static void NonBlockingSSL_Connect(WOLFSSL* ssl) { #ifndef WOLFSSL_CALLBACKS int ret = wolfSSL_connect(ssl); #else int ret = wolfSSL_connect_ex(ssl, handShakeCB, timeoutCB, timeout); #endif int error = wolfSSL_get_error(ssl, 0); SOCKET_T sockfd = (SOCKET_T)wolfSSL_get_fd(ssl); int select_ret; while (ret != SSL_SUCCESS && (error == SSL_ERROR_WANT_READ || error == SSL_ERROR_WANT_WRITE)) { int currTimeout = 1; if (error == SSL_ERROR_WANT_READ) printf("... client would read block\n"); else printf("... client would write block\n"); #ifdef WOLFSSL_DTLS currTimeout = wolfSSL_dtls_get_current_timeout(ssl); #endif select_ret = tcp_select(sockfd, currTimeout); if ((select_ret == TEST_RECV_READY) || (select_ret == TEST_ERROR_READY)) { #ifndef WOLFSSL_CALLBACKS ret = wolfSSL_connect(ssl); #else ret = wolfSSL_connect_ex(ssl,handShakeCB,timeoutCB,timeout); #endif error = wolfSSL_get_error(ssl, 0); } else if (select_ret == TEST_TIMEOUT && !wolfSSL_dtls(ssl)) { error = SSL_ERROR_WANT_READ; } #ifdef WOLFSSL_DTLS else if (select_ret == TEST_TIMEOUT && wolfSSL_dtls(ssl) && wolfSSL_dtls_got_timeout(ssl) >= 0) { error = SSL_ERROR_WANT_READ; } #endif else { error = SSL_FATAL_ERROR; } } if (ret != SSL_SUCCESS) err_sys("SSL_connect failed"); }
static void* client_thread(void* args) { /* set up client */ WOLFSSL_CTX* cli_ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()); if (cli_ctx == NULL) err_sys("bad client ctx new"); int ret = wolfSSL_CTX_load_verify_locations(cli_ctx, cacert, NULL); if (ret != SSL_SUCCESS) err_sys("bad ca load"); wolfSSL_SetIOSend(cli_ctx, ClientSend); wolfSSL_SetIORecv(cli_ctx, ClientRecv); WOLFSSL* cli_ssl = wolfSSL_new(cli_ctx); if (cli_ctx == NULL) err_sys("bad client new"); ret = wolfSSL_connect(cli_ssl); if (ret != SSL_SUCCESS) err_sys("bad client tls connect"); printf("wolfSSL client success!\n"); ret = wolfSSL_write(cli_ssl, "hello memory wolfSSL!", 21); /* clean up */ wolfSSL_free(cli_ssl); wolfSSL_CTX_free(cli_ctx); return NULL; }
int ClientBenchmarkConnections(WOLFSSL_CTX* ctx, char* host, word16 port, int doDTLS, int benchmark, int resumeSession) { /* time passed in number of connects give average */ int times = benchmark; int loops = resumeSession ? 2 : 1; int i = 0; #ifndef NO_SESSION_CACHE WOLFSSL_SESSION* benchSession = NULL; #endif (void)resumeSession; while (loops--) { #ifndef NO_SESSION_CACHE int benchResume = resumeSession && loops == 0; #endif double start = current_time(), avg; for (i = 0; i < times; i++) { SOCKET_T sockfd; WOLFSSL* ssl = wolfSSL_new(ctx); if (ssl == NULL) err_sys("unable to get SSL object"); tcp_connect(&sockfd, host, port, doDTLS, ssl); #ifndef NO_SESSION_CACHE if (benchResume) wolfSSL_set_session(ssl, benchSession); #endif wolfSSL_set_fd(ssl, sockfd); if (wolfSSL_connect(ssl) != SSL_SUCCESS) err_sys("SSL_connect failed"); wolfSSL_shutdown(ssl); #ifndef NO_SESSION_CACHE if (i == (times-1) && resumeSession) { benchSession = wolfSSL_get_session(ssl); } #endif wolfSSL_free(ssl); CloseSocket(sockfd); } avg = current_time() - start; avg /= times; avg *= 1000; /* milliseconds */ #ifndef NO_SESSION_CACHE if (benchResume) printf("wolfSSL_resume avg took: %8.3f milliseconds\n", avg); else #endif printf("wolfSSL_connect avg took: %8.3f milliseconds\n", avg); } return EXIT_SUCCESS; }
int Client(const char* ip, word16 port) { int n; char msg[] = "hello wolfssl"; char reply[MAXSZ]; int msgSz = strlen(msg); SOCKET_T fd; WOLFSSL_CTX* ctx; WOLFSSL* ssl; if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL) err_sys("Error in setting client ctx\n"); if (wolfSSL_CTX_load_verify_locations(ctx, caCert, 0) != SSL_SUCCESS) err_sys("trouble loading client cert"); if (wolfSSL_CTX_use_certificate_file(ctx, cliCert, SSL_FILETYPE_PEM) != SSL_SUCCESS) err_sys("trouble loading client cert"); if (wolfSSL_CTX_use_PrivateKey_file(ctx, cliKey, SSL_FILETYPE_PEM) != SSL_SUCCESS) err_sys("trouble loading client cert"); /*sets the IO callback methods*/ wolfSSL_SetIORecv(ctx, CbIORecv); wolfSSL_SetIOSend(ctx, CbIOSend); if ((ssl = wolfSSL_new(ctx)) == NULL) err_sys("issue when creating ssl"); tcp_connect(&fd, ip, port, 0); wolfSSL_set_fd(ssl, fd); if (wolfSSL_connect(ssl) != SSL_SUCCESS) err_sys("client connect failed"); if (wolfSSL_write(ssl, msg, msgSz) != msgSz) err_sys("client write failed"); memset(reply, 0, MAXSZ); if ((n = wolfSSL_read(ssl, reply, MAXSZ - 1)) > 0) { reply[n] = '\0'; } else { printf("client read returned %d\n", n); return -1; } printf("Server sent : %s\n", reply); wolfSSL_shutdown(ssl); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); return 0; }
/* * sets up and uses nonblocking protocols using wolfssl */ static int NonBlockingSSL_Connect(WOLFSSL* ssl) { int ret, error, sockfd, select_ret, currTimeout; ret = wolfSSL_connect(ssl); error = wolfSSL_get_error(ssl, 0); sockfd = (int)wolfSSL_get_fd(ssl); while (ret != SSL_SUCCESS && (error == SSL_ERROR_WANT_READ || error == SSL_ERROR_WANT_WRITE)) { currTimeout = 1; if (error == SSL_ERROR_WANT_READ) printf("... client would read block\n"); else printf("... client would write block\n"); select_ret = tcp_select(sockfd, currTimeout); if ((select_ret == TEST_RECV_READY) || (select_ret == TEST_ERROR_READY)) { ret = wolfSSL_connect(ssl); error = wolfSSL_get_error(ssl, 0); } else if (select_ret == TEST_TIMEOUT) { error = SSL_ERROR_WANT_READ; } else { error = SSL_FATAL_ERROR; } } if (ret != SSL_SUCCESS){ printf("SSL_connect failed"); return 1; } return 0; }
int main() { int sockfd; WOLFSSL_CTX* ctx; WOLFSSL* ssl; WOLFSSL_METHOD* method; struct sockaddr_in servAddr; const char message[] = "Hello, World!"; /* create and set up socket */ sockfd = socket(AF_INET, SOCK_STREAM, 0); memset(&servAddr, 0, sizeof(servAddr)); servAddr.sin_family = AF_INET; servAddr.sin_port = htons(SERV_PORT); /* connect to socket */ connect(sockfd, (struct sockaddr *) &servAddr, sizeof(servAddr)); /* initialize wolfssl library */ wolfSSL_Init(); method = wolfTLSv1_2_client_method(); /* use TLS v1.2 */ /* make new ssl context */ if ( (ctx = wolfSSL_CTX_new(method)) == NULL) { err_sys("wolfSSL_CTX_new error"); } /* make new wolfSSL struct */ if ( (ssl = wolfSSL_new(ctx)) == NULL) { err_sys("wolfSSL_new error"); } /* Add cert to ctx */ if (wolfSSL_CTX_load_verify_locations(ctx, "certs/ca-cert.pem", 0) != SSL_SUCCESS) { err_sys("Error loading certs/ca-cert.pem"); } /* Connect wolfssl to the socket, server, then send message */ wolfSSL_set_fd(ssl, sockfd); wolfSSL_connect(ssl); wolfSSL_write(ssl, message, strlen(message)); /* frees all data before client termination */ wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); wolfSSL_Cleanup(); }
/* Client connecting to server using TLS */ static int wolfssl_client_connect(WOLFSSL* client_ssl) { int ret = 0; if (wolfSSL_connect(client_ssl) != WOLFSSL_SUCCESS) { if (wolfSSL_want_read(client_ssl)) { printf("Client waiting for server\n"); } else if (wolfSSL_want_write(client_ssl)) { printf("Client waiting for buffer\n"); } else ret = -1; } return ret; }
/* * applies TLS 1.2 security layer to data being sent. */ int Security(int sock) { WOLFSSL_CTX* ctx; WOLFSSL* ssl; /* create WOLFSSL object */ int ret = 0; wolfSSL_Init(); /* initialize wolfSSL */ /* create and initiLize WOLFSSL_CTX structure */ if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL) { printf("SSL_CTX_new error.\n"); return EXIT_FAILURE; } /* set callback for action when CA's are added */ wolfSSL_CTX_SetCACb(ctx, CaCb); /* load CA certificates into wolfSSL_CTX. which will verify the server */ if (wolfSSL_CTX_load_verify_locations(ctx, cert, 0) != SSL_SUCCESS) { printf("Error loading %s. Please check the file.\n", cert); return EXIT_FAILURE; } if ((ssl = wolfSSL_new(ctx)) == NULL) { printf("wolfSSL_new error.\n"); return EXIT_FAILURE; } wolfSSL_set_fd(ssl, sock); ret = wolfSSL_connect(ssl); if (ret == SSL_SUCCESS) { ret = ClientGreet(sock, ssl); } /* frees all data before client termination */ wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); wolfSSL_Cleanup(); return ret; }
static void on_underlying_io_open_complete(void* context, IO_OPEN_RESULT open_result) { TLS_IO_INSTANCE* tls_io_instance = (TLS_IO_INSTANCE*)context; if (open_result != IO_OPEN_OK) { tls_io_instance->tlsio_state = TLSIO_STATE_ERROR; indicate_open_complete(tls_io_instance, IO_OPEN_ERROR); } else { int res; tls_io_instance->tlsio_state = TLSIO_STATE_IN_HANDSHAKE; res = wolfSSL_connect(tls_io_instance->ssl); if (res != SSL_SUCCESS) { indicate_open_complete(tls_io_instance, IO_OPEN_ERROR); tls_io_instance->tlsio_state = TLSIO_STATE_ERROR; } } }
/* Connect/negotiate a secure connection. * * ssl The wolfSSL object. * resume Resume the session. * session Session to resume. * connTime The amount of time spent connecting to the server. * resumeTime The amount of time spent resuming a connection with the server. * returns 0 on failure, 1 on success, 2 on want read and 3 on want write. */ static int SSL_Connect(WOLFSSL* ssl, int resume, WOLFSSL_SESSION* session, double* connTime, double* resumeTime) { int ret; int error; double start; start = current_time(1); if (resume && (session != NULL)) wolfSSL_set_session(ssl, session); /* Connect to the server. */ ret = wolfSSL_connect(ssl); if (!wolfSSL_session_reused(ssl)) *connTime += current_time(0) - start; else *resumeTime += current_time(0) - start; if (ret == 0) { fprintf(stderr, "The server has closed the connection!\n"); return 0; } if (ret == SSL_SUCCESS) return 1; error = wolfSSL_get_error(ssl, 0); if (error == SSL_ERROR_WANT_READ) return 2; if (error == SSL_ERROR_WANT_WRITE) return 3; if (error == WC_PENDING_E) return 4; if (error == 0) return EXIT_SUCCESS; /* Cannot do anything about other errors. */ fprintf(stderr, "wolfSSL_read/write error = %d\n", error); return 0; }
NET_PRES_EncSessionStatus NET_PRES_EncProviderClientConnect0(void * providerData) { WOLFSSL* ssl; memcpy(&ssl, providerData, sizeof(WOLFSSL*)); int result = wolfSSL_connect(ssl); switch (result) { case SSL_SUCCESS: return NET_PRES_ENC_SS_OPEN; default: { int error = wolfSSL_get_error(ssl, result); switch (error) { case SSL_ERROR_WANT_READ: case SSL_ERROR_WANT_WRITE: return NET_PRES_ENC_SS_CLIENT_NEGOTIATING; default: return NET_PRES_ENC_SS_FAILED; } } } }
int MqttSocket_Connect(MqttClient *client, const char* host, word16 port, int timeout_ms, int use_tls, MqttTlsCb cb) { int rc; /* Validate arguments */ if (client == NULL || client->net == NULL || client->net->connect == NULL) { return MQTT_CODE_ERROR_BAD_ARG; } /* Validate port */ if (port == 0) { port = (use_tls) ? MQTT_SECURE_PORT : MQTT_DEFAULT_PORT; } /* Connect to host */ rc = client->net->connect(client->net->context, host, port, timeout_ms); if (rc != 0) { return rc; } client->flags |= MQTT_CLIENT_FLAG_IS_CONNECTED; #ifdef ENABLE_MQTT_TLS if (use_tls) { /* Setup the WolfSSL library */ wolfSSL_Init(); /* Issue callback to allow setup of the wolfSSL_CTX and cert verification settings */ rc = SSL_SUCCESS; if (cb) { rc = cb(client); } if (rc == SSL_SUCCESS) { /* Create and initialize the WOLFSSL_CTX structure */ if (client->tls.ctx == NULL) { /* Use defaults */ client->tls.ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()); if (client->tls.ctx) { wolfSSL_CTX_set_verify(client->tls.ctx, SSL_VERIFY_NONE, 0); } } if (client->tls.ctx) { /* Seutp the async IO callbacks */ wolfSSL_SetIORecv(client->tls.ctx, MqttSocket_TlsSocketReceive); wolfSSL_SetIOSend(client->tls.ctx, MqttSocket_TlsSocketSend); client->tls.ssl = wolfSSL_new(client->tls.ctx); if (client->tls.ssl) { wolfSSL_SetIOReadCtx(client->tls.ssl, (void *)client); wolfSSL_SetIOWriteCtx(client->tls.ssl, (void *)client); rc = wolfSSL_connect(client->tls.ssl); if (rc == SSL_SUCCESS) { client->flags |= MQTT_CLIENT_FLAG_IS_TLS; rc = MQTT_CODE_SUCCESS; } } else { #ifndef WOLFMQTT_NO_STDIO printf("MqttSocket_TlsConnect: wolfSSL_new error!\n"); #endif rc = -1; } } else { #ifndef WOLFMQTT_NO_STDIO printf("MqttSocket_TlsConnect: wolfSSL_CTX_new error!\n"); #endif rc = -1; } } else { #ifndef WOLFMQTT_NO_STDIO printf("MqttSocket_TlsConnect: TLS callback error!\n"); #endif rc = -1; } /* Handle error case */ if (rc) { #ifndef WOLFMQTT_NO_STDIO const char* errstr = NULL; int errnum = 0; if (client->tls.ssl) { errnum = wolfSSL_get_error(client->tls.ssl, 0); errstr = wolfSSL_ERR_reason_error_string(errnum); } printf("MqttSocket_TlsConnect Error %d: Num %d, %s\n", rc, errnum, errstr); #endif /* Make sure we cleanup on error */ MqttSocket_Disconnect(client); rc = MQTT_CODE_ERROR_TLS_CONNECT; } } #else (void)cb; #endif /* ENABLE_MQTT_TLS */ #ifdef WOLFMQTT_DEBUG_SOCKET printf("MqttSocket_Connect: Rc=%d\n", rc); #endif /* Check for error */ if (rc < 0) { rc = MQTT_CODE_ERROR_NETWORK; } return rc; }
int WolfSSLConnection::connect(const char* host, const int port) { int result; if(sslContext == NULL) { LogError("NULL SSL context\r\n"); result = __LINE__; } else { if (init_socket(SOCK_STREAM) < 0) { LogError("init_socket failed\r\n"); result = __LINE__; } else { if (set_address(host, port) != 0) { LogError("set_address failed\r\n"); result = __LINE__; } else if (lwip_connect(_sock_fd, (const struct sockaddr *) &_remoteHost, sizeof(_remoteHost)) < 0) { close(); LogError("lwip_connect failed\r\n"); result = __LINE__; } else { wolfSSL_SetIOSend(sslContext, &sendCallback); wolfSSL_SetIORecv(sslContext, &receiveCallback); ssl = wolfSSL_new(sslContext); if(ssl == NULL) { LogError("wolfssl new error\r\n"); result = __LINE__; } else { wolfSSL_set_fd(ssl, _sock_fd); result = wolfSSL_connect(ssl); if (result != SSL_SUCCESS) { LogError("wolfssl connect error=%d\r\n", result); result = __LINE__; } else { result = 0; isConnected = true; } } } } } return result; };
int tlsio_wolfssl_open(CONCRETE_IO_HANDLE tls_io, ON_IO_OPEN_COMPLETE on_io_open_complete, void* on_io_open_complete_context, ON_BYTES_RECEIVED on_bytes_received, void* on_bytes_received_context, ON_IO_ERROR on_io_error, void* on_io_error_context) { int result; if (tls_io == NULL) { result = __LINE__; } else { TLS_IO_INSTANCE* tls_io_instance = (TLS_IO_INSTANCE*)tls_io; if (tls_io_instance->tlsio_state != TLSIO_STATE_NOT_OPEN) { LogError("Invalid state encountered."); result = __LINE__; } else { tls_io_instance->on_bytes_received = on_bytes_received; tls_io_instance->on_bytes_received_context = on_bytes_received_context; tls_io_instance->on_io_open_complete = on_io_open_complete; tls_io_instance->on_io_open_complete_context = on_io_open_complete_context; tls_io_instance->on_io_error = on_io_error; tls_io_instance->on_io_error_context = on_io_error_context; tls_io_instance->tlsio_state = TLSIO_STATE_OPENING_UNDERLYING_IO; if (create_wolfssl_instance(tls_io_instance) != 0) { tls_io_instance->tlsio_state = TLSIO_STATE_NOT_OPEN; result = __LINE__; } else if (xio_open(tls_io_instance->socket_io, on_underlying_io_open_complete, tls_io_instance, on_underlying_io_bytes_received, tls_io_instance, on_underlying_io_error, tls_io_instance) != 0) { tls_io_instance->tlsio_state = TLSIO_STATE_NOT_OPEN; result = __LINE__; } else { // The state can get changed in the on_underlying_io_open_complete if (tls_io_instance->tlsio_state == TLSIO_STATE_ERROR) { LogError("Failed to connect to server. The certificates may not be correct."); result = __LINE__; } else { int res; tls_io_instance->tlsio_state = TLSIO_STATE_IN_HANDSHAKE; res = wolfSSL_connect(tls_io_instance->ssl); if (res != SSL_SUCCESS) { LogError("Failed to connect to server."); tls_io_instance->tlsio_state = TLSIO_STATE_NOT_OPEN; result = __LINE__; } else { result = 0; } } } } } return result; }
/* * ======== tcpHandler ======== * Creates new Task to handle new TCP connections. */ Void tcpHandler(UArg arg0, UArg arg1) { int sockfd; int ret; struct sockaddr_in servAddr; Error_Block eb; bool flag = true; bool internal_flag = true; int nbytes; char *buffer; char msg[] = "Hello from TM4C1294XL Connected Launchpad"; WOLFSSL* ssl = (WOLFSSL *) arg0; fdOpenSession(TaskSelf()); wolfSSL_Init(); WOLFSSL_CTX* ctx = NULL; ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()); if (ctx == 0) { System_printf("tcpHandler: wolfSSL_CTX_new error.\n"); exitApp(ctx); } if (wolfSSL_CTX_load_verify_buffer(ctx, ca_cert_der_2048, sizeof(ca_cert_der_2048) / sizeof(char), SSL_FILETYPE_ASN1) != SSL_SUCCESS) { System_printf("tcpHandler: Error loading ca_cert_der_2048" " please check the wolfssl/certs_test.h file.\n"); exitApp(ctx); } if (wolfSSL_CTX_use_certificate_buffer(ctx, client_cert_der_2048, sizeof(client_cert_der_2048) / sizeof(char), SSL_FILETYPE_ASN1) != SSL_SUCCESS) { System_printf("tcpHandler: Error loading client_cert_der_2048," " please check the wolfssl/certs_test.h file.\n"); exitApp(ctx); } if (wolfSSL_CTX_use_PrivateKey_buffer(ctx, client_key_der_2048, sizeof(client_key_der_2048) / sizeof(char), SSL_FILETYPE_ASN1) != SSL_SUCCESS) { System_printf("tcpHandler: Error loading client_key_der_2048," " please check the wolfssl/certs_test.h file.\n"); exitApp(ctx); } /* Init the Error_Block */ Error_init(&eb); do { sockfd = socket(AF_INET, SOCK_STREAM, 0); if (sockfd < 0) { System_printf("tcpHandler: socket failed\n"); Task_sleep(2000); continue; } memset((char *) &servAddr, 0, sizeof(servAddr)); servAddr.sin_family = AF_INET; servAddr.sin_port = htons(TCPPORT); inet_aton(IP_ADDR, &servAddr.sin_addr); ret = connect(sockfd, (struct sockaddr *) &servAddr, sizeof(servAddr)); if (ret < 0) { fdClose((SOCKET) sockfd); Task_sleep(2000); continue; } } while (ret != 0); if ((ssl = wolfSSL_new(ctx)) == NULL) { System_printf("tcpHandler: wolfSSL_new error.\n"); exitApp(ctx); } wolfSSL_set_fd(ssl, sockfd); ret = wolfSSL_connect(ssl); /* Delete "TOP_LINE" and "END_LINE" for debugging. */ /* TOP_LINE System_printf("looked for: %d.\n", SSL_SUCCESS); System_printf("return was: %d.\n", ret); int err; char err_buffer[80]; err = wolfSSL_get_error(ssl, 0); System_printf("wolfSSL error: %d\n", err); System_printf("wolfSSL error string: %s\n", wolfSSL_ERR_error_string(err, err_buffer)); END_LINE */ if (ret == SSL_SUCCESS) { sockfd = wolfSSL_get_fd(ssl); /* Get a buffer to receive incoming packets. Use the default heap. */ buffer = Memory_alloc(NULL, TCPPACKETSIZE, 0, &eb); if (buffer == NULL) { System_printf("tcpWorker: failed to alloc memory\n"); exitApp(ctx); } /* Say hello to the server */ while (flag) { if (wolfSSL_write(ssl, msg, strlen(msg)) != strlen(msg)) { ret = wolfSSL_get_error(ssl, 0); System_printf("Write error: %i.\n", ret); } while (internal_flag) { nbytes = wolfSSL_read(ssl, (char *) buffer, TCPPACKETSIZE); if (nbytes > 0) { internal_flag = false; } } /* success */ System_printf("Heard: \"%s\".\n", buffer); wolfSSL_free(ssl); fdClose((SOCKET) sockfd); flag = false; } /* Free the buffer back to the heap */ Memory_free(NULL, buffer, TCPPACKETSIZE); /* * Since deleteTerminatedTasks is set in the cfg file, * the Task will be deleted when the idle task runs. */ exitApp(ctx); } else { wolfSSL_free(ssl); fdClose((SOCKET) sockfd); System_printf("wolfSSL_connect failed.\n"); fdCloseSession(TaskSelf()); exitApp(ctx); } }
int main (int argc, char** argv) { /* standard variables used in a dtls client */ int ret = 0, err; int sockfd = -1; WOLFSSL* ssl = NULL; WOLFSSL_CTX* ctx = NULL; const char* ca_cert = "../certs/ca-cert.pem"; char buff[MSGLEN]; int buffLen; SharedDtls shared; /* Program argument checking */ if (argc != 2) { printf("usage: udpcli <IP address>\n"); return 1; } /* Code for handling signals */ struct sigaction act, oact; act.sa_handler = sig_handler; sigemptyset(&act.sa_mask); act.sa_flags = 0; sigaction(SIGINT, &act, &oact); wolfSSL_Debugging_ON(); /* Initialize wolfSSL before assigning ctx */ wolfSSL_Init(); if ( (ctx = wolfSSL_CTX_new(wolfDTLSv1_2_client_method())) == NULL) { fprintf(stderr, "wolfSSL_CTX_new error.\n"); goto exit; } /* Register callbacks */ wolfSSL_CTX_SetIORecv(ctx, my_IORecv); wolfSSL_CTX_SetIOSend(ctx, my_IOSend); /* Load CA certificates into ctx variable */ if (wolfSSL_CTX_load_verify_locations(ctx, ca_cert, 0) != SSL_SUCCESS) { fprintf(stderr, "Error loading %s, please check the file.\n", ca_cert); goto exit; } /* Assign ssl variable */ ssl = wolfSSL_new(ctx); if (ssl == NULL) { printf("unable to get ssl object"); goto exit; } memset(&shared, 0, sizeof(shared)); shared.ssl = ssl; /* servAddr setup */ shared.servSz = sizeof(shared.servAddr); shared.servAddr.sin_family = AF_INET; shared.servAddr.sin_port = htons(SERV_PORT); if (inet_pton(AF_INET, argv[1], &shared.servAddr.sin_addr) < 1) { printf("Error and/or invalid IP address"); goto exit; } if ( (sockfd = socket(AF_INET, SOCK_DGRAM, 0)) < 0) { printf("cannot create a socket."); goto exit; } shared.sd = sockfd; wolfSSL_SetIOWriteCtx(ssl, &shared); wolfSSL_SetIOReadCtx(ssl, &shared); if (wolfSSL_connect(ssl) != SSL_SUCCESS) { err = wolfSSL_get_error(ssl, 0); printf("err = %d, %s\n", err, wolfSSL_ERR_reason_error_string(err)); printf("SSL_connect failed\n"); goto exit; } /**************************************************************************/ /* Code for sending datagram to server */ if (fgets(buff, sizeof(buff), stdin) != NULL) { /* Send buffer to the server */ buffLen = strlen(buff); if (( wolfSSL_write(ssl, buff, buffLen)) != buffLen) { err = wolfSSL_get_error(ssl, 0); if (err != SSL_ERROR_WANT_WRITE) { printf("err = %d, %s\n", err, wolfSSL_ERR_reason_error_string(err)); printf("SSL_write failed\n"); goto exit; } } /* Receive message from server */ ret = wolfSSL_read(ssl, buff, sizeof(buff)-1); if (ret < 0) { err = wolfSSL_get_error(ssl, 0); if (err != SSL_ERROR_WANT_READ) { printf("err = %d, %s\n", err, wolfSSL_ERR_reason_error_string(err)); printf("SSL_read failed\n"); goto exit; } } buffLen = ret; ret = 0; /* Add a terminating character to the generic server message */ buff[buffLen] = '\0'; fputs(buff, stdout); } /* End code for sending datagram to server */ /**************************************************************************/ exit: /* Housekeeping */ if (ssl) { wolfSSL_shutdown(ssl); wolfSSL_free(ssl); } if (sockfd != -1) { close(sockfd); } if (ctx) { wolfSSL_CTX_free(ctx); } wolfSSL_Cleanup(); return ret; }
int ClientBenchmarkThroughput(WOLFSSL_CTX* ctx, char* host, word16 port, int doDTLS, int throughput) { double start, conn_time = 0, tx_time = 0, rx_time = 0; SOCKET_T sockfd; WOLFSSL* ssl; int ret; start = current_time(); ssl = wolfSSL_new(ctx); if (ssl == NULL) err_sys("unable to get SSL object"); tcp_connect(&sockfd, host, port, doDTLS, ssl); wolfSSL_set_fd(ssl, sockfd); if (wolfSSL_connect(ssl) == SSL_SUCCESS) { /* Perform throughput test */ char *tx_buffer, *rx_buffer; /* Record connection time */ conn_time = current_time() - start; /* Allocate TX/RX buffers */ tx_buffer = (char*)malloc(TEST_BUFFER_SIZE); rx_buffer = (char*)malloc(TEST_BUFFER_SIZE); if(tx_buffer && rx_buffer) { WC_RNG rng; /* Startup the RNG */ ret = wc_InitRng(&rng); if(ret == 0) { int xfer_bytes; /* Generate random data to send */ ret = wc_RNG_GenerateBlock(&rng, (byte*)tx_buffer, TEST_BUFFER_SIZE); wc_FreeRng(&rng); if(ret != 0) { err_sys("wc_RNG_GenerateBlock failed"); } /* Perform TX and RX of bytes */ xfer_bytes = 0; while(throughput > xfer_bytes) { int len, rx_pos, select_ret; /* Determine packet size */ len = min(TEST_BUFFER_SIZE, throughput - xfer_bytes); /* Perform TX */ start = current_time(); if (wolfSSL_write(ssl, tx_buffer, len) != len) { int writeErr = wolfSSL_get_error(ssl, 0); printf("wolfSSL_write error %d!\n", writeErr); err_sys("wolfSSL_write failed"); } tx_time += current_time() - start; /* Perform RX */ select_ret = tcp_select(sockfd, 1); /* Timeout=1 second */ if (select_ret == TEST_RECV_READY) { start = current_time(); rx_pos = 0; while(rx_pos < len) { ret = wolfSSL_read(ssl, &rx_buffer[rx_pos], len - rx_pos); if(ret <= 0) { int readErr = wolfSSL_get_error(ssl, 0); if (readErr != SSL_ERROR_WANT_READ) { printf("wolfSSL_read error %d!\n", readErr); err_sys("wolfSSL_read failed"); } } else { rx_pos += ret; } } rx_time += current_time() - start; } /* Compare TX and RX buffers */ if(XMEMCMP(tx_buffer, rx_buffer, len) != 0) { err_sys("Compare TX and RX buffers failed"); } /* Update overall position */ xfer_bytes += len; } } else { err_sys("wc_InitRng failed"); } } else { err_sys("Client buffer malloc failed"); } if(tx_buffer) free(tx_buffer); if(rx_buffer) free(rx_buffer); } else { err_sys("wolfSSL_connect failed"); } wolfSSL_shutdown(ssl); wolfSSL_free(ssl); CloseSocket(sockfd); printf("wolfSSL Client Benchmark %d bytes\n" "\tConnect %8.3f ms\n" "\tTX %8.3f ms (%8.3f MBps)\n" "\tRX %8.3f ms (%8.3f MBps)\n", throughput, conn_time * 1000, tx_time * 1000, throughput / tx_time / 1024 / 1024, rx_time * 1000, throughput / rx_time / 1024 / 1024 ); return EXIT_SUCCESS; }
int main (int argc, char** argv) { /* standard variables used in a dtls client*/ int sockfd = 0; int err1; int readErr; struct sockaddr_in servAddr; const char* host = argv[1]; WOLFSSL* ssl = 0; WOLFSSL_CTX* ctx = 0; WOLFSSL* sslResume = 0; WOLFSSL_SESSION* session = 0; char* srTest = "testing session resume"; char cert_array[] = "../certs/ca-cert.pem"; char buffer[80]; char* certs = cert_array; /* variables used in a dtls client for session reuse*/ int recvlen; char sendLine[MAXLINE]; char recvLine[MAXLINE - 1]; if (argc != 2) { printf("usage: udpcli <IP address>\n"); return 1; } wolfSSL_Init(); /* Un-comment the following line to enable debugging */ /* wolfSSL_Debugging_ON(); */ if ( (ctx = wolfSSL_CTX_new(wolfDTLSv1_2_client_method())) == NULL) { fprintf(stderr, "wolfSSL_CTX_new error.\n"); return 1; } if (wolfSSL_CTX_load_verify_locations(ctx, certs, 0) != SSL_SUCCESS) { fprintf(stderr, "Error loading %s, please check the file.\n", certs); return 1; } ssl = wolfSSL_new(ctx); if (ssl == NULL) { printf("unable to get ssl object"); return 1; } memset(&servAddr, 0, sizeof(servAddr)); servAddr.sin_family = AF_INET; servAddr.sin_port = htons(SERV_PORT); if ( (inet_pton(AF_INET, host, &servAddr.sin_addr)) < 1) { printf("Error and/or invalid IP address"); return 1; } wolfSSL_dtls_set_peer(ssl, &servAddr, sizeof(servAddr)); if ( (sockfd = socket(AF_INET, SOCK_DGRAM, 0)) < 0) { printf("cannot create a socket."); return 1; } wolfSSL_set_fd(ssl, sockfd); if (wolfSSL_connect(ssl) != SSL_SUCCESS) { err1 = wolfSSL_get_error(ssl, 0); memset(buffer, 0, 80); printf("err = %d, %s\n", err1, wolfSSL_ERR_error_string(err1, buffer)); printf("SSL_connect failed"); return 1; } /*****************************************************************************/ /* Code for sending datagram to server */ /* Loop while the user gives input or until an EOF is read */ while( fgets(sendLine, MAXLINE, stdin) != NULL ) { /* Attempt to send sendLine to the server */ if ( ( wolfSSL_write(ssl, sendLine, strlen(sendLine))) != strlen(sendLine) ) { printf("Error: wolfSSL_write failed.\n"); } /* Attempt to read a message from server and store it in recvLine */ recvlen = wolfSSL_read(ssl, recvLine, sizeof(recvLine) - 1); /* Error checking wolfSSL_read */ if (recvlen < 0) { readErr = wolfSSL_get_error(ssl, 0); if (readErr != SSL_ERROR_WANT_READ) { printf("Error: wolfSSL_read failed.\n"); } } recvLine[recvlen] = '\0'; fputs(recvLine, stdout); } /* */ /*****************************************************************************/ /* Keep track of the old session information */ wolfSSL_write(ssl, srTest, sizeof(srTest)); session = wolfSSL_get_session(ssl); sslResume = wolfSSL_new(ctx); /* Cleanup the memory used by the old session & ssl object */ wolfSSL_shutdown(ssl); wolfSSL_free(ssl); close(sockfd); /* Perform setup with new variables/old session information */ memset(&servAddr, 0, sizeof(servAddr)); servAddr.sin_family = AF_INET; servAddr.sin_port = htons(SERV_PORT); if ( (inet_pton(AF_INET, host, &servAddr.sin_addr)) < 1) { printf("Error and/or invalid IP address"); return 1; } wolfSSL_dtls_set_peer(sslResume, &servAddr, sizeof(servAddr)); if ( (sockfd = socket(AF_INET, SOCK_DGRAM, 0)) < 0) { printf("cannot create a socket."); return 1; } wolfSSL_set_fd(sslResume, sockfd); /* New method call - specifies to the WOLFSSL object to use the * * given WOLFSSL_SESSION object */ wolfSSL_set_session(sslResume, session); wolfSSL_set_fd(sslResume, sockfd); if (wolfSSL_connect(sslResume) != SSL_SUCCESS) { err1 = wolfSSL_get_error(sslResume, 0); memset(buffer, 0, 80); printf("err = %d, %s\n", err1, wolfSSL_ERR_error_string(err1, buffer)); printf("SSL_connect failed on session reuse\n"); return 1; } if (wolfSSL_session_reused(sslResume)) { printf("reused session id\n"); } else { printf("didn't reuse session id!!!\n"); } /*****************************************************************************/ /* Code for sending datagram to server */ /* Clear out variables for reuse */ recvlen = 0; memset(sendLine, 0, MAXLINE); memset(recvLine, 0, MAXLINE - 1); /* Loop while the user gives input or until an EOF is read */ while( fgets(sendLine, MAXLINE, stdin) != NULL ) { /* Attempt to send sendLine to the server */ if ( ( wolfSSL_write(ssl, sendLine, strlen(sendLine))) != strlen(sendLine) ) { printf("Error: wolfSSL_write failed.\n"); } /* Attempt to read a message from server and store it in recvLine */ recvlen = wolfSSL_read(ssl, recvLine, sizeof(recvLine) - 1); /* Error checking wolfSSL_read */ if (recvlen < 0) { readErr = wolfSSL_get_error(ssl, 0); if (readErr != SSL_ERROR_WANT_READ) { printf("Error: wolfSSL_read failed.\n"); } } recvLine[recvlen] = '\0'; fputs(recvLine, stdout); } /* */ /*****************************************************************************/ wolfSSL_write(sslResume, srTest, sizeof(srTest)); /* Cleanup memory used for storing the session information */ wolfSSL_shutdown(sslResume); wolfSSL_free(sslResume); close(sockfd); wolfSSL_CTX_free(ctx); wolfSSL_Cleanup(); return 0; }
THREAD_RETURN WOLFSSL_THREAD client_test(void* args) { SOCKET_T sockfd = WOLFSSL_SOCKET_INVALID; WOLFSSL_METHOD* method = 0; WOLFSSL_CTX* ctx = 0; WOLFSSL* ssl = 0; WOLFSSL* sslResume = 0; WOLFSSL_SESSION* session = 0; char resumeMsg[32] = "resuming wolfssl!"; int resumeSz = (int)strlen(resumeMsg); char msg[32] = "hello wolfssl!"; /* GET may make bigger */ char reply[80]; int input; int msgSz = (int)strlen(msg); word16 port = wolfSSLPort; char* host = (char*)wolfSSLIP; const char* domain = "localhost"; /* can't default to www.wolfssl.com because can't tell if we're really going there to detect old chacha-poly */ int ch; int version = CLIENT_INVALID_VERSION; int usePsk = 0; int useAnon = 0; int sendGET = 0; int benchmark = 0; int throughput = 0; int doDTLS = 0; int matchName = 0; int doPeerCheck = 1; int nonBlocking = 0; int resumeSession = 0; int wc_shutdown = 0; int disableCRL = 0; int externalTest = 0; int ret; int scr = 0; /* allow secure renegotiation */ int forceScr = 0; /* force client initiaed scr */ int trackMemory = 0; int useClientCert = 1; int fewerPackets = 0; int atomicUser = 0; int pkCallbacks = 0; int overrideDateErrors = 0; int minDhKeyBits = DEFAULT_MIN_DHKEY_BITS; char* alpnList = NULL; unsigned char alpn_opt = 0; char* cipherList = NULL; const char* verifyCert = caCert; const char* ourCert = cliCert; const char* ourKey = cliKey; #ifdef HAVE_SNI char* sniHostName = NULL; #endif #ifdef HAVE_MAX_FRAGMENT byte maxFragment = 0; #endif #ifdef HAVE_TRUNCATED_HMAC byte truncatedHMAC = 0; #endif #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) byte statusRequest = 0; #endif #ifdef HAVE_OCSP int useOcsp = 0; char* ocspUrl = NULL; #endif int argc = ((func_args*)args)->argc; char** argv = ((func_args*)args)->argv; ((func_args*)args)->return_code = -1; /* error state */ #ifdef NO_RSA verifyCert = (char*)eccCert; ourCert = (char*)cliEccCert; ourKey = (char*)cliEccKey; #endif (void)resumeSz; (void)session; (void)sslResume; (void)trackMemory; (void)atomicUser; (void)pkCallbacks; (void)scr; (void)forceScr; (void)ourKey; (void)ourCert; (void)verifyCert; (void)useClientCert; (void)overrideDateErrors; (void)disableCRL; (void)minDhKeyBits; (void)alpnList; (void)alpn_opt; StackTrap(); #ifndef WOLFSSL_VXWORKS while ((ch = mygetopt(argc, argv, "?gdeDusmNrwRitfxXUPCVh:p:v:l:A:c:k:Z:b:zS:F:L:ToO:aB:W:")) != -1) { switch (ch) { case '?' : Usage(); exit(EXIT_SUCCESS); case 'g' : sendGET = 1; break; case 'd' : doPeerCheck = 0; break; case 'e' : ShowCiphers(); exit(EXIT_SUCCESS); case 'D' : overrideDateErrors = 1; break; case 'C' : #ifdef HAVE_CRL disableCRL = 1; #endif break; case 'u' : doDTLS = 1; break; case 's' : usePsk = 1; break; case 't' : #ifdef USE_WOLFSSL_MEMORY trackMemory = 1; #endif break; case 'm' : matchName = 1; break; case 'x' : useClientCert = 0; break; case 'X' : externalTest = 1; break; case 'f' : fewerPackets = 1; break; case 'U' : #ifdef ATOMIC_USER atomicUser = 1; #endif break; case 'P' : #ifdef HAVE_PK_CALLBACKS pkCallbacks = 1; #endif break; case 'h' : host = myoptarg; domain = myoptarg; break; case 'p' : port = (word16)atoi(myoptarg); #if !defined(NO_MAIN_DRIVER) || defined(USE_WINDOWS_API) if (port == 0) err_sys("port number cannot be 0"); #endif break; case 'v' : version = atoi(myoptarg); if (version < 0 || version > 3) { Usage(); exit(MY_EX_USAGE); } break; case 'V' : ShowVersions(); exit(EXIT_SUCCESS); case 'l' : cipherList = myoptarg; break; case 'A' : verifyCert = myoptarg; break; case 'c' : ourCert = myoptarg; break; case 'k' : ourKey = myoptarg; break; case 'Z' : #ifndef NO_DH minDhKeyBits = atoi(myoptarg); if (minDhKeyBits <= 0 || minDhKeyBits > 16000) { Usage(); exit(MY_EX_USAGE); } #endif break; case 'b' : benchmark = atoi(myoptarg); if (benchmark < 0 || benchmark > 1000000) { Usage(); exit(MY_EX_USAGE); } break; case 'B' : throughput = atoi(myoptarg); if (throughput <= 0) { Usage(); exit(MY_EX_USAGE); } break; case 'N' : nonBlocking = 1; break; case 'r' : resumeSession = 1; break; case 'w' : wc_shutdown = 1; break; case 'R' : #ifdef HAVE_SECURE_RENEGOTIATION scr = 1; #endif break; case 'i' : #ifdef HAVE_SECURE_RENEGOTIATION scr = 1; forceScr = 1; #endif break; case 'z' : #ifndef WOLFSSL_LEANPSK wolfSSL_GetObjectSize(); #endif break; case 'S' : #ifdef HAVE_SNI sniHostName = myoptarg; #endif break; case 'F' : #ifdef HAVE_MAX_FRAGMENT maxFragment = atoi(myoptarg); if (maxFragment < WOLFSSL_MFL_2_9 || maxFragment > WOLFSSL_MFL_2_13) { Usage(); exit(MY_EX_USAGE); } #endif break; case 'T' : #ifdef HAVE_TRUNCATED_HMAC truncatedHMAC = 1; #endif break; case 'W' : #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) statusRequest = atoi(myoptarg); #endif break; case 'o' : #ifdef HAVE_OCSP useOcsp = 1; #endif break; case 'O' : #ifdef HAVE_OCSP useOcsp = 1; ocspUrl = myoptarg; #endif break; case 'a' : #ifdef HAVE_ANON useAnon = 1; #endif break; case 'L' : #ifdef HAVE_ALPN alpnList = myoptarg; if (alpnList[0] == 'C' && alpnList[1] == ':') alpn_opt = WOLFSSL_ALPN_CONTINUE_ON_MISMATCH; else if (alpnList[0] == 'F' && alpnList[1] == ':') alpn_opt = WOLFSSL_ALPN_FAILED_ON_MISMATCH; else { Usage(); exit(MY_EX_USAGE); } alpnList += 2; #endif break; default: Usage(); exit(MY_EX_USAGE); } } myoptind = 0; /* reset for test cases */ #endif /* !WOLFSSL_VXWORKS */ if (externalTest) { /* detect build cases that wouldn't allow test against wolfssl.com */ int done = 0; (void)done; #ifdef NO_RSA done = 1; #endif /* www.globalsign.com does not respond to ipv6 ocsp requests */ #if defined(TEST_IPV6) && defined(HAVE_OCSP) done = 1; #endif /* www.globalsign.com has limited supported cipher suites */ #if defined(NO_AES) && defined(HAVE_OCSP) done = 1; #endif /* www.globalsign.com only supports static RSA or ECDHE with AES */ /* We cannot expect users to have on static RSA so test for ECC only * as some users will most likely be on 32-bit systems where ECC * is not enabled by default */ #if defined(HAVE_OCSP) && !defined(HAVE_ECC) done = 1; #endif #ifndef NO_PSK done = 1; #endif #ifdef NO_SHA done = 1; /* external cert chain most likely has SHA */ #endif #if !defined(HAVE_ECC) && !defined(WOLFSSL_STATIC_RSA) if (!XSTRNCMP(domain, "www.google.com", 14) || !XSTRNCMP(domain, "www.wolfssl.com", 15)) { done = 1; /* google/wolfssl need ECDHE or static RSA */ } #endif #if !defined(WOLFSSL_SHA384) if (!XSTRNCMP(domain, "www.wolfssl.com", 15)) { done = 1; /* wolfssl need sha384 for cert chain verify */ } #endif #if !defined(HAVE_AESGCM) && defined(NO_AES) && \ !(defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) done = 1; /* need at least on of these for external tests */ #endif if (done) { printf("external test can't be run in this mode"); ((func_args*)args)->return_code = 0; exit(EXIT_SUCCESS); } } /* sort out DTLS versus TLS versions */ if (version == CLIENT_INVALID_VERSION) { if (doDTLS) version = CLIENT_DTLS_DEFAULT_VERSION; else version = CLIENT_DEFAULT_VERSION; } else { if (doDTLS) { if (version == 3) version = -2; else version = -1; } } #ifdef USE_WOLFSSL_MEMORY if (trackMemory) InitMemoryTracker(); #endif switch (version) { #ifndef NO_OLD_TLS #ifdef WOLFSSL_ALLOW_SSLV3 case 0: method = wolfSSLv3_client_method(); break; #endif #ifndef NO_TLS case 1: method = wolfTLSv1_client_method(); break; case 2: method = wolfTLSv1_1_client_method(); break; #endif /* NO_TLS */ #endif /* NO_OLD_TLS */ #ifndef NO_TLS case 3: method = wolfTLSv1_2_client_method(); break; #endif #ifdef WOLFSSL_DTLS #ifndef NO_OLD_TLS case -1: method = wolfDTLSv1_client_method(); break; #endif case -2: method = wolfDTLSv1_2_client_method(); break; #endif default: err_sys("Bad SSL version"); break; } if (method == NULL) err_sys("unable to get method"); ctx = wolfSSL_CTX_new(method); if (ctx == NULL) err_sys("unable to get ctx"); if (cipherList) { if (wolfSSL_CTX_set_cipher_list(ctx, cipherList) != SSL_SUCCESS) err_sys("client can't set cipher list 1"); } #ifdef WOLFSSL_LEANPSK usePsk = 1; #endif #if defined(NO_RSA) && !defined(HAVE_ECC) usePsk = 1; #endif if (fewerPackets) wolfSSL_CTX_set_group_messages(ctx); #ifndef NO_DH wolfSSL_CTX_SetMinDhKey_Sz(ctx, (word16)minDhKeyBits); #endif if (usePsk) { #ifndef NO_PSK wolfSSL_CTX_set_psk_client_callback(ctx, my_psk_client_cb); if (cipherList == NULL) { const char *defaultCipherList; #if defined(HAVE_AESGCM) && !defined(NO_DH) defaultCipherList = "DHE-PSK-AES128-GCM-SHA256"; #elif defined(HAVE_NULL_CIPHER) defaultCipherList = "PSK-NULL-SHA256"; #else defaultCipherList = "PSK-AES128-CBC-SHA256"; #endif if (wolfSSL_CTX_set_cipher_list(ctx,defaultCipherList) !=SSL_SUCCESS) err_sys("client can't set cipher list 2"); } #endif useClientCert = 0; } if (useAnon) { #ifdef HAVE_ANON if (cipherList == NULL) { wolfSSL_CTX_allow_anon_cipher(ctx); if (wolfSSL_CTX_set_cipher_list(ctx,"ADH-AES128-SHA") != SSL_SUCCESS) err_sys("client can't set cipher list 4"); } #endif useClientCert = 0; } #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); #endif #if defined(WOLFSSL_SNIFFER) if (cipherList == NULL) { /* don't use EDH, can't sniff tmp keys */ if (wolfSSL_CTX_set_cipher_list(ctx, "AES128-SHA") != SSL_SUCCESS) { err_sys("client can't set cipher list 3"); } } #endif #ifdef HAVE_OCSP if (useOcsp) { if (ocspUrl != NULL) { wolfSSL_CTX_SetOCSP_OverrideURL(ctx, ocspUrl); wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_NO_NONCE | WOLFSSL_OCSP_URL_OVERRIDE); } else wolfSSL_CTX_EnableOCSP(ctx, 0); } #endif #ifdef USER_CA_CB wolfSSL_CTX_SetCACb(ctx, CaCb); #endif #ifdef VERIFY_CALLBACK wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myVerify); #endif #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) if (useClientCert){ if (wolfSSL_CTX_use_certificate_chain_file(ctx, ourCert) != SSL_SUCCESS) err_sys("can't load client cert file, check file and run from" " wolfSSL home dir"); if (wolfSSL_CTX_use_PrivateKey_file(ctx, ourKey, SSL_FILETYPE_PEM) != SSL_SUCCESS) err_sys("can't load client private key file, check file and run " "from wolfSSL home dir"); } if (!usePsk && !useAnon) { if (wolfSSL_CTX_load_verify_locations(ctx, verifyCert,0) != SSL_SUCCESS) err_sys("can't load ca file, Please run from wolfSSL home dir"); #ifdef HAVE_ECC /* load ecc verify too, echoserver uses it by default w/ ecc */ if (wolfSSL_CTX_load_verify_locations(ctx, eccCert, 0) != SSL_SUCCESS) err_sys("can't load ecc ca file, Please run from wolfSSL home dir"); #endif /* HAVE_ECC */ } #endif /* !NO_FILESYSTEM && !NO_CERTS */ #if !defined(NO_CERTS) if (!usePsk && !useAnon && doPeerCheck == 0) wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); if (!usePsk && !useAnon && overrideDateErrors == 1) wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myDateCb); #endif #ifdef HAVE_CAVIUM wolfSSL_CTX_UseCavium(ctx, CAVIUM_DEV_ID); #endif #ifdef HAVE_SNI if (sniHostName) if (wolfSSL_CTX_UseSNI(ctx, 0, sniHostName, XSTRLEN(sniHostName)) != SSL_SUCCESS) err_sys("UseSNI failed"); #endif #ifdef HAVE_MAX_FRAGMENT if (maxFragment) if (wolfSSL_CTX_UseMaxFragment(ctx, maxFragment) != SSL_SUCCESS) err_sys("UseMaxFragment failed"); #endif #ifdef HAVE_TRUNCATED_HMAC if (truncatedHMAC) if (wolfSSL_CTX_UseTruncatedHMAC(ctx) != SSL_SUCCESS) err_sys("UseTruncatedHMAC failed"); #endif #ifdef HAVE_SESSION_TICKET if (wolfSSL_CTX_UseSessionTicket(ctx) != SSL_SUCCESS) err_sys("UseSessionTicket failed"); #endif if (benchmark) { ((func_args*)args)->return_code = ClientBenchmarkConnections(ctx, host, port, doDTLS, benchmark, resumeSession); wolfSSL_CTX_free(ctx); exit(EXIT_SUCCESS); } if(throughput) { ((func_args*)args)->return_code = ClientBenchmarkThroughput(ctx, host, port, doDTLS, throughput); wolfSSL_CTX_free(ctx); exit(EXIT_SUCCESS); } #if defined(WOLFSSL_MDK_ARM) wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); #endif ssl = wolfSSL_new(ctx); if (ssl == NULL) err_sys("unable to get SSL object"); #ifdef HAVE_SUPPORTED_CURVES /* add curves to supported curves extension */ if (wolfSSL_UseSupportedCurve(ssl, WOLFSSL_ECC_SECP256R1) != SSL_SUCCESS) { err_sys("unable to set curve secp256r1"); } if (wolfSSL_UseSupportedCurve(ssl, WOLFSSL_ECC_SECP384R1) != SSL_SUCCESS) { err_sys("unable to set curve secp384r1"); } if (wolfSSL_UseSupportedCurve(ssl, WOLFSSL_ECC_SECP521R1) != SSL_SUCCESS) { err_sys("unable to set curve secp521r1"); } if (wolfSSL_UseSupportedCurve(ssl, WOLFSSL_ECC_SECP224R1) != SSL_SUCCESS) { err_sys("unable to set curve secp224r1"); } if (wolfSSL_UseSupportedCurve(ssl, WOLFSSL_ECC_SECP192R1) != SSL_SUCCESS) { err_sys("unable to set curve secp192r1"); } if (wolfSSL_UseSupportedCurve(ssl, WOLFSSL_ECC_SECP160R1) != SSL_SUCCESS) { err_sys("unable to set curve secp160r1"); } #endif #ifdef HAVE_SESSION_TICKET wolfSSL_set_SessionTicket_cb(ssl, sessionTicketCB, (void*)"initial session"); #endif #ifdef HAVE_ALPN if (alpnList != NULL) { printf("ALPN accepted protocols list : %s\n", alpnList); wolfSSL_UseALPN(ssl, alpnList, (word32)XSTRLEN(alpnList), alpn_opt); } #endif #ifdef HAVE_CERTIFICATE_STATUS_REQUEST if (statusRequest) { switch (statusRequest) { case WOLFSSL_CSR_OCSP: if (wolfSSL_UseOCSPStapling(ssl, WOLFSSL_CSR_OCSP, WOLFSSL_CSR_OCSP_USE_NONCE) != SSL_SUCCESS) err_sys("UseCertificateStatusRequest failed"); break; } wolfSSL_CTX_EnableOCSP(ctx, 0); } #endif #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 if (statusRequest) { switch (statusRequest) { case WOLFSSL_CSR2_OCSP: if (wolfSSL_UseOCSPStaplingV2(ssl, WOLFSSL_CSR2_OCSP, WOLFSSL_CSR2_OCSP_USE_NONCE) != SSL_SUCCESS) err_sys("UseCertificateStatusRequest failed"); break; case WOLFSSL_CSR2_OCSP_MULTI: if (wolfSSL_UseOCSPStaplingV2(ssl, WOLFSSL_CSR2_OCSP_MULTI, 0) != SSL_SUCCESS) err_sys("UseCertificateStatusRequest failed"); break; } wolfSSL_CTX_EnableOCSP(ctx, 0); } #endif tcp_connect(&sockfd, host, port, doDTLS, ssl); wolfSSL_set_fd(ssl, sockfd); #ifdef HAVE_CRL if (disableCRL == 0) { if (wolfSSL_EnableCRL(ssl, WOLFSSL_CRL_CHECKALL) != SSL_SUCCESS) err_sys("can't enable crl check"); if (wolfSSL_LoadCRL(ssl, crlPemDir, SSL_FILETYPE_PEM, 0) != SSL_SUCCESS) err_sys("can't load crl, check crlfile and date validity"); if (wolfSSL_SetCRL_Cb(ssl, CRL_CallBack) != SSL_SUCCESS) err_sys("can't set crl callback"); } #endif #ifdef HAVE_SECURE_RENEGOTIATION if (scr) { if (wolfSSL_UseSecureRenegotiation(ssl) != SSL_SUCCESS) err_sys("can't enable secure renegotiation"); } #endif #ifdef ATOMIC_USER if (atomicUser) SetupAtomicUser(ctx, ssl); #endif #ifdef HAVE_PK_CALLBACKS if (pkCallbacks) SetupPkCallbacks(ctx, ssl); #endif if (matchName && doPeerCheck) wolfSSL_check_domain_name(ssl, domain); #ifndef WOLFSSL_CALLBACKS if (nonBlocking) { wolfSSL_set_using_nonblock(ssl, 1); tcp_set_nonblocking(&sockfd); NonBlockingSSL_Connect(ssl); } else if (wolfSSL_connect(ssl) != SSL_SUCCESS) { /* see note at top of README */ int err = wolfSSL_get_error(ssl, 0); char buffer[WOLFSSL_MAX_ERROR_SZ]; printf("err = %d, %s\n", err, wolfSSL_ERR_error_string(err, buffer)); err_sys("SSL_connect failed"); /* if you're getting an error here */ } #else timeout.tv_sec = 2; timeout.tv_usec = 0; NonBlockingSSL_Connect(ssl); /* will keep retrying on timeout */ #endif showPeer(ssl); #ifdef HAVE_ALPN if (alpnList != NULL) { int err; char *protocol_name = NULL; word16 protocol_nameSz = 0; err = wolfSSL_ALPN_GetProtocol(ssl, &protocol_name, &protocol_nameSz); if (err == SSL_SUCCESS) printf("Received ALPN protocol : %s (%d)\n", protocol_name, protocol_nameSz); else if (err == SSL_ALPN_NOT_FOUND) printf("No ALPN response received (no match with server)\n"); else printf("Getting ALPN protocol name failed\n"); } #endif #ifdef HAVE_SECURE_RENEGOTIATION if (scr && forceScr) { if (nonBlocking) { printf("not doing secure renegotiation on example with" " nonblocking yet"); } else { if (wolfSSL_Rehandshake(ssl) != SSL_SUCCESS) { int err = wolfSSL_get_error(ssl, 0); char buffer[WOLFSSL_MAX_ERROR_SZ]; printf("err = %d, %s\n", err, wolfSSL_ERR_error_string(err, buffer)); err_sys("wolfSSL_Rehandshake failed"); } } } #endif /* HAVE_SECURE_RENEGOTIATION */ if (sendGET) { printf("SSL connect ok, sending GET...\n"); msgSz = 28; strncpy(msg, "GET /index.html HTTP/1.0\r\n\r\n", msgSz); msg[msgSz] = '\0'; resumeSz = msgSz; strncpy(resumeMsg, "GET /index.html HTTP/1.0\r\n\r\n", resumeSz); resumeMsg[resumeSz] = '\0'; } if (wolfSSL_write(ssl, msg, msgSz) != msgSz) err_sys("SSL_write failed"); input = wolfSSL_read(ssl, reply, sizeof(reply)-1); if (input > 0) { reply[input] = 0; printf("Server response: %s\n", reply); if (sendGET) { /* get html */ while (1) { input = wolfSSL_read(ssl, reply, sizeof(reply)-1); if (input > 0) { reply[input] = 0; printf("%s\n", reply); } else break; } } } else if (input < 0) { int readErr = wolfSSL_get_error(ssl, 0); if (readErr != SSL_ERROR_WANT_READ) err_sys("wolfSSL_read failed"); } #ifndef NO_SESSION_CACHE if (resumeSession) { session = wolfSSL_get_session(ssl); sslResume = wolfSSL_new(ctx); if (sslResume == NULL) err_sys("unable to get SSL object"); } #endif if (doDTLS == 0) { /* don't send alert after "break" command */ ret = wolfSSL_shutdown(ssl); if (wc_shutdown && ret == SSL_SHUTDOWN_NOT_DONE) wolfSSL_shutdown(ssl); /* bidirectional shutdown */ } #ifdef ATOMIC_USER if (atomicUser) FreeAtomicUser(ssl); #endif wolfSSL_free(ssl); CloseSocket(sockfd); #ifndef NO_SESSION_CACHE if (resumeSession) { if (doDTLS) { #ifdef USE_WINDOWS_API Sleep(500); #elif defined(WOLFSSL_TIRTOS) Task_sleep(1); #else sleep(1); #endif } tcp_connect(&sockfd, host, port, doDTLS, sslResume); wolfSSL_set_fd(sslResume, sockfd); #ifdef HAVE_ALPN if (alpnList != NULL) { printf("ALPN accepted protocols list : %s\n", alpnList); wolfSSL_UseALPN(sslResume, alpnList, (word32)XSTRLEN(alpnList), alpn_opt); } #endif #ifdef HAVE_SECURE_RENEGOTIATION if (scr) { if (wolfSSL_UseSecureRenegotiation(sslResume) != SSL_SUCCESS) err_sys("can't enable secure renegotiation"); } #endif wolfSSL_set_session(sslResume, session); #ifdef HAVE_SESSION_TICKET wolfSSL_set_SessionTicket_cb(sslResume, sessionTicketCB, (void*)"resumed session"); #endif #ifndef WOLFSSL_CALLBACKS if (nonBlocking) { wolfSSL_set_using_nonblock(sslResume, 1); tcp_set_nonblocking(&sockfd); NonBlockingSSL_Connect(sslResume); } else if (wolfSSL_connect(sslResume) != SSL_SUCCESS) err_sys("SSL resume failed"); #else timeout.tv_sec = 2; timeout.tv_usec = 0; NonBlockingSSL_Connect(ssl); /* will keep retrying on timeout */ #endif showPeer(sslResume); if (wolfSSL_session_reused(sslResume)) printf("reused session id\n"); else printf("didn't reuse session id!!!\n"); #ifdef HAVE_ALPN if (alpnList != NULL) { int err; char *protocol_name = NULL; word16 protocol_nameSz = 0; printf("Sending ALPN accepted list : %s\n", alpnList); err = wolfSSL_ALPN_GetProtocol(sslResume, &protocol_name, &protocol_nameSz); if (err == SSL_SUCCESS) printf("Received ALPN protocol : %s (%d)\n", protocol_name, protocol_nameSz); else if (err == SSL_ALPN_NOT_FOUND) printf("Not received ALPN response (no match with server)\n"); else printf("Getting ALPN protocol name failed\n"); } #endif if (wolfSSL_write(sslResume, resumeMsg, resumeSz) != resumeSz) err_sys("SSL_write failed"); if (nonBlocking) { /* give server a chance to bounce a message back to client */ #ifdef USE_WINDOWS_API Sleep(500); #elif defined(WOLFSSL_TIRTOS) Task_sleep(1); #else sleep(1); #endif } input = wolfSSL_read(sslResume, reply, sizeof(reply)-1); if (input > 0) { reply[input] = 0; printf("Server resume response: %s\n", reply); if (sendGET) { /* get html */ while (1) { input = wolfSSL_read(sslResume, reply, sizeof(reply)-1); if (input > 0) { reply[input] = 0; printf("%s\n", reply); } else break; } } } else if (input < 0) { int readErr = wolfSSL_get_error(ssl, 0); if (readErr != SSL_ERROR_WANT_READ) err_sys("wolfSSL_read failed"); } /* try to send session break */ wolfSSL_write(sslResume, msg, msgSz); ret = wolfSSL_shutdown(sslResume); if (wc_shutdown && ret == SSL_SHUTDOWN_NOT_DONE) wolfSSL_shutdown(sslResume); /* bidirectional shutdown */ wolfSSL_free(sslResume); CloseSocket(sockfd); } #endif /* NO_SESSION_CACHE */ wolfSSL_CTX_free(ctx); ((func_args*)args)->return_code = 0; #ifdef USE_WOLFSSL_MEMORY if (trackMemory) ShowMemoryTracker(); #endif /* USE_WOLFSSL_MEMORY */ #if !defined(WOLFSSL_TIRTOS) return 0; #endif }
THREAD_RETURN WOLFSSL_THREAD client_test(void* args) { SOCKET_T sockfd = 0; WOLFSSL_METHOD* method = 0; WOLFSSL_CTX* ctx = 0; WOLFSSL* ssl = 0; WOLFSSL* sslResume = 0; WOLFSSL_SESSION* session = 0; char resumeMsg[] = "resuming wolfssl!"; int resumeSz = sizeof(resumeMsg); char msg[32] = "hello wolfssl!"; /* GET may make bigger */ char reply[80]; int input; int msgSz = (int)strlen(msg); word16 port = yasslPort; char* host = (char*)yasslIP; const char* domain = "www.yassl.com"; int ch; int version = CLIENT_INVALID_VERSION; int usePsk = 0; int useAnon = 0; int sendGET = 0; int benchmark = 0; int doDTLS = 0; int matchName = 0; int doPeerCheck = 1; int nonBlocking = 0; int resumeSession = 0; int scr = 0; /* allow secure renegotiation */ int forceScr = 0; /* force client initiaed scr */ int trackMemory = 0; int useClientCert = 1; int fewerPackets = 0; int atomicUser = 0; int pkCallbacks = 0; int overrideDateErrors = 0; char* cipherList = NULL; const char* verifyCert = caCert; const char* ourCert = cliCert; const char* ourKey = cliKey; #ifdef HAVE_SNI char* sniHostName = NULL; #endif #ifdef HAVE_MAX_FRAGMENT byte maxFragment = 0; #endif #ifdef HAVE_TRUNCATED_HMAC byte truncatedHMAC = 0; #endif #ifdef HAVE_OCSP int useOcsp = 0; char* ocspUrl = NULL; #endif int argc = ((func_args*)args)->argc; char** argv = ((func_args*)args)->argv; ((func_args*)args)->return_code = -1; /* error state */ #ifdef NO_RSA verifyCert = (char*)eccCert; ourCert = (char*)cliEccCert; ourKey = (char*)cliEccKey; #endif (void)resumeSz; (void)session; (void)sslResume; (void)trackMemory; (void)atomicUser; (void)pkCallbacks; (void)scr; (void)forceScr; StackTrap(); while ((ch = mygetopt(argc, argv, "?gdDusmNrRitfxUPh:p:v:l:A:c:k:b:zS:L:ToO:a")) != -1) { switch (ch) { case '?' : Usage(); exit(EXIT_SUCCESS); case 'g' : sendGET = 1; break; case 'd' : doPeerCheck = 0; break; case 'D' : overrideDateErrors = 1; break; case 'u' : doDTLS = 1; break; case 's' : usePsk = 1; break; case 't' : #ifdef USE_WOLFSSL_MEMORY trackMemory = 1; #endif break; case 'm' : matchName = 1; break; case 'x' : useClientCert = 0; break; case 'f' : fewerPackets = 1; break; case 'U' : #ifdef ATOMIC_USER atomicUser = 1; #endif break; case 'P' : #ifdef HAVE_PK_CALLBACKS pkCallbacks = 1; #endif break; case 'h' : host = myoptarg; domain = myoptarg; break; case 'p' : port = (word16)atoi(myoptarg); #if !defined(NO_MAIN_DRIVER) || defined(USE_WINDOWS_API) if (port == 0) err_sys("port number cannot be 0"); #endif break; case 'v' : version = atoi(myoptarg); if (version < 0 || version > 3) { Usage(); exit(MY_EX_USAGE); } break; case 'l' : cipherList = myoptarg; break; case 'A' : verifyCert = myoptarg; break; case 'c' : ourCert = myoptarg; break; case 'k' : ourKey = myoptarg; break; case 'b' : benchmark = atoi(myoptarg); if (benchmark < 0 || benchmark > 1000000) { Usage(); exit(MY_EX_USAGE); } break; case 'N' : nonBlocking = 1; break; case 'r' : resumeSession = 1; break; case 'R' : #ifdef HAVE_SECURE_RENEGOTIATION scr = 1; #endif break; case 'i' : #ifdef HAVE_SECURE_RENEGOTIATION scr = 1; forceScr = 1; #endif break; case 'z' : #ifndef WOLFSSL_LEANPSK wolfSSL_GetObjectSize(); #endif break; case 'S' : #ifdef HAVE_SNI sniHostName = myoptarg; #endif break; case 'L' : #ifdef HAVE_MAX_FRAGMENT maxFragment = atoi(myoptarg); if (maxFragment < WOLFSSL_MFL_2_9 || maxFragment > WOLFSSL_MFL_2_13) { Usage(); exit(MY_EX_USAGE); } #endif break; case 'T' : #ifdef HAVE_TRUNCATED_HMAC truncatedHMAC = 1; #endif break; case 'o' : #ifdef HAVE_OCSP useOcsp = 1; #endif break; case 'O' : #ifdef HAVE_OCSP useOcsp = 1; ocspUrl = myoptarg; #endif break; case 'a' : #ifdef HAVE_ANON useAnon = 1; #endif break; default: Usage(); exit(MY_EX_USAGE); } } myoptind = 0; /* reset for test cases */ /* sort out DTLS versus TLS versions */ if (version == CLIENT_INVALID_VERSION) { if (doDTLS) version = CLIENT_DTLS_DEFAULT_VERSION; else version = CLIENT_DEFAULT_VERSION; } else { if (doDTLS) { if (version == 3) version = -2; else version = -1; } } #ifdef USE_WOLFSSL_MEMORY if (trackMemory) InitMemoryTracker(); #endif switch (version) { #ifndef NO_OLD_TLS case 0: method = wolfSSLv3_client_method(); break; #ifndef NO_TLS case 1: method = wolfTLSv1_client_method(); break; case 2: method = wolfTLSv1_1_client_method(); break; #endif /* NO_TLS */ #endif /* NO_OLD_TLS */ #ifndef NO_TLS case 3: method = wolfTLSv1_2_client_method(); break; #endif #ifdef WOLFSSL_DTLS case -1: method = wolfDTLSv1_client_method(); break; case -2: method = wolfDTLSv1_2_client_method(); break; #endif default: err_sys("Bad SSL version"); break; } if (method == NULL) err_sys("unable to get method"); ctx = wolfSSL_CTX_new(method); if (ctx == NULL) err_sys("unable to get ctx"); if (cipherList) if (wolfSSL_CTX_set_cipher_list(ctx, cipherList) != SSL_SUCCESS) err_sys("client can't set cipher list 1"); #ifdef WOLFSSL_LEANPSK usePsk = 1; #endif #if defined(NO_RSA) && !defined(HAVE_ECC) usePsk = 1; #endif if (fewerPackets) wolfSSL_CTX_set_group_messages(ctx); if (usePsk) { #ifndef NO_PSK wolfSSL_CTX_set_psk_client_callback(ctx, my_psk_client_cb); if (cipherList == NULL) { const char *defaultCipherList; #ifdef HAVE_NULL_CIPHER defaultCipherList = "PSK-NULL-SHA256"; #else defaultCipherList = "PSK-AES128-CBC-SHA256"; #endif if (wolfSSL_CTX_set_cipher_list(ctx,defaultCipherList) !=SSL_SUCCESS) err_sys("client can't set cipher list 2"); } #endif useClientCert = 0; } if (useAnon) { #ifdef HAVE_ANON if (cipherList == NULL) { wolfSSL_CTX_allow_anon_cipher(ctx); if (wolfSSL_CTX_set_cipher_list(ctx,"ADH-AES128-SHA") != SSL_SUCCESS) err_sys("client can't set cipher list 4"); } #endif useClientCert = 0; } #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); #endif #if defined(WOLFSSL_SNIFFER) && !defined(HAVE_NTRU) && !defined(HAVE_ECC) if (cipherList == NULL) { /* don't use EDH, can't sniff tmp keys */ if (wolfSSL_CTX_set_cipher_list(ctx, "AES256-SHA256") != SSL_SUCCESS) { err_sys("client can't set cipher list 3"); } } #endif #ifdef HAVE_OCSP if (useOcsp) { if (ocspUrl != NULL) { wolfSSL_CTX_SetOCSP_OverrideURL(ctx, ocspUrl); wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_NO_NONCE | WOLFSSL_OCSP_URL_OVERRIDE); } else wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_NO_NONCE); } #endif #ifdef USER_CA_CB wolfSSL_CTX_SetCACb(ctx, CaCb); #endif #ifdef VERIFY_CALLBACK wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myVerify); #endif #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) if (useClientCert){ if (wolfSSL_CTX_use_certificate_chain_file(ctx, ourCert) != SSL_SUCCESS) err_sys("can't load client cert file, check file and run from" " wolfSSL home dir"); if (wolfSSL_CTX_use_PrivateKey_file(ctx, ourKey, SSL_FILETYPE_PEM) != SSL_SUCCESS) err_sys("can't load client private key file, check file and run " "from wolfSSL home dir"); } if (!usePsk && !useAnon) { if (wolfSSL_CTX_load_verify_locations(ctx, verifyCert, 0) != SSL_SUCCESS) err_sys("can't load ca file, Please run from wolfSSL home dir"); } #endif #if !defined(NO_CERTS) if (!usePsk && !useAnon && doPeerCheck == 0) wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); if (!usePsk && !useAnon && overrideDateErrors == 1) wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myDateCb); #endif #ifdef HAVE_CAVIUM wolfSSL_CTX_UseCavium(ctx, CAVIUM_DEV_ID); #endif #ifdef HAVE_SNI if (sniHostName) if (wolfSSL_CTX_UseSNI(ctx, 0, sniHostName, XSTRLEN(sniHostName)) != SSL_SUCCESS) err_sys("UseSNI failed"); #endif #ifdef HAVE_MAX_FRAGMENT if (maxFragment) if (wolfSSL_CTX_UseMaxFragment(ctx, maxFragment) != SSL_SUCCESS) err_sys("UseMaxFragment failed"); #endif #ifdef HAVE_TRUNCATED_HMAC if (truncatedHMAC) if (wolfSSL_CTX_UseTruncatedHMAC(ctx) != SSL_SUCCESS) err_sys("UseTruncatedHMAC failed"); #endif #ifdef HAVE_SESSION_TICKET if (wolfSSL_CTX_UseSessionTicket(ctx) != SSL_SUCCESS) err_sys("UseSessionTicket failed"); #endif if (benchmark) { /* time passed in number of connects give average */ int times = benchmark; int i = 0; double start = current_time(), avg; for (i = 0; i < times; i++) { tcp_connect(&sockfd, host, port, doDTLS); ssl = wolfSSL_new(ctx); wolfSSL_set_fd(ssl, sockfd); if (wolfSSL_connect(ssl) != SSL_SUCCESS) err_sys("SSL_connect failed"); wolfSSL_shutdown(ssl); wolfSSL_free(ssl); CloseSocket(sockfd); } avg = current_time() - start; avg /= times; avg *= 1000; /* milliseconds */ printf("wolfSSL_connect avg took: %8.3f milliseconds\n", avg); wolfSSL_CTX_free(ctx); ((func_args*)args)->return_code = 0; exit(EXIT_SUCCESS); } #if defined(WOLFSSL_MDK_ARM) wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); #endif ssl = wolfSSL_new(ctx); if (ssl == NULL) err_sys("unable to get SSL object"); #ifdef HAVE_SESSION_TICKET wolfSSL_set_SessionTicket_cb(ssl, sessionTicketCB, (void*)"initial session"); #endif if (doDTLS) { SOCKADDR_IN_T addr; build_addr(&addr, host, port, 1); wolfSSL_dtls_set_peer(ssl, &addr, sizeof(addr)); tcp_socket(&sockfd, 1); } else { tcp_connect(&sockfd, host, port, 0); } #ifdef HAVE_POLY1305 /* use old poly to connect with google server */ if (!XSTRNCMP(domain, "www.google.com", 14)) { if (wolfSSL_use_old_poly(ssl, 1) != 0) err_sys("unable to set to old poly"); } #endif wolfSSL_set_fd(ssl, sockfd); #ifdef HAVE_CRL if (wolfSSL_EnableCRL(ssl, WOLFSSL_CRL_CHECKALL) != SSL_SUCCESS) err_sys("can't enable crl check"); if (wolfSSL_LoadCRL(ssl, crlPemDir, SSL_FILETYPE_PEM, 0) != SSL_SUCCESS) err_sys("can't load crl, check crlfile and date validity"); if (wolfSSL_SetCRL_Cb(ssl, CRL_CallBack) != SSL_SUCCESS) err_sys("can't set crl callback"); #endif #ifdef HAVE_SECURE_RENEGOTIATION if (scr) { if (wolfSSL_UseSecureRenegotiation(ssl) != SSL_SUCCESS) err_sys("can't enable secure renegotiation"); } #endif #ifdef ATOMIC_USER if (atomicUser) SetupAtomicUser(ctx, ssl); #endif #ifdef HAVE_PK_CALLBACKS if (pkCallbacks) SetupPkCallbacks(ctx, ssl); #endif if (matchName && doPeerCheck) wolfSSL_check_domain_name(ssl, domain); #ifndef WOLFSSL_CALLBACKS if (nonBlocking) { wolfSSL_set_using_nonblock(ssl, 1); tcp_set_nonblocking(&sockfd); NonBlockingSSL_Connect(ssl); } else if (wolfSSL_connect(ssl) != SSL_SUCCESS) { /* see note at top of README */ int err = wolfSSL_get_error(ssl, 0); char buffer[WOLFSSL_MAX_ERROR_SZ]; printf("err = %d, %s\n", err, wolfSSL_ERR_error_string(err, buffer)); err_sys("SSL_connect failed"); /* if you're getting an error here */ } #else timeout.tv_sec = 2; timeout.tv_usec = 0; NonBlockingSSL_Connect(ssl); /* will keep retrying on timeout */ #endif showPeer(ssl); #ifdef HAVE_SECURE_RENEGOTIATION if (scr && forceScr) { if (nonBlocking) { printf("not doing secure renegotiation on example with" " nonblocking yet"); } else { #ifndef NO_SESSION_CACHE if (resumeSession) { session = wolfSSL_get_session(ssl); wolfSSL_set_session(ssl, session); resumeSession = 0; /* only resume once */ } #endif if (wolfSSL_Rehandshake(ssl) != SSL_SUCCESS) { int err = wolfSSL_get_error(ssl, 0); char buffer[WOLFSSL_MAX_ERROR_SZ]; printf("err = %d, %s\n", err, wolfSSL_ERR_error_string(err, buffer)); err_sys("wolfSSL_Rehandshake failed"); } } } #endif /* HAVE_SECURE_RENEGOTIATION */ if (sendGET) { printf("SSL connect ok, sending GET...\n"); msgSz = 28; strncpy(msg, "GET /index.html HTTP/1.0\r\n\r\n", msgSz); msg[msgSz] = '\0'; } if (wolfSSL_write(ssl, msg, msgSz) != msgSz) err_sys("SSL_write failed"); input = wolfSSL_read(ssl, reply, sizeof(reply)-1); if (input > 0) { reply[input] = 0; printf("Server response: %s\n", reply); if (sendGET) { /* get html */ while (1) { input = wolfSSL_read(ssl, reply, sizeof(reply)-1); if (input > 0) { reply[input] = 0; printf("%s\n", reply); } else break; } } } else if (input < 0) { int readErr = wolfSSL_get_error(ssl, 0); if (readErr != SSL_ERROR_WANT_READ) err_sys("wolfSSL_read failed"); } #ifndef NO_SESSION_CACHE if (resumeSession) { if (doDTLS) { strncpy(msg, "break", 6); msgSz = (int)strlen(msg); /* try to send session close */ wolfSSL_write(ssl, msg, msgSz); } session = wolfSSL_get_session(ssl); sslResume = wolfSSL_new(ctx); } #endif if (doDTLS == 0) /* don't send alert after "break" command */ wolfSSL_shutdown(ssl); /* echoserver will interpret as new conn */ #ifdef ATOMIC_USER if (atomicUser) FreeAtomicUser(ssl); #endif wolfSSL_free(ssl); CloseSocket(sockfd); #ifndef NO_SESSION_CACHE if (resumeSession) { if (doDTLS) { SOCKADDR_IN_T addr; #ifdef USE_WINDOWS_API Sleep(500); #elif defined(WOLFSSL_TIRTOS) Task_sleep(1); #else sleep(1); #endif build_addr(&addr, host, port, 1); wolfSSL_dtls_set_peer(sslResume, &addr, sizeof(addr)); tcp_socket(&sockfd, 1); } else { tcp_connect(&sockfd, host, port, 0); } wolfSSL_set_fd(sslResume, sockfd); wolfSSL_set_session(sslResume, session); #ifdef HAVE_SESSION_TICKET wolfSSL_set_SessionTicket_cb(sslResume, sessionTicketCB, (void*)"resumed session"); #endif showPeer(sslResume); #ifndef WOLFSSL_CALLBACKS if (nonBlocking) { wolfSSL_set_using_nonblock(sslResume, 1); tcp_set_nonblocking(&sockfd); NonBlockingSSL_Connect(sslResume); } else if (wolfSSL_connect(sslResume) != SSL_SUCCESS) err_sys("SSL resume failed"); #else timeout.tv_sec = 2; timeout.tv_usec = 0; NonBlockingSSL_Connect(ssl); /* will keep retrying on timeout */ #endif if (wolfSSL_session_reused(sslResume)) printf("reused session id\n"); else printf("didn't reuse session id!!!\n"); if (wolfSSL_write(sslResume, resumeMsg, resumeSz) != resumeSz) err_sys("SSL_write failed"); if (nonBlocking) { /* give server a chance to bounce a message back to client */ #ifdef USE_WINDOWS_API Sleep(500); #elif defined(WOLFSSL_TIRTOS) Task_sleep(1); #else sleep(1); #endif } input = wolfSSL_read(sslResume, reply, sizeof(reply)-1); if (input > 0) { reply[input] = 0; printf("Server resume response: %s\n", reply); } /* try to send session break */ wolfSSL_write(sslResume, msg, msgSz); wolfSSL_shutdown(sslResume); wolfSSL_free(sslResume); CloseSocket(sockfd); } #endif /* NO_SESSION_CACHE */ wolfSSL_CTX_free(ctx); ((func_args*)args)->return_code = 0; #ifdef USE_WOLFSSL_MEMORY if (trackMemory) ShowMemoryTracker(); #endif /* USE_WOLFSSL_MEMORY */ #if !defined(WOLFSSL_TIRTOS) return 0; #endif }
int main(int argc, char **argv){ int sockfd, sock, ret; WOLFSSL* ssl; WOLFSSL* sslResume = 0; WOLFSSL_SESSION* session = 0; WOLFSSL_CTX* ctx; struct sockaddr_in servaddr;; /* must include an ip address of this will flag */ if (argc != 2) { printf("Usage: tcpClient <IPaddress>\n"); return 1; } wolfSSL_Init(); /* initialize wolfSSL */ /* create and initialize WOLFSSL_CTX structure */ if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL) { fprintf(stderr, "SSL_CTX_new error.\n"); return 1; } /* create a stream socket using tcp,internet protocal IPv4, * full-duplex stream */ sockfd = socket(AF_INET, SOCK_STREAM, 0); /* places n zero-valued bytes in the address servaddr */ memset(&servaddr, 0, sizeof(servaddr)); servaddr.sin_family = AF_INET; servaddr.sin_port = htons(SERV_PORT); /* converts IPv4 addresses from text to binary form */ ret = inet_pton(AF_INET, argv[1], &servaddr.sin_addr); if (ret != 1){ return 1; } /* set up pre shared keys */ wolfSSL_CTX_set_psk_client_callback(ctx, My_Psk_Client_Cb); /* attempts to make a connection on a socket */ ret = connect(sockfd, (struct sockaddr *) &servaddr, sizeof(servaddr)); if (ret != 0 ){ return 1; } /* create wolfSSL object after each tcp connect */ if ( (ssl = wolfSSL_new(ctx)) == NULL) { fprintf(stderr, "wolfSSL_new error.\n"); return 1; } /* associate the file descriptor with the session */ wolfSSL_set_fd(ssl, sockfd); /* takes inputting string and outputs it to the server */ SendReceive(ssl); /* Save the session ID to reuse */ session = wolfSSL_get_session(ssl); sslResume = wolfSSL_new(ctx); /* shut down wolfSSL */ wolfSSL_shutdown(ssl); /* close connection */ close(sockfd); /* cleanup */ wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); wolfSSL_Cleanup(); /* * resume session, start new connection and socket */ /* start a new socket connection */ sock = socket(AF_INET, SOCK_STREAM, 0); /* connect to the socket */ ret = connect(sock, (struct sockaddr *) &servaddr, sizeof(servaddr)); if (ret != 0){ return 1; } /* set the session ID to connect to the server */ wolfSSL_set_fd(sslResume, sock); wolfSSL_set_session(sslResume, session); /* check has connect successfully */ if (wolfSSL_connect(sslResume) != SSL_SUCCESS) { printf("SSL resume failed\n"); return 1; } /* takes inputting string and outputs it to the server */ ret = SendReceive(sslResume); if (ret != 0) { return 1; } /* check to see if the session id is being reused */ if (wolfSSL_session_reused(sslResume)) printf("reused session id\n"); else printf("didn't reuse session id!!!\n"); /* shut down wolfSSL */ wolfSSL_shutdown(sslResume); /* shut down socket */ close(sock); /* clean up */ wolfSSL_free(sslResume); wolfSSL_CTX_free(ctx); wolfSSL_Cleanup(); return ret; }
static void test_client_nofail(void* args) { SOCKET_T sockfd = 0; WOLFSSL_METHOD* method = 0; WOLFSSL_CTX* ctx = 0; WOLFSSL* ssl = 0; char msg[64] = "hello wolfssl!"; char reply[1024]; int input; int msgSz = (int)strlen(msg); #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif ((func_args*)args)->return_code = TEST_FAIL; method = wolfSSLv23_client_method(); ctx = wolfSSL_CTX_new(method); #ifdef OPENSSL_EXTRA wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); #endif if (wolfSSL_CTX_load_verify_locations(ctx, caCert, 0) != SSL_SUCCESS) { /* err_sys("can't load ca file, Please run from wolfSSL home dir");*/ goto done2; } if (wolfSSL_CTX_use_certificate_file(ctx, cliCert, SSL_FILETYPE_PEM) != SSL_SUCCESS) { /*err_sys("can't load client cert file, " "Please run from wolfSSL home dir");*/ goto done2; } if (wolfSSL_CTX_use_PrivateKey_file(ctx, cliKey, SSL_FILETYPE_PEM) != SSL_SUCCESS) { /*err_sys("can't load client key file, " "Please run from wolfSSL home dir");*/ goto done2; } tcp_connect(&sockfd, wolfSSLIP, ((func_args*)args)->signal->port, 0); ssl = wolfSSL_new(ctx); wolfSSL_set_fd(ssl, sockfd); if (wolfSSL_connect(ssl) != SSL_SUCCESS) { int err = wolfSSL_get_error(ssl, 0); char buffer[WOLFSSL_MAX_ERROR_SZ]; printf("err = %d, %s\n", err, wolfSSL_ERR_error_string(err, buffer)); /*printf("SSL_connect failed");*/ goto done2; } if (wolfSSL_write(ssl, msg, msgSz) != msgSz) { /*err_sys("SSL_write failed");*/ goto done2; } input = wolfSSL_read(ssl, reply, sizeof(reply)-1); if (input > 0) { reply[input] = 0; printf("Server response: %s\n", reply); } done2: wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); CloseSocket(sockfd); ((func_args*)args)->return_code = TEST_SUCCESS; #ifdef WOLFSSL_TIRTOS fdCloseSession(Task_self()); #endif return; }
static void run_wolfssl_client(void* args) { callback_functions* callbacks = ((func_args*)args)->callbacks; WOLFSSL_CTX* ctx = wolfSSL_CTX_new(callbacks->method()); WOLFSSL* ssl = NULL; SOCKET_T sfd = 0; char msg[] = "hello wolfssl server!"; int len = (int) XSTRLEN(msg); char input[1024]; int idx; #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif ((func_args*)args)->return_code = TEST_FAIL; #ifdef OPENSSL_EXTRA wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); #endif AssertIntEQ(SSL_SUCCESS, wolfSSL_CTX_load_verify_locations(ctx, caCert, 0)); AssertIntEQ(SSL_SUCCESS, wolfSSL_CTX_use_certificate_file(ctx, cliCert, SSL_FILETYPE_PEM)); AssertIntEQ(SSL_SUCCESS, wolfSSL_CTX_use_PrivateKey_file(ctx, cliKey, SSL_FILETYPE_PEM)); if (callbacks->ctx_ready) callbacks->ctx_ready(ctx); tcp_connect(&sfd, wolfSSLIP, ((func_args*)args)->signal->port, 0); ssl = wolfSSL_new(ctx); wolfSSL_set_fd(ssl, sfd); if (callbacks->ssl_ready) callbacks->ssl_ready(ssl); if (wolfSSL_connect(ssl) != SSL_SUCCESS) { int err = wolfSSL_get_error(ssl, 0); char buffer[WOLFSSL_MAX_ERROR_SZ]; printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buffer)); } else { AssertIntEQ(len, wolfSSL_write(ssl, msg, len)); if (0 < (idx = wolfSSL_read(ssl, input, sizeof(input)-1))) { input[idx] = 0; printf("Server response: %s\n", input); } } if (callbacks->on_result) callbacks->on_result(ssl); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); CloseSocket(sfd); ((func_args*)args)->return_code = TEST_SUCCESS; #ifdef WOLFSSL_TIRTOS fdCloseSession(Task_self()); #endif }