("can't load server cert chain file, " "Please run from CyaSSL home dir");*/ goto done; } if (CyaSSL_CTX_use_PrivateKey_file(ctx, svrKey, SSL_FILETYPE_PEM) != SSL_SUCCESS) { /*err_sys("can't load server key file, " "Please run from CyaSSL home dir");*/ goto done; } ssl = CyaSSL_new(ctx); tcp_accept(&sockfd, &clientfd, (func_args*)args, yasslPort, 0, 0); CloseSocket(sockfd); CyaSSL_set_fd(ssl, clientfd); #ifdef NO_PSK #if !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) CyaSSL_SetTmpDH_file(ssl, dhParam, SSL_FILETYPE_PEM); #else SetDH(ssl); /* will repick suites with DHE, higher priority than PSK */ #endif #endif if (CyaSSL_accept(ssl) != SSL_SUCCESS) { int err = CyaSSL_get_error(ssl, 0); char buffer[80]; printf("error = %d, %s\n", err, CyaSSL_ERR_error_string(err, buffer)); /*err_sys("SSL_accept failed");*/ goto done; } idx = CyaSSL_read(ssl, input, sizeof(input)-1); if (idx > 0) { input[idx] = 0; printf("Client message: %s\n", input); } if (CyaSSL_write(ssl, msg, sizeof(msg)) != sizeof(msg)) { /*err_sys("SSL_write failed");*/ return 0; } done: CyaSSL_shutdown(ssl); CyaSSL_free(ssl); CyaSSL_CTX_free(ctx); CloseSocket(clientfd); ((func_args*)args)->return_code = TEST_SUCCESS; return 0; }
int AcceptAndRead(CYASSL_CTX* ctx, socklen_t sockfd, struct sockaddr_in clientAddr) { /* Create our reply message */ const char reply[] = "I hear ya fa shizzle!\n"; socklen_t size = sizeof(clientAddr); /* Wait until a client connects */ socklen_t connd = accept(sockfd, (struct sockaddr *)&clientAddr, &size); /* If fails to connect,int loop back up and wait for a new connection */ if (connd == -1) { printf("failed to accept the connection..\n"); } /* If it connects, read in and reply to the client */ else { printf("Client connected successfully\n"); CYASSL* ssl; if ( (ssl = CyaSSL_new(ctx)) == NULL) { fprintf(stderr, "CyaSSL_new error.\n"); exit(EXIT_FAILURE); } /* direct our ssl to our clients connection */ CyaSSL_set_fd(ssl, connd); printf("Using Non-Blocking I/O: %d\n", CyaSSL_get_using_nonblock( ssl)); for ( ; ; ) { char buff[256]; int ret = 0; /* Clear the buffer memory for anything possibly left over */ memset(&buff, 0, sizeof(buff)); /* Read the client data into our buff array */ if ((ret = CyaSSL_read(ssl, buff, sizeof(buff)-1)) > 0) { /* Print any data the client sends to the console */ printf("Client: %s\n", buff); /* Reply back to the client */ if ((ret = CyaSSL_write(ssl, reply, sizeof(reply)-1)) < 0) { printf("CyaSSL_write error = %d\n", CyaSSL_get_error(ssl, ret)); } } /* if the client disconnects break the loop */ else { if (ret < 0) printf("CyaSSL_read error = %d\n", CyaSSL_get_error(ssl ,ret)); else if (ret == 0) printf("The client has closed the connection.\n"); break; } } CyaSSL_free(ssl); /* Free the CYASSL object */ } close(connd); /* close the connected socket */ return 0; }
static void run_cyassl_client(void* args) { callback_functions* callbacks = ((func_args*)args)->callbacks; CYASSL_CTX* ctx = CyaSSL_CTX_new(callbacks->method()); CYASSL* ssl = NULL; SOCKET_T sfd = 0; char msg[] = "hello cyassl server!"; int len = (int) XSTRLEN(msg); char input[1024]; int idx; #ifdef CYASSL_TIRTOS fdOpenSession(Task_self()); #endif ((func_args*)args)->return_code = TEST_FAIL; #ifdef OPENSSL_EXTRA CyaSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); #endif AssertIntEQ(SSL_SUCCESS, CyaSSL_CTX_load_verify_locations(ctx, caCert, 0)); AssertIntEQ(SSL_SUCCESS, CyaSSL_CTX_use_certificate_file(ctx, cliCert, SSL_FILETYPE_PEM)); AssertIntEQ(SSL_SUCCESS, CyaSSL_CTX_use_PrivateKey_file(ctx, cliKey, SSL_FILETYPE_PEM)); if (callbacks->ctx_ready) callbacks->ctx_ready(ctx); tcp_connect(&sfd, yasslIP, ((func_args*)args)->signal->port, 0); ssl = CyaSSL_new(ctx); CyaSSL_set_fd(ssl, sfd); if (callbacks->ssl_ready) callbacks->ssl_ready(ssl); if (CyaSSL_connect(ssl) != SSL_SUCCESS) { int err = CyaSSL_get_error(ssl, 0); char buffer[CYASSL_MAX_ERROR_SZ]; printf("error = %d, %s\n", err, CyaSSL_ERR_error_string(err, buffer)); } else { AssertIntEQ(len, CyaSSL_write(ssl, msg, len)); if (0 < (idx = CyaSSL_read(ssl, input, sizeof(input)-1))) { input[idx] = 0; printf("Server response: %s\n", input); } } if (callbacks->on_result) callbacks->on_result(ssl); CyaSSL_free(ssl); CyaSSL_CTX_free(ctx); CloseSocket(sfd); ((func_args*)args)->return_code = TEST_SUCCESS; #ifdef CYASSL_TIRTOS fdCloseSession(Task_self()); #endif }
/* See the comments at the top of main.c. */ void vSecureTCPServerTask( void *pvParameters ) { portBASE_TYPE xReturned; long lBytes; uint8_t cReceivedString[ 60 ]; struct sockaddr_in xClient; int xClientAddressLength = sizeof( struct sockaddr_in ); SOCKET xListeningSocket, xConnectedSocket; CYASSL* xCyaSSL_Object; /* Only one connection is accepted at a time, so only one object is needed at a time. */ /* Just to prevent compiler warnings. */ ( void ) pvParameters; /* Perform the initialisation necessary before CyaSSL can be used. */ prvInitialiseCyaSSL(); configASSERT( xCyaSSL_ServerContext ); /* Attempt to open the socket. */ xListeningSocket = prvOpenServerSocket(); /* Now the server socket has been created and the CyaSSL library has been initialised, the task that implements the client side can be created. */ xTaskCreate( vSecureTCPClientTask, "Client", configMINIMAL_STACK_SIZE, NULL, sstSECURE_CLIENT_TASK_PRIORITY, NULL ); if( xListeningSocket != INVALID_SOCKET ) { for( ;; ) { /* Wait until the client connects. */ printf( "Waiting for new connection\r\n" ); xConnectedSocket = accept( xListeningSocket, ( struct sockaddr * ) &xClient, &xClientAddressLength ); if( xConnectedSocket != INVALID_SOCKET ) { printf( "Connection established\r\n" ); /* A connection has been accepted by the server. Create a CyaSSL object for use with the newly connected socket. */ xCyaSSL_Object = NULL; xCyaSSL_Object = CyaSSL_new( xCyaSSL_ServerContext ); if( xCyaSSL_Object != NULL ) { /* Associate the created CyaSSL object with the connected socket. */ xReturned = CyaSSL_set_fd( xCyaSSL_Object, xConnectedSocket ); configASSERT( xReturned == SSL_SUCCESS ); do { /* The next line is the secure equivalent to the standard sockets call: lBytes = recv( xConnectedSocket, cReceivedString, 50, 0 ); */ lBytes = CyaSSL_read( xCyaSSL_Object, cReceivedString, sizeof( cReceivedString ) ); /* Print the received characters. */ if( lBytes > 0 ) { printf( "Received by the secure server: %s\r\n", cReceivedString ); } } while ( lBytes > 0 ); /* The connection was closed, close the socket and free the CyaSSL object. */ closesocket( xConnectedSocket ); CyaSSL_free( xCyaSSL_Object ); printf( "Connection closed, back to start\r\n\r\n" ); } } } } else { /* The socket could not be opened. */ vTaskDelete( NULL ); } }
THREAD_RETURN CYASSL_THREAD client_test(void* args) { SOCKET_T sockfd = 0; CYASSL_METHOD* method = 0; CYASSL_CTX* ctx = 0; CYASSL* ssl = 0; CYASSL* sslResume = 0; CYASSL_SESSION* session = 0; char resumeMsg[] = "resuming cyassl!"; int resumeSz = sizeof(resumeMsg); char msg[32] = "hello cyassl!"; /* GET may make bigger */ char reply[80]; int input; int msgSz = (int)strlen(msg); int port = yasslPort; char* host = (char*)yasslIP; char* domain = (char*)"www.yassl.com"; int ch; int version = CLIENT_INVALID_VERSION; int usePsk = 0; int sendGET = 0; int benchmark = 0; int doDTLS = 0; int matchName = 0; int doPeerCheck = 1; int nonBlocking = 0; int resumeSession = 0; int trackMemory = 0; int useClientCert = 1; int fewerPackets = 0; int atomicUser = 0; int pkCallbacks = 0; char* cipherList = NULL; char* verifyCert = (char*)caCert; char* ourCert = (char*)cliCert; char* ourKey = (char*)cliKey; #ifdef HAVE_SNI char* sniHostName = NULL; #endif #ifdef HAVE_MAX_FRAGMENT byte maxFragment = 0; #endif #ifdef HAVE_TRUNCATED_HMAC byte truncatedHMAC = 0; #endif #ifdef HAVE_OCSP int useOcsp = 0; char* ocspUrl = NULL; #endif int argc = ((func_args*)args)->argc; char** argv = ((func_args*)args)->argv; ((func_args*)args)->return_code = -1; /* error state */ #ifdef NO_RSA verifyCert = (char*)eccCert; ourCert = (char*)cliEccCert; ourKey = (char*)cliEccKey; #endif (void)resumeSz; (void)session; (void)sslResume; (void)trackMemory; (void)atomicUser; (void)pkCallbacks; StackTrap(); while ((ch = mygetopt(argc, argv, "?gdusmNrtfxUPh:p:v:l:A:c:k:b:zS:L:ToO:")) != -1) { switch (ch) { case '?' : Usage(); exit(EXIT_SUCCESS); case 'g' : sendGET = 1; break; case 'd' : doPeerCheck = 0; break; case 'u' : doDTLS = 1; break; case 's' : usePsk = 1; break; case 't' : #ifdef USE_CYASSL_MEMORY trackMemory = 1; #endif break; case 'm' : matchName = 1; break; case 'x' : useClientCert = 0; break; case 'f' : fewerPackets = 1; break; case 'U' : #ifdef ATOMIC_USER atomicUser = 1; #endif break; case 'P' : #ifdef HAVE_PK_CALLBACKS pkCallbacks = 1; #endif break; case 'h' : host = myoptarg; domain = myoptarg; break; case 'p' : port = atoi(myoptarg); #if !defined(NO_MAIN_DRIVER) || defined(USE_WINDOWS_API) if (port == 0) err_sys("port number cannot be 0"); #endif break; case 'v' : version = atoi(myoptarg); if (version < 0 || version > 3) { Usage(); exit(MY_EX_USAGE); } break; case 'l' : cipherList = myoptarg; break; case 'A' : verifyCert = myoptarg; break; case 'c' : ourCert = myoptarg; break; case 'k' : ourKey = myoptarg; break; case 'b' : benchmark = atoi(myoptarg); if (benchmark < 0 || benchmark > 1000000) { Usage(); exit(MY_EX_USAGE); } break; case 'N' : nonBlocking = 1; break; case 'r' : resumeSession = 1; break; case 'z' : #ifndef CYASSL_LEANPSK CyaSSL_GetObjectSize(); #endif break; case 'S' : #ifdef HAVE_SNI sniHostName = myoptarg; #endif break; case 'L' : #ifdef HAVE_MAX_FRAGMENT maxFragment = atoi(myoptarg); if (maxFragment < CYASSL_MFL_2_9 || maxFragment > CYASSL_MFL_2_13) { Usage(); exit(MY_EX_USAGE); } #endif break; case 'T' : #ifdef HAVE_TRUNCATED_HMAC truncatedHMAC = 1; #endif break; case 'o' : #ifdef HAVE_OCSP useOcsp = 1; #endif break; case 'O' : #ifdef HAVE_OCSP useOcsp = 1; ocspUrl = myoptarg; #endif break; default: Usage(); exit(MY_EX_USAGE); } } myoptind = 0; /* reset for test cases */ /* sort out DTLS versus TLS versions */ if (version == CLIENT_INVALID_VERSION) { if (doDTLS) version = CLIENT_DTLS_DEFAULT_VERSION; else version = CLIENT_DEFAULT_VERSION; } else { if (doDTLS) { if (version == 3) version = -2; else version = -1; } } #ifdef USE_CYASSL_MEMORY if (trackMemory) InitMemoryTracker(); #endif switch (version) { #ifndef NO_OLD_TLS case 0: method = CyaSSLv3_client_method(); break; #ifndef NO_TLS case 1: method = CyaTLSv1_client_method(); break; case 2: method = CyaTLSv1_1_client_method(); break; #endif /* NO_TLS */ #endif /* NO_OLD_TLS */ #ifndef NO_TLS case 3: method = CyaTLSv1_2_client_method(); break; #endif #ifdef CYASSL_DTLS case -1: method = CyaDTLSv1_client_method(); break; case -2: method = CyaDTLSv1_2_client_method(); break; #endif default: err_sys("Bad SSL version"); break; } if (method == NULL) err_sys("unable to get method"); ctx = CyaSSL_CTX_new(method); if (ctx == NULL) err_sys("unable to get ctx"); if (cipherList) if (CyaSSL_CTX_set_cipher_list(ctx, cipherList) != SSL_SUCCESS) err_sys("client can't set cipher list 1"); #ifdef CYASSL_LEANPSK usePsk = 1; #endif #if defined(NO_RSA) && !defined(HAVE_ECC) usePsk = 1; #endif if (fewerPackets) CyaSSL_CTX_set_group_messages(ctx); if (usePsk) { #ifndef NO_PSK CyaSSL_CTX_set_psk_client_callback(ctx, my_psk_client_cb); if (cipherList == NULL) { const char *defaultCipherList; #ifdef HAVE_NULL_CIPHER defaultCipherList = "PSK-NULL-SHA256"; #else defaultCipherList = "PSK-AES128-CBC-SHA256"; #endif if (CyaSSL_CTX_set_cipher_list(ctx,defaultCipherList) !=SSL_SUCCESS) err_sys("client can't set cipher list 2"); } #endif useClientCert = 0; } #ifdef OPENSSL_EXTRA CyaSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); #endif #if defined(CYASSL_SNIFFER) && !defined(HAVE_NTRU) && !defined(HAVE_ECC) if (cipherList == NULL) { /* don't use EDH, can't sniff tmp keys */ if (CyaSSL_CTX_set_cipher_list(ctx, "AES256-SHA256") != SSL_SUCCESS) { err_sys("client can't set cipher list 3"); } } #endif #ifdef HAVE_OCSP if (useOcsp) { if (ocspUrl != NULL) { CyaSSL_CTX_SetOCSP_OverrideURL(ctx, ocspUrl); CyaSSL_CTX_EnableOCSP(ctx, CYASSL_OCSP_NO_NONCE | CYASSL_OCSP_URL_OVERRIDE); } else CyaSSL_CTX_EnableOCSP(ctx, CYASSL_OCSP_NO_NONCE); } #endif #ifdef USER_CA_CB CyaSSL_CTX_SetCACb(ctx, CaCb); #endif #ifdef VERIFY_CALLBACK CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myVerify); #endif #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) if (useClientCert){ if (CyaSSL_CTX_use_certificate_chain_file(ctx, ourCert) != SSL_SUCCESS) err_sys("can't load client cert file, check file and run from" " CyaSSL home dir"); if (CyaSSL_CTX_use_PrivateKey_file(ctx, ourKey, SSL_FILETYPE_PEM) != SSL_SUCCESS) err_sys("can't load client private key file, check file and run " "from CyaSSL home dir"); } if (!usePsk) { if (CyaSSL_CTX_load_verify_locations(ctx, verifyCert, 0) != SSL_SUCCESS) err_sys("can't load ca file, Please run from CyaSSL home dir"); } #endif #if !defined(NO_CERTS) if (!usePsk && doPeerCheck == 0) CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); #endif #ifdef HAVE_CAVIUM CyaSSL_CTX_UseCavium(ctx, CAVIUM_DEV_ID); #endif #ifdef HAVE_SNI if (sniHostName) if (CyaSSL_CTX_UseSNI(ctx, 0, sniHostName, XSTRLEN(sniHostName)) != SSL_SUCCESS) err_sys("UseSNI failed"); #endif #ifdef HAVE_MAX_FRAGMENT if (maxFragment) if (CyaSSL_CTX_UseMaxFragment(ctx, maxFragment) != SSL_SUCCESS) err_sys("UseMaxFragment failed"); #endif #ifdef HAVE_TRUNCATED_HMAC if (truncatedHMAC) if (CyaSSL_CTX_UseTruncatedHMAC(ctx) != SSL_SUCCESS) err_sys("UseTruncatedHMAC failed"); #endif if (benchmark) { /* time passed in number of connects give average */ int times = benchmark; int i = 0; double start = current_time(), avg; for (i = 0; i < times; i++) { tcp_connect(&sockfd, host, port, doDTLS); ssl = CyaSSL_new(ctx); CyaSSL_set_fd(ssl, sockfd); if (CyaSSL_connect(ssl) != SSL_SUCCESS) err_sys("SSL_connect failed"); CyaSSL_shutdown(ssl); CyaSSL_free(ssl); CloseSocket(sockfd); } avg = current_time() - start; avg /= times; avg *= 1000; /* milliseconds */ printf("CyaSSL_connect avg took: %8.3f milliseconds\n", avg); CyaSSL_CTX_free(ctx); ((func_args*)args)->return_code = 0; exit(EXIT_SUCCESS); } #if defined(CYASSL_MDK_ARM) CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); #endif ssl = CyaSSL_new(ctx); if (ssl == NULL) err_sys("unable to get SSL object"); if (doDTLS) { SOCKADDR_IN_T addr; build_addr(&addr, host, port, 1); CyaSSL_dtls_set_peer(ssl, &addr, sizeof(addr)); tcp_socket(&sockfd, 1); } else { tcp_connect(&sockfd, host, port, 0); } CyaSSL_set_fd(ssl, sockfd); #ifdef HAVE_CRL if (CyaSSL_EnableCRL(ssl, CYASSL_CRL_CHECKALL) != SSL_SUCCESS) err_sys("can't enable crl check"); if (CyaSSL_LoadCRL(ssl, crlPemDir, SSL_FILETYPE_PEM, 0) != SSL_SUCCESS) err_sys("can't load crl, check crlfile and date validity"); if (CyaSSL_SetCRL_Cb(ssl, CRL_CallBack) != SSL_SUCCESS) err_sys("can't set crl callback"); #endif #ifdef ATOMIC_USER if (atomicUser) SetupAtomicUser(ctx, ssl); #endif #ifdef HAVE_PK_CALLBACKS if (pkCallbacks) SetupPkCallbacks(ctx, ssl); #endif if (matchName && doPeerCheck) CyaSSL_check_domain_name(ssl, domain); #ifndef CYASSL_CALLBACKS if (nonBlocking) { CyaSSL_set_using_nonblock(ssl, 1); tcp_set_nonblocking(&sockfd); NonBlockingSSL_Connect(ssl); } else if (CyaSSL_connect(ssl) != SSL_SUCCESS) { /* see note at top of README */ int err = CyaSSL_get_error(ssl, 0); char buffer[CYASSL_MAX_ERROR_SZ]; printf("err = %d, %s\n", err, CyaSSL_ERR_error_string(err, buffer)); err_sys("SSL_connect failed"); /* if you're getting an error here */ } #else timeout.tv_sec = 2; timeout.tv_usec = 0; NonBlockingSSL_Connect(ssl); /* will keep retrying on timeout */ #endif showPeer(ssl); if (sendGET) { printf("SSL connect ok, sending GET...\n"); msgSz = 28; strncpy(msg, "GET /index.html HTTP/1.0\r\n\r\n", msgSz); msg[msgSz] = '\0'; } if (CyaSSL_write(ssl, msg, msgSz) != msgSz) err_sys("SSL_write failed"); input = CyaSSL_read(ssl, reply, sizeof(reply)-1); if (input > 0) { reply[input] = 0; printf("Server response: %s\n", reply); if (sendGET) { /* get html */ while (1) { input = CyaSSL_read(ssl, reply, sizeof(reply)-1); if (input > 0) { reply[input] = 0; printf("%s\n", reply); } else break; } } } else if (input < 0) { int readErr = CyaSSL_get_error(ssl, 0); if (readErr != SSL_ERROR_WANT_READ) err_sys("CyaSSL_read failed"); } #ifndef NO_SESSION_CACHE if (resumeSession) { if (doDTLS) { strncpy(msg, "break", 6); msgSz = (int)strlen(msg); /* try to send session close */ CyaSSL_write(ssl, msg, msgSz); } session = CyaSSL_get_session(ssl); sslResume = CyaSSL_new(ctx); } #endif if (doDTLS == 0) /* don't send alert after "break" command */ CyaSSL_shutdown(ssl); /* echoserver will interpret as new conn */ #ifdef ATOMIC_USER if (atomicUser) FreeAtomicUser(ssl); #endif CyaSSL_free(ssl); CloseSocket(sockfd); #ifndef NO_SESSION_CACHE if (resumeSession) { if (doDTLS) { SOCKADDR_IN_T addr; #ifdef USE_WINDOWS_API Sleep(500); #else sleep(1); #endif build_addr(&addr, host, port, 1); CyaSSL_dtls_set_peer(sslResume, &addr, sizeof(addr)); tcp_socket(&sockfd, 1); } else { tcp_connect(&sockfd, host, port, 0); } CyaSSL_set_fd(sslResume, sockfd); CyaSSL_set_session(sslResume, session); showPeer(sslResume); #ifndef CYASSL_CALLBACKS if (nonBlocking) { CyaSSL_set_using_nonblock(sslResume, 1); tcp_set_nonblocking(&sockfd); NonBlockingSSL_Connect(sslResume); } else if (CyaSSL_connect(sslResume) != SSL_SUCCESS) err_sys("SSL resume failed"); #else timeout.tv_sec = 2; timeout.tv_usec = 0; NonBlockingSSL_Connect(ssl); /* will keep retrying on timeout */ #endif if (CyaSSL_session_reused(sslResume)) printf("reused session id\n"); else printf("didn't reuse session id!!!\n"); if (CyaSSL_write(sslResume, resumeMsg, resumeSz) != resumeSz) err_sys("SSL_write failed"); if (nonBlocking) { /* give server a chance to bounce a message back to client */ #ifdef USE_WINDOWS_API Sleep(500); #else sleep(1); #endif } input = CyaSSL_read(sslResume, reply, sizeof(reply)-1); if (input > 0) { reply[input] = 0; printf("Server resume response: %s\n", reply); } /* try to send session break */ CyaSSL_write(sslResume, msg, msgSz); CyaSSL_shutdown(sslResume); CyaSSL_free(sslResume); CloseSocket(sockfd); } #endif /* NO_SESSION_CACHE */ CyaSSL_CTX_free(ctx); ((func_args*)args)->return_code = 0; #ifdef USE_CYASSL_MEMORY if (trackMemory) ShowMemoryTracker(); #endif /* USE_CYASSL_MEMORY */ return 0; }
THREAD_RETURN CYASSL_THREAD echoserver_test(void* args) { SOCKET_T sockfd = 0; CYASSL_METHOD* method = 0; CYASSL_CTX* ctx = 0; int doDTLS = 0; int doPSK = 0; int outCreated = 0; int shutDown = 0; int useAnyAddr = 0; word16 port = yasslPort; int argc = ((func_args*)args)->argc; char** argv = ((func_args*)args)->argv; #ifdef ECHO_OUT FILE* fout = stdout; if (argc >= 2) { fout = fopen(argv[1], "w"); outCreated = 1; } if (!fout) err_sys("can't open output file"); #endif (void)outCreated; (void)argc; (void)argv; ((func_args*)args)->return_code = -1; /* error state */ #ifdef CYASSL_DTLS doDTLS = 1; #endif #ifdef CYASSL_LEANPSK doPSK = 1; #endif #if defined(NO_RSA) && !defined(HAVE_ECC) doPSK = 1; #endif #if defined(NO_MAIN_DRIVER) && !defined(USE_WINDOWS_API) && \ !defined(CYASSL_SNIFFER) && !defined(CYASSL_MDK_ARM) port = 0; #endif #if defined(USE_ANY_ADDR) useAnyAddr = 1; #endif tcp_listen(&sockfd, &port, useAnyAddr, doDTLS); #if defined(CYASSL_DTLS) method = CyaDTLSv1_server_method(); #elif !defined(NO_TLS) method = CyaSSLv23_server_method(); #else method = CyaSSLv3_server_method(); #endif ctx = CyaSSL_CTX_new(method); /* CyaSSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF); */ #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) CyaSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); #endif #ifndef NO_FILESYSTEM if (doPSK == 0) { #ifdef HAVE_NTRU /* ntru */ if (CyaSSL_CTX_use_certificate_file(ctx, ntruCert, SSL_FILETYPE_PEM) != SSL_SUCCESS) err_sys("can't load ntru cert file, " "Please run from CyaSSL home dir"); if (CyaSSL_CTX_use_NTRUPrivateKey_file(ctx, ntruKey) != SSL_SUCCESS) err_sys("can't load ntru key file, " "Please run from CyaSSL home dir"); #elif defined(HAVE_ECC) /* ecc */ if (CyaSSL_CTX_use_certificate_file(ctx, eccCert, SSL_FILETYPE_PEM) != SSL_SUCCESS) err_sys("can't load server cert file, " "Please run from CyaSSL home dir"); if (CyaSSL_CTX_use_PrivateKey_file(ctx, eccKey, SSL_FILETYPE_PEM) != SSL_SUCCESS) err_sys("can't load server key file, " "Please run from CyaSSL home dir"); #elif defined(NO_CERTS) /* do nothing, just don't load cert files */ #else /* normal */ if (CyaSSL_CTX_use_certificate_file(ctx, svrCert, SSL_FILETYPE_PEM) != SSL_SUCCESS) err_sys("can't load server cert file, " "Please run from CyaSSL home dir"); if (CyaSSL_CTX_use_PrivateKey_file(ctx, svrKey, SSL_FILETYPE_PEM) != SSL_SUCCESS) err_sys("can't load server key file, " "Please run from CyaSSL home dir"); #endif } /* doPSK */ #elif !defined(NO_CERTS) if (!doPSK) { load_buffer(ctx, svrCert, CYASSL_CERT); load_buffer(ctx, svrKey, CYASSL_KEY); } #endif #if defined(CYASSL_SNIFFER) && !defined(HAVE_NTRU) && !defined(HAVE_ECC) /* don't use EDH, can't sniff tmp keys */ CyaSSL_CTX_set_cipher_list(ctx, "AES256-SHA"); #endif if (doPSK) { #ifndef NO_PSK const char *defaultCipherList; CyaSSL_CTX_set_psk_server_callback(ctx, my_psk_server_cb); CyaSSL_CTX_use_psk_identity_hint(ctx, "cyassl server"); #ifdef HAVE_NULL_CIPHER defaultCipherList = "PSK-NULL-SHA256"; #else defaultCipherList = "PSK-AES128-CBC-SHA256"; #endif if (CyaSSL_CTX_set_cipher_list(ctx, defaultCipherList) != SSL_SUCCESS) err_sys("server can't set cipher list 2"); #endif } SignalReady(args, port); while (!shutDown) { CYASSL* ssl = 0; char command[SVR_COMMAND_SIZE+1]; int echoSz = 0; int clientfd; int firstRead = 1; int gotFirstG = 0; #ifndef CYASSL_DTLS SOCKADDR_IN_T client; socklen_t client_len = sizeof(client); clientfd = accept(sockfd, (struct sockaddr*)&client, (ACCEPT_THIRD_T)&client_len); #else clientfd = udp_read_connect(sockfd); #endif if (clientfd == -1) err_sys("tcp accept failed"); ssl = CyaSSL_new(ctx); if (ssl == NULL) err_sys("SSL_new failed"); CyaSSL_set_fd(ssl, clientfd); #if !defined(NO_FILESYSTEM) && !defined(NO_DH) CyaSSL_SetTmpDH_file(ssl, dhParam, SSL_FILETYPE_PEM); #elif !defined(NO_DH) SetDH(ssl); /* will repick suites with DHE, higher than PSK */ #endif if (CyaSSL_accept(ssl) != SSL_SUCCESS) { printf("SSL_accept failed\n"); CyaSSL_free(ssl); CloseSocket(clientfd); continue; } #if defined(PEER_INFO) showPeer(ssl); #endif while ( (echoSz = CyaSSL_read(ssl, command, sizeof(command)-1)) > 0) { if (firstRead == 1) { firstRead = 0; /* browser may send 1 byte 'G' to start */ if (echoSz == 1 && command[0] == 'G') { gotFirstG = 1; continue; } } else if (gotFirstG == 1 && strncmp(command, "ET /", 4) == 0) { strncpy(command, "GET", 4); /* fall through to normal GET */ } if ( strncmp(command, "quit", 4) == 0) { printf("client sent quit command: shutting down!\n"); shutDown = 1; break; } if ( strncmp(command, "break", 5) == 0) { printf("client sent break command: closing session!\n"); break; } #ifdef SESSION_STATS if ( strncmp(command, "printstats", 10) == 0) { PrintSessionStats(); break; } #endif if ( strncmp(command, "GET", 3) == 0) { char type[] = "HTTP/1.0 200 ok\r\nContent-type:" " text/html\r\n\r\n"; char header[] = "<html><body BGCOLOR=\"#ffffff\">\n<pre>\n"; char body[] = "greetings from CyaSSL\n"; char footer[] = "</body></html>\r\n\r\n"; strncpy(command, type, sizeof(type)); echoSz = sizeof(type) - 1; strncpy(&command[echoSz], header, sizeof(header)); echoSz += (int)sizeof(header) - 1; strncpy(&command[echoSz], body, sizeof(body)); echoSz += (int)sizeof(body) - 1; strncpy(&command[echoSz], footer, sizeof(footer)); echoSz += (int)sizeof(footer); if (CyaSSL_write(ssl, command, echoSz) != echoSz) err_sys("SSL_write failed"); break; } command[echoSz] = 0; #ifdef ECHO_OUT fputs(command, fout); #endif if (CyaSSL_write(ssl, command, echoSz) != echoSz) err_sys("SSL_write failed"); } #ifndef CYASSL_DTLS CyaSSL_shutdown(ssl); #endif CyaSSL_free(ssl); CloseSocket(clientfd); #ifdef CYASSL_DTLS tcp_listen(&sockfd, &port, useAnyAddr, doDTLS); SignalReady(args, port); #endif } CloseSocket(sockfd); CyaSSL_CTX_free(ctx); #ifdef ECHO_OUT if (outCreated) fclose(fout); #endif ((func_args*)args)->return_code = 0; return 0; }
/** * Perform an HTTPS request, caller frees both request and response, * NULL returned on error. * @param sockfd Socket to use, already connected * @param req Request to send, fully formatted. * @param hostname Hostname to use in https request. Caller frees. * @return char Response as a string */ char * https_get(const int sockfd, const char *req, const char *hostname) { ssize_t numbytes; int done, nfds; fd_set readfds; struct timeval timeout; unsigned long sslerr; char sslerrmsg[CYASSL_MAX_ERROR_SZ]; size_t reqlen = strlen(req); char readbuf[MAX_BUF]; char *retval; pstr_t *response = pstr_new(); CYASSL *ssl = NULL; CYASSL_CTX *ctx = NULL; s_config *config; config = config_get_config(); ctx = get_cyassl_ctx(hostname); if (NULL == ctx) { debug(LOG_ERR, "Could not get CyaSSL Context!"); goto error; } if (sockfd == -1) { /* Could not connect to server */ debug(LOG_ERR, "Could not open socket to server!"); goto error; } /* Create CYASSL object */ if ((ssl = CyaSSL_new(ctx)) == NULL) { debug(LOG_ERR, "Could not create CyaSSL context."); goto error; } if (config->ssl_verify) { // Turn on domain name check // Loading of CA certificates and verification of remote host name // go hand in hand - one is useless without the other. CyaSSL_check_domain_name(ssl, hostname); } CyaSSL_set_fd(ssl, sockfd); debug(LOG_DEBUG, "Sending HTTPS request to auth server: [%s]\n", req); numbytes = CyaSSL_send(ssl, req, (int)reqlen, 0); if (numbytes <= 0) { sslerr = (unsigned long)CyaSSL_get_error(ssl, numbytes); CyaSSL_ERR_error_string(sslerr, sslerrmsg); debug(LOG_ERR, "CyaSSL_send failed: %s", sslerrmsg); goto error; } else if ((size_t) numbytes != reqlen) { debug(LOG_ERR, "CyaSSL_send failed: only %d bytes out of %d bytes sent!", numbytes, reqlen); goto error; } debug(LOG_DEBUG, "Reading response"); done = 0; do { FD_ZERO(&readfds); FD_SET(sockfd, &readfds); timeout.tv_sec = 30; /* XXX magic... 30 second is as good a timeout as any */ timeout.tv_usec = 0; nfds = sockfd + 1; nfds = select(nfds, &readfds, NULL, NULL, &timeout); if (nfds > 0) { /** We don't have to use FD_ISSET() because there * was only one fd. */ memset(readbuf, 0, MAX_BUF); numbytes = CyaSSL_read(ssl, readbuf, MAX_BUF - 1); if (numbytes < 0) { sslerr = (unsigned long)CyaSSL_get_error(ssl, numbytes); CyaSSL_ERR_error_string(sslerr, sslerrmsg); debug(LOG_ERR, "An error occurred while reading from server: %s", sslerrmsg); goto error; } else if (numbytes == 0) { /* CyaSSL_read returns 0 on a clean shutdown or if the peer closed the connection. We can't distinguish between these cases right now. */ done = 1; } else { readbuf[numbytes] = '\0'; pstr_cat(response, readbuf); debug(LOG_DEBUG, "Read %d bytes", numbytes); } } else if (nfds == 0) { debug(LOG_ERR, "Timed out reading data via select() from auth server"); goto error; } else if (nfds < 0) { debug(LOG_ERR, "Error reading data via select() from auth server: %s", strerror(errno)); goto error; } } while (!done); close(sockfd); CyaSSL_free(ssl); retval = pstr_to_string(response); debug(LOG_DEBUG, "HTTPS Response from Server: [%s]", retval); return retval; error: if (ssl) { CyaSSL_free(ssl); } if (sockfd >= 0) { close(sockfd); } retval = pstr_to_string(response); free(retval); return NULL; }
void client_test(void) { char msg[64]; char reply[1024]; int sockfd, input; int ret = 0, msgSz = 0; struct sockaddr_in servaddr; CYASSL_CTX* ctx; CYASSL* ssl; long yasslIP = IPADDR(192,168,1,125); long yasslPort = 11111; /* for debug, compile CyaSSL with DEBUG_CYASSL defined */ CyaSSL_Debugging_ON(); CyaSSL_Init(); ctx = CyaSSL_CTX_new(CyaTLSv1_2_client_method()); if (ctx == 0) err_sys("setting up ctx"); CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myVerify); ret = CyaSSL_CTX_use_certificate_file(ctx, clientCert, SSL_FILETYPE_PEM); if (ret != SSL_SUCCESS) err_sys("can't load client cert file, check file"); ret = CyaSSL_CTX_use_PrivateKey_file(ctx, clientKey, SSL_FILETYPE_PEM); if (ret != SSL_SUCCESS) err_sys("can't load client key file, check file"); ret = CyaSSL_CTX_load_verify_locations(ctx, caCert, 0); if (ret != SSL_SUCCESS) err_sys("can't load CA cert file, check file"); /* create socket descriptor */ sockfd = socket(AF_INET, SOCK_STREAM, 0); if (sockfd == RTCS_SOCKET_ERROR) { err_sys("socket creation failed"); } else { printf("socket created successfully\n"); } /* * Unlike most TCP/IP stacks, RTCS requires that sin_port and * sin_addr needs to be in Host Byte Order, not Network Byte Order. * This means we shouldn't use htons() when setting these values. */ memset((char*)&servaddr, 0, sizeof(servaddr)); servaddr.sin_family = AF_INET; servaddr.sin_port = yasslPort; servaddr.sin_addr.s_addr = yasslIP; ret = connect(sockfd, &servaddr, sizeof(servaddr)); if (ret != RTCS_OK) { err_sys("connect() failed"); } else { printf("Connected to %lx, port %d.\n", servaddr.sin_addr.s_addr, servaddr.sin_port); } if ( (ssl = CyaSSL_new(ctx)) == NULL) err_sys("CyaSSL_new failed"); CyaSSL_set_fd(ssl, sockfd); ret = CyaSSL_connect(ssl); if (ret != SSL_SUCCESS) err_sys("CyaSSL_connect failed"); printf("CyaSSL_connect() ok, sending GET...\n"); msgSz = 28; strncpy(msg, "GET /index.html HTTP/1.0\r\n\r\n", msgSz); if (CyaSSL_write(ssl, msg, msgSz) != msgSz) err_sys("CyaSSL_write() failed"); input = CyaSSL_read(ssl, reply, sizeof(reply)-1); if (input > 0) { reply[input] = 0; printf("Server response: %s\n", reply); while (1) { input = CyaSSL_read(ssl, reply, sizeof(reply)-1); if (input > 0) { reply[input] = 0; printf("%s\n", reply); } else { break; } } } CyaSSL_shutdown(ssl); CyaSSL_free(ssl); CyaSSL_CTX_free(ctx); CyaSSL_Cleanup(); }