static void test_server_wolfSSL_new(void) { #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) WOLFSSL_CTX *ctx; WOLFSSL_CTX *ctx_nocert; WOLFSSL *ssl; AssertNotNull(ctx_nocert = wolfSSL_CTX_new(wolfSSLv23_server_method())); AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCert, SSL_FILETYPE_PEM)); AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKey, SSL_FILETYPE_PEM)); /* invalid context */ AssertNull(ssl = wolfSSL_new(NULL)); AssertNull(ssl = wolfSSL_new(ctx_nocert)); /* success */ AssertNotNull(ssl = wolfSSL_new(ctx)); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); wolfSSL_CTX_free(ctx_nocert); #endif }
static void test_client_wolfSSL_new(void) { #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) WOLFSSL_CTX *ctx; WOLFSSL_CTX *ctx_nocert; WOLFSSL *ssl; AssertNotNull(ctx_nocert = wolfSSL_CTX_new(wolfSSLv23_client_method())); AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); AssertTrue(wolfSSL_CTX_load_verify_locations(ctx, caCert, 0)); /* invalid context */ AssertNull(ssl = wolfSSL_new(NULL)); /* success */ AssertNotNull(ssl = wolfSSL_new(ctx_nocert)); wolfSSL_free(ssl); /* success */ AssertNotNull(ssl = wolfSSL_new(ctx)); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); wolfSSL_CTX_free(ctx_nocert); #endif }
static void test_wolfSSL_CTX_new(WOLFSSL_METHOD *method) { WOLFSSL_CTX *ctx; AssertNull(ctx = wolfSSL_CTX_new(NULL)); AssertNotNull(method); AssertNotNull(ctx = wolfSSL_CTX_new(method)); wolfSSL_CTX_free(ctx); }
static void prvInitialiseWolfSSL( void ) { int32_t iReturn; #ifdef DEBUG_WOLFSSL { wolfSSL_Debugging_ON(); } #endif /* Initialise wolfSSL. This must be done before any other wolfSSL functions are called. */ wolfSSL_Init(); /* Attempt to create a context that uses the TLS 1.2 server protocol. */ xWolfSSL_ServerContext = wolfSSL_CTX_new( wolfTLSv1_2_server_method() ); if( xWolfSSL_ServerContext != NULL ) { /* Load the CA certificate. Real applications should ensure that wolfSSL_CTX_load_verify_locations() returns SSL_SUCCESS before proceeding. */ iReturn = wolfSSL_CTX_load_verify_locations( xWolfSSL_ServerContext, "ca-cert.pem", 0 ); configASSERT( iReturn == SSL_SUCCESS ); iReturn = wolfSSL_CTX_use_certificate_file( xWolfSSL_ServerContext, "server-cert.pem", SSL_FILETYPE_PEM ); configASSERT( iReturn == SSL_SUCCESS ); iReturn = wolfSSL_CTX_use_PrivateKey_file( xWolfSSL_ServerContext, "server-key.pem", SSL_FILETYPE_PEM ); configASSERT( iReturn == SSL_SUCCESS ); } }
static void* client_thread(void* args) { /* set up client */ WOLFSSL_CTX* cli_ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()); if (cli_ctx == NULL) err_sys("bad client ctx new"); int ret = wolfSSL_CTX_load_verify_locations(cli_ctx, cacert, NULL); if (ret != SSL_SUCCESS) err_sys("bad ca load"); wolfSSL_SetIOSend(cli_ctx, ClientSend); wolfSSL_SetIORecv(cli_ctx, ClientRecv); WOLFSSL* cli_ssl = wolfSSL_new(cli_ctx); if (cli_ctx == NULL) err_sys("bad client new"); ret = wolfSSL_connect(cli_ssl); if (ret != SSL_SUCCESS) err_sys("bad client tls connect"); printf("wolfSSL client success!\n"); ret = wolfSSL_write(cli_ssl, "hello memory wolfSSL!", 21); /* clean up */ wolfSSL_free(cli_ssl); wolfSSL_CTX_free(cli_ctx); return NULL; }
static void test_wolfSSL_CTX_use_PrivateKey_file(void) { #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) WOLFSSL_CTX *ctx; AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); /* invalid context */ AssertFalse(wolfSSL_CTX_use_PrivateKey_file(NULL, svrKey, SSL_FILETYPE_PEM)); /* invalid key file */ AssertFalse(wolfSSL_CTX_use_PrivateKey_file(ctx, bogusFile, SSL_FILETYPE_PEM)); /* invalid key type */ AssertFalse(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKey, 9999)); /* success */ #ifdef NO_RSA /* rsa needed */ AssertFalse(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKey, SSL_FILETYPE_PEM)); #else /* success */ AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKey, SSL_FILETYPE_PEM)); #endif wolfSSL_CTX_free(ctx); #endif }
static void test_wolfSSL_UseSupportedCurve(void) { #ifdef HAVE_SUPPORTED_CURVES WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); WOLFSSL *ssl = wolfSSL_new(ctx); AssertNotNull(ctx); AssertNotNull(ssl); #ifndef NO_WOLFSSL_CLIENT /* error cases */ AssertIntNE(SSL_SUCCESS, wolfSSL_CTX_UseSupportedCurve(NULL, WOLFSSL_ECC_SECP256R1)); AssertIntNE(SSL_SUCCESS, wolfSSL_CTX_UseSupportedCurve(ctx, 0)); AssertIntNE(SSL_SUCCESS, wolfSSL_UseSupportedCurve(NULL, WOLFSSL_ECC_SECP256R1)); AssertIntNE(SSL_SUCCESS, wolfSSL_UseSupportedCurve(ssl, 0)); /* success case */ AssertIntEQ(SSL_SUCCESS, wolfSSL_CTX_UseSupportedCurve(ctx, WOLFSSL_ECC_SECP256R1)); AssertIntEQ(SSL_SUCCESS, wolfSSL_UseSupportedCurve(ssl, WOLFSSL_ECC_SECP256R1)); #endif wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); #endif }
static void test_wolfSSL_UseMaxFragment(void) { #ifdef HAVE_MAX_FRAGMENT WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); WOLFSSL *ssl = wolfSSL_new(ctx); AssertNotNull(ctx); AssertNotNull(ssl); /* error cases */ AssertIntNE(SSL_SUCCESS, wolfSSL_CTX_UseMaxFragment(NULL, WOLFSSL_MFL_2_9)); AssertIntNE(SSL_SUCCESS, wolfSSL_UseMaxFragment( NULL, WOLFSSL_MFL_2_9)); AssertIntNE(SSL_SUCCESS, wolfSSL_CTX_UseMaxFragment(ctx, 0)); AssertIntNE(SSL_SUCCESS, wolfSSL_CTX_UseMaxFragment(ctx, 6)); AssertIntNE(SSL_SUCCESS, wolfSSL_UseMaxFragment(ssl, 0)); AssertIntNE(SSL_SUCCESS, wolfSSL_UseMaxFragment(ssl, 6)); /* success case */ AssertIntEQ(SSL_SUCCESS, wolfSSL_CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_9)); AssertIntEQ(SSL_SUCCESS, wolfSSL_CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_10)); AssertIntEQ(SSL_SUCCESS, wolfSSL_CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_11)); AssertIntEQ(SSL_SUCCESS, wolfSSL_CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_12)); AssertIntEQ(SSL_SUCCESS, wolfSSL_CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_13)); AssertIntEQ(SSL_SUCCESS, wolfSSL_UseMaxFragment( ssl, WOLFSSL_MFL_2_9)); AssertIntEQ(SSL_SUCCESS, wolfSSL_UseMaxFragment( ssl, WOLFSSL_MFL_2_10)); AssertIntEQ(SSL_SUCCESS, wolfSSL_UseMaxFragment( ssl, WOLFSSL_MFL_2_11)); AssertIntEQ(SSL_SUCCESS, wolfSSL_UseMaxFragment( ssl, WOLFSSL_MFL_2_12)); AssertIntEQ(SSL_SUCCESS, wolfSSL_UseMaxFragment( ssl, WOLFSSL_MFL_2_13)); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); #endif }
/* Use this callback to setup TLS certificates and verify callbacks */ static int mqttclient_tls_cb(MqttClient* client) { int rc = SSL_FAILURE; (void)client; /* Supress un-used argument */ client->tls.ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()); if (client->tls.ctx) { wolfSSL_CTX_set_verify(client->tls.ctx, SSL_VERIFY_PEER, mqttclient_tls_verify_cb); if (mTlsFile) { #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) /* Load CA certificate file */ rc = wolfSSL_CTX_load_verify_locations(client->tls.ctx, mTlsFile, 0); #else rc = SSL_SUCCESS; #endif } else { rc = SSL_SUCCESS; } } PRINTF("MQTT TLS Setup (%d)", rc); return rc; }
bool NET_PRES_EncProviderStreamClientInit0(NET_PRES_TransportObject * transObject) { const uint8_t * caCertsPtr; int32_t caCertsLen; if (!NET_PRES_CertStoreGetCACerts(&caCertsPtr, &caCertsLen, 0)) { return false; } if (_net_pres_wolfsslUsers == 0) { wolfSSL_Init(); _net_pres_wolfsslUsers++; } net_pres_wolfSSLInfoStreamClient0.transObject = transObject; net_pres_wolfSSLInfoStreamClient0.context = wolfSSL_CTX_new(wolfSSLv23_client_method()); if (net_pres_wolfSSLInfoStreamClient0.context == 0) { return false; } wolfSSL_SetIORecv(net_pres_wolfSSLInfoStreamClient0.context, (CallbackIORecv)&NET_PRES_EncGlue_StreamClientReceiveCb0); wolfSSL_SetIOSend(net_pres_wolfSSLInfoStreamClient0.context, (CallbackIOSend)&NET_PRES_EncGlue_StreamClientSendCb0); if (wolfSSL_CTX_load_verify_buffer(net_pres_wolfSSLInfoStreamClient0.context, caCertsPtr, caCertsLen, SSL_FILETYPE_ASN1) != SSL_SUCCESS) { // Couldn't load the certificates //SYS_CONSOLE_MESSAGE("Something went wrong loading the certificates\r\n"); wolfSSL_CTX_free(net_pres_wolfSSLInfoStreamClient0.context); return false; } // Turn off verification, because SNTP is usually blocked by a firewall wolfSSL_CTX_set_verify(net_pres_wolfSSLInfoStreamClient0.context, SSL_VERIFY_NONE, 0); net_pres_wolfSSLInfoStreamClient0.isInited = true; return true; }
/* Use this callback to setup TLS certificates and verify callbacks */ static int mqtt_aws_tls_cb(MqttClient* client) { int rc = SSL_FAILURE; client->tls.ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()); if (client->tls.ctx) { wolfSSL_CTX_set_verify(client->tls.ctx, SSL_VERIFY_PEER, mqtt_aws_tls_verify_cb); /* Load CA certificate buffer */ rc = wolfSSL_CTX_load_verify_buffer(client->tls.ctx, (const byte*)root_ca, (long)XSTRLEN(root_ca), SSL_FILETYPE_PEM); /* Load Client Cert */ if (rc == SSL_SUCCESS) rc = wolfSSL_CTX_use_certificate_buffer(client->tls.ctx, (const byte*)device_cert, (long)XSTRLEN(device_cert), SSL_FILETYPE_PEM); /* Load Private Key */ if (rc == SSL_SUCCESS) rc = wolfSSL_CTX_use_PrivateKey_buffer(client->tls.ctx, (const byte*)device_priv_key, (long)XSTRLEN(device_priv_key), SSL_FILETYPE_PEM); } PRINTF("MQTT TLS Setup (%d)", rc); return rc; }
static void test_wolfSSL_CTX_load_verify_locations(void) { #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) WOLFSSL_CTX *ctx; AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); /* invalid context */ AssertFalse(wolfSSL_CTX_load_verify_locations(NULL, caCert, 0)); /* invalid ca file */ AssertFalse(wolfSSL_CTX_load_verify_locations(ctx, NULL, 0)); AssertFalse(wolfSSL_CTX_load_verify_locations(ctx, bogusFile, 0)); #ifndef WOLFSSL_TIRTOS /* invalid path */ /* not working... investigate! */ /* AssertFalse(wolfSSL_CTX_load_verify_locations(ctx, caCert, bogusFile)); */ #endif /* success */ AssertTrue(wolfSSL_CTX_load_verify_locations(ctx, caCert, 0)); wolfSSL_CTX_free(ctx); #endif }
void *mod_wolftls_create(http_server_t *server, char *unused, mod_tls_t *modconfig) { int ret; _mod_wolftls_t *mod; if (!modconfig) return NULL; mod = calloc(1, sizeof(*mod)); wolfSSL_Init(); mod->method = wolfTLSv1_2_server_method(); if ( (mod->ctx = wolfSSL_CTX_new(mod->method)) == NULL) goto wolfftls_out_ctx; if (modconfig->crtfile) { ret = wolfSSL_CTX_use_certificate_file(mod->ctx, modconfig->crtfile, SSL_FILETYPE_PEM); if (ret != WOLFSSL_SUCCESS) { err("wolftls: CTX_use_certificate_file %d %d\n", ret, WOLFSSL_SUCCESS); goto wolfftls_out_certfile; } } if (modconfig->pemfile) { ret = wolfSSL_CTX_use_PrivateKey_file(mod->ctx, modconfig->pemfile, SSL_FILETYPE_PEM); if (ret != WOLFSSL_SUCCESS) { err("wolftls: CTX_use_PrivateKey_file pem %d\n", ret); goto wolfftls_out_certfile; } } if (modconfig->cachain) { ret = wolfSSL_CTX_use_certificate_chain_file(mod->ctx, modconfig->cachain); if (ret != WOLFSSL_SUCCESS) { err("wolftls: CTX_use_certificate_chain_file cachain %d\n", ret); goto wolfftls_out_certfile; } } httpserver_addmod(server, _mod_wolftls_getctx, _mod_wolftls_freectx, mod, str_wolftls); return mod; wolfftls_out_certfile: wolfSSL_CTX_free(mod->ctx); wolfftls_out_ctx: free(mod); return NULL; }
int Client(const char* ip, word16 port) { int n; char msg[] = "hello wolfssl"; char reply[MAXSZ]; int msgSz = strlen(msg); SOCKET_T fd; WOLFSSL_CTX* ctx; WOLFSSL* ssl; if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL) err_sys("Error in setting client ctx\n"); if (wolfSSL_CTX_load_verify_locations(ctx, caCert, 0) != SSL_SUCCESS) err_sys("trouble loading client cert"); if (wolfSSL_CTX_use_certificate_file(ctx, cliCert, SSL_FILETYPE_PEM) != SSL_SUCCESS) err_sys("trouble loading client cert"); if (wolfSSL_CTX_use_PrivateKey_file(ctx, cliKey, SSL_FILETYPE_PEM) != SSL_SUCCESS) err_sys("trouble loading client cert"); /*sets the IO callback methods*/ wolfSSL_SetIORecv(ctx, CbIORecv); wolfSSL_SetIOSend(ctx, CbIOSend); if ((ssl = wolfSSL_new(ctx)) == NULL) err_sys("issue when creating ssl"); tcp_connect(&fd, ip, port, 0); wolfSSL_set_fd(ssl, fd); if (wolfSSL_connect(ssl) != SSL_SUCCESS) err_sys("client connect failed"); if (wolfSSL_write(ssl, msg, msgSz) != msgSz) err_sys("client write failed"); memset(reply, 0, MAXSZ); if ((n = wolfSSL_read(ssl, reply, MAXSZ - 1)) > 0) { reply[n] = '\0'; } else { printf("client read returned %d\n", n); return -1; } printf("Server sent : %s\n", reply); wolfSSL_shutdown(ssl); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); return 0; }
bool NET_PRES_EncProviderStreamClientInit0(NET_PRES_TransportObject * transObject) { const uint8_t * caCertsPtr; int32_t caCertsLen; if (!NET_PRES_CertStoreGetCACerts(&caCertsPtr, &caCertsLen, 0)) { return false; } if (_net_pres_wolfsslUsers == 0) { wolfSSL_Init(); _net_pres_wolfsslUsers++; } net_pres_wolfSSLInfoStreamClient0.transObject = transObject; net_pres_wolfSSLInfoStreamClient0.context = wolfSSL_CTX_new(wolfSSLv23_client_method()); if (net_pres_wolfSSLInfoStreamClient0.context == 0) { return false; } wolfSSL_SetIORecv(net_pres_wolfSSLInfoStreamClient0.context, (CallbackIORecv)&NET_PRES_EncGlue_StreamClientReceiveCb0); wolfSSL_SetIOSend(net_pres_wolfSSLInfoStreamClient0.context, (CallbackIOSend)&NET_PRES_EncGlue_StreamClientSendCb0); // Turn off verification, because SNTP is usually blocked by a firewall wolfSSL_CTX_set_verify(net_pres_wolfSSLInfoStreamClient0.context, SSL_VERIFY_NONE, 0); if (wolfSSL_CTX_load_verify_buffer(net_pres_wolfSSLInfoStreamClient0.context, caCertsPtr, caCertsLen, SSL_FILETYPE_ASN1) != SSL_SUCCESS) { // Couldn't load the certificates wolfSSL_CTX_free(net_pres_wolfSSLInfoStreamClient0.context); return false; } if(wolfSSL_CTX_use_PrivateKey_buffer(net_pres_wolfSSLInfoStreamClient0.context, (unsigned char *)appData.clientKey, strlen((char *)appData.clientKey), SSL_FILETYPE_PEM) != SSL_SUCCESS) { // Couldn't load the private key wolfSSL_CTX_free(net_pres_wolfSSLInfoStreamClient0.context); return false; } // Loading the client cert so that the server can authenticate us (client authentication)) if(wolfSSL_CTX_use_certificate_buffer(net_pres_wolfSSLInfoStreamClient0.context, (unsigned char *)appData.clientCert, strlen((char *)appData.clientCert), SSL_FILETYPE_PEM) != SSL_SUCCESS) { // Couldn't load the client certificate wolfSSL_CTX_free(net_pres_wolfSSLInfoStreamClient0.context); return false; } // Turn off verification, because SNTP is usually blocked by a firewall wolfSSL_CTX_set_verify(net_pres_wolfSSLInfoStreamClient0.context, SSL_VERIFY_NONE, 0); net_pres_wolfSSLInfoStreamClient0.isInited = true; return true; }
int SuiteTest(void) { func_args args; char argv0[2][80]; char* myArgv[2]; printf(" Begin Cipher Suite Tests\n"); /* setup */ myArgv[0] = argv0[0]; myArgv[1] = argv0[1]; args.argv = myArgv; strcpy(argv0[0], "SuiteTest"); (void)test_harness; cipherSuiteCtx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()); if (cipherSuiteCtx == NULL) { printf("can't get cipher suite ctx\n"); exit(EXIT_FAILURE); } /* default case */ args.argc = 1; printf("starting default cipher suite tests\n"); test_harness(&args); if (args.return_code != 0) { printf("error from script %d\n", args.return_code); exit(EXIT_FAILURE); } /* any extra cases will need another argument */ args.argc = 2; #ifdef WOLFSSL_DTLS /* add dtls extra suites */ strcpy(argv0[1], "tests/test-dtls.conf"); printf("starting dtls extra cipher suite tests\n"); test_harness(&args); if (args.return_code != 0) { printf("error from script %d\n", args.return_code); exit(EXIT_FAILURE); } #endif printf(" End Cipher Suite Tests\n"); wolfSSL_CTX_free(cipherSuiteCtx); wolfSSL_Cleanup(); return args.return_code; }
int main() { int sockfd; WOLFSSL_CTX* ctx; WOLFSSL* ssl; WOLFSSL_METHOD* method; struct sockaddr_in servAddr; const char message[] = "Hello, World!"; /* create and set up socket */ sockfd = socket(AF_INET, SOCK_STREAM, 0); memset(&servAddr, 0, sizeof(servAddr)); servAddr.sin_family = AF_INET; servAddr.sin_port = htons(SERV_PORT); /* connect to socket */ connect(sockfd, (struct sockaddr *) &servAddr, sizeof(servAddr)); /* initialize wolfssl library */ wolfSSL_Init(); method = wolfTLSv1_2_client_method(); /* use TLS v1.2 */ /* make new ssl context */ if ( (ctx = wolfSSL_CTX_new(method)) == NULL) { err_sys("wolfSSL_CTX_new error"); } /* make new wolfSSL struct */ if ( (ssl = wolfSSL_new(ctx)) == NULL) { err_sys("wolfSSL_new error"); } /* Add cert to ctx */ if (wolfSSL_CTX_load_verify_locations(ctx, "certs/ca-cert.pem", 0) != SSL_SUCCESS) { err_sys("Error loading certs/ca-cert.pem"); } /* Connect wolfssl to the socket, server, then send message */ wolfSSL_set_fd(ssl, sockfd); wolfSSL_connect(ssl); wolfSSL_write(ssl, message, strlen(message)); /* frees all data before client termination */ wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); wolfSSL_Cleanup(); }
/* Initialize the wolfSSL library and create a wolfSSL context. * * version The protocol version. * cert The client certificate for client authentication. * key The client private key for client authentication. * verifyCert The CA certificate for server authentication. * cipherList The list of ciphers, as a string, to negotiate. * wolfsslCtx The new wolfSSL context object. * returns EXIT_SUCCESS when a wolfSSL context object is created and * EXIT_FAILURE otherwise. */ static int WolfSSLCtx_Init(int version, char* cert, char* key, char* verifyCert, char* cipherList, WOLFSSL_CTX** wolfsslCtx) { WOLFSSL_CTX* ctx; wolfSSL_method_func method = NULL; method = SSL_GetMethod(version); if (method == NULL) return(EXIT_FAILURE); /* Create and initialize WOLFSSL_CTX structure */ if ((ctx = wolfSSL_CTX_new(method(NULL))) == NULL) { fprintf(stderr, "wolfSSL_CTX_new error.\n"); return(EXIT_FAILURE); } #ifdef WOLFSSL_ASYNC_CRYPT if (wolfAsync_DevOpen(&devId) != 0) { fprintf(stderr, "Async device open failed\nRunning without async\n"); } wolfSSL_CTX_UseAsync(ctx, devId); #endif if (cipherList) { if (wolfSSL_CTX_set_cipher_list(ctx, cipherList) != SSL_SUCCESS) err_sys("client can't set cipher list 1"); } /* load CA certificates into wolfSSL_CTX. which will verify the server */ if (wolfSSL_CTX_load_verify_locations(ctx, verifyCert, 0) != SSL_SUCCESS) { printf("Error loading %s. Please check the file.\n", verifyCert); return EXIT_FAILURE; } if (wolfSSL_CTX_use_certificate_chain_file(ctx, cert) != SSL_SUCCESS) { printf("Error loading %s. Please check the file.\n", cert); return EXIT_FAILURE; } if (wolfSSL_CTX_use_PrivateKey_file(ctx, key, SSL_FILETYPE_PEM) != SSL_SUCCESS) { printf("Error loading %s. Please check the file.\n", key); return EXIT_FAILURE; } *wolfsslCtx = ctx; return EXIT_SUCCESS; }
WolfSSLConnection::WolfSSLConnection() { wolfSSL_Init(); WOLFSSL_METHOD* method = wolfTLSv1_2_client_method(); if(method != NULL) { sslContext = wolfSSL_CTX_new(method); } else { sslContext = NULL; } isConnected = false; }
static void test_wolfSSL_UseTruncatedHMAC(void) { #ifdef HAVE_TRUNCATED_HMAC WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); WOLFSSL *ssl = wolfSSL_new(ctx); AssertNotNull(ctx); AssertNotNull(ssl); /* error cases */ AssertIntNE(SSL_SUCCESS, wolfSSL_CTX_UseTruncatedHMAC(NULL)); AssertIntNE(SSL_SUCCESS, wolfSSL_UseTruncatedHMAC(NULL)); /* success case */ AssertIntEQ(SSL_SUCCESS, wolfSSL_CTX_UseTruncatedHMAC(ctx)); AssertIntEQ(SSL_SUCCESS, wolfSSL_UseTruncatedHMAC(ssl)); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); #endif }
/* * applies TLS 1.2 security layer to data being sent. */ int Security(int sock) { WOLFSSL_CTX* ctx; WOLFSSL* ssl; /* create WOLFSSL object */ int ret = 0; wolfSSL_Init(); /* initialize wolfSSL */ /* create and initiLize WOLFSSL_CTX structure */ if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL) { printf("SSL_CTX_new error.\n"); return EXIT_FAILURE; } /* set callback for action when CA's are added */ wolfSSL_CTX_SetCACb(ctx, CaCb); /* load CA certificates into wolfSSL_CTX. which will verify the server */ if (wolfSSL_CTX_load_verify_locations(ctx, cert, 0) != SSL_SUCCESS) { printf("Error loading %s. Please check the file.\n", cert); return EXIT_FAILURE; } if ((ssl = wolfSSL_new(ctx)) == NULL) { printf("wolfSSL_new error.\n"); return EXIT_FAILURE; } wolfSSL_set_fd(ssl, sock); ret = wolfSSL_connect(ssl); if (ret == SSL_SUCCESS) { ret = ClientGreet(sock, ssl); } /* frees all data before client termination */ wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); wolfSSL_Cleanup(); return ret; }
int main() { /* set up server */ WOLFSSL_CTX* srv_ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method()); if (srv_ctx == NULL) err_sys("bad server ctx new"); int ret = wolfSSL_CTX_use_PrivateKey_file(srv_ctx, key, SSL_FILETYPE_PEM); if (ret != SSL_SUCCESS) err_sys("bad server key file load"); ret = wolfSSL_CTX_use_certificate_file(srv_ctx, cert, SSL_FILETYPE_PEM); if (ret != SSL_SUCCESS) err_sys("bad server cert file load"); wolfSSL_SetIOSend(srv_ctx, ServerSend); wolfSSL_SetIORecv(srv_ctx, ServerRecv); WOLFSSL* srv_ssl = wolfSSL_new(srv_ctx); if (srv_ctx == NULL) err_sys("bad server new"); /* start client thread */ pthread_t tid; pthread_create(&tid, 0, client_thread, NULL); /* accept tls connection without tcp sockets */ ret = wolfSSL_accept(srv_ssl); if (ret != SSL_SUCCESS) err_sys("bad server tls accept"); printf("wolfSSL accept success!\n"); /* read msg post handshake from client */ unsigned char buf[80]; memset(buf, 0, sizeof(buf)); ret = wolfSSL_read(srv_ssl, buf, sizeof(buf)-1); printf("client msg = %s\n", buf); /* clean up */ wolfSSL_free(srv_ssl); wolfSSL_CTX_free(srv_ctx); return 0; }
int main() { int sd = socket(PF_INET, SOCK_STREAM, IPPROTO_SCTP); if (sd < 0) err_sys("sctp socket error"); struct sockaddr_in sa; memset(&sa, 0, sizeof(sa)); sa.sin_family = AF_INET; sa.sin_addr.s_addr = htonl(INADDR_ANY); sa.sin_port = htons(12345); int ret = bind(sd, (struct sockaddr*)&sa, sizeof(sa)); if (ret < 0) err_sys("sctp bind error"); listen(sd, 3); int client_sd = accept(sd, NULL, NULL); if (client_sd < 0) err_sys("sctp accept error"); const char* response = "well hello to you"; char buffer[80]; WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfDTLSv1_2_server_method()); if (ctx == NULL) err_sys("ctx new dtls server failed"); ret = wolfSSL_CTX_dtls_set_sctp(ctx); if (ret != SSL_SUCCESS) err_sys("set sctp mode failed"); ret = wolfSSL_CTX_use_PrivateKey_file(ctx, key, SSL_FILETYPE_PEM); if (ret != SSL_SUCCESS) err_sys("use private key error"); ret = wolfSSL_CTX_use_certificate_file(ctx, cert, SSL_FILETYPE_PEM); if (ret != SSL_SUCCESS) err_sys("use cert error"); WOLFSSL* ssl = wolfSSL_new(ctx); if (ssl == NULL) err_sys("ssl new dtls server failed"); wolfSSL_set_fd(ssl, client_sd); ret = wolfSSL_accept(ssl); if (ret != SSL_SUCCESS) err_sys("ssl accept failed"); printf("TLS version is %s\n", wolfSSL_get_version(ssl)); printf("Cipher Suite is %s\n", wolfSSL_CIPHER_get_name(wolfSSL_get_current_cipher(ssl))); int got = wolfSSL_read(ssl, buffer, sizeof(buffer)); if (got > 0) { buffer[got] = 0; printf("client said: %s\n", buffer); } wolfSSL_write(ssl, response, (int)strlen(response)); unsigned char bigBuf[4096]; wolfSSL_read(ssl, bigBuf, sizeof(bigBuf)); wolfSSL_write(ssl, bigBuf, sizeof(bigBuf)); wolfSSL_shutdown(ssl); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); close(sd); return 0; }
int main(int argc, char **argv) { int ret, sockfd; WOLFSSL* ssl; WOLFSSL_CTX* ctx; struct sockaddr_in servaddr;; /* must include an ip address of this will flag */ if (argc != 2) { printf("Usage: tcpClient <IPaddress>\n"); return 1; } wolfSSL_Init(); /* initialize wolfSSL */ /* create and initialize WOLFSSL_CTX structure */ if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL) { fprintf(stderr, "SSL_CTX_new error.\n"); return 1; } /* create a stream socket using tcp,internet protocal IPv4, * full-duplex stream */ sockfd = socket(AF_INET, SOCK_STREAM, 0); /* places n zero-valued bytes in the address servaddr */ memset(&servaddr, 0, sizeof(servaddr)); servaddr.sin_family = AF_INET; servaddr.sin_port = htons(SERV_PORT); /* converts IPv4 addresses from text to binary form */ ret = inet_pton(AF_INET, argv[1], &servaddr.sin_addr); if (ret != 1) { printf("inet_pton error\n"); return 1; } /* set up pre shared keys */ wolfSSL_CTX_set_psk_client_callback(ctx, My_Psk_Client_Cb); /* attempts to make a connection on a socket */ ret = connect(sockfd, (struct sockaddr *) &servaddr, sizeof(servaddr)); if (ret != 0) { printf("Connection Error\n"); return 1; } /* creat wolfssl object after each tcp connct */ if ( (ssl = wolfSSL_new(ctx)) == NULL) { fprintf(stderr, "wolfSSL_new error.\n"); return 1; } /* associate the file descriptor with the session */ ret = wolfSSL_set_fd(ssl, sockfd); if (ret != SSL_SUCCESS){ return 1; } /* takes inputting string and outputs it to the server */ ret = SendReceive(ssl); if(ret != 0){ return 1; } /* cleanup */ wolfSSL_free(ssl); /* when completely done using SSL/TLS, free the * wolfssl_ctx object */ wolfSSL_CTX_free(ctx); wolfSSL_Cleanup(); /* exit client */ return ret; }
int MqttSocket_Connect(MqttClient *client, const char* host, word16 port, int timeout_ms, int use_tls, MqttTlsCb cb) { int rc; /* Validate arguments */ if (client == NULL || client->net == NULL || client->net->connect == NULL) { return MQTT_CODE_ERROR_BAD_ARG; } /* Validate port */ if (port == 0) { port = (use_tls) ? MQTT_SECURE_PORT : MQTT_DEFAULT_PORT; } /* Connect to host */ rc = client->net->connect(client->net->context, host, port, timeout_ms); if (rc != 0) { return rc; } client->flags |= MQTT_CLIENT_FLAG_IS_CONNECTED; #ifdef ENABLE_MQTT_TLS if (use_tls) { /* Setup the WolfSSL library */ wolfSSL_Init(); /* Issue callback to allow setup of the wolfSSL_CTX and cert verification settings */ rc = SSL_SUCCESS; if (cb) { rc = cb(client); } if (rc == SSL_SUCCESS) { /* Create and initialize the WOLFSSL_CTX structure */ if (client->tls.ctx == NULL) { /* Use defaults */ client->tls.ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()); if (client->tls.ctx) { wolfSSL_CTX_set_verify(client->tls.ctx, SSL_VERIFY_NONE, 0); } } if (client->tls.ctx) { /* Seutp the async IO callbacks */ wolfSSL_SetIORecv(client->tls.ctx, MqttSocket_TlsSocketReceive); wolfSSL_SetIOSend(client->tls.ctx, MqttSocket_TlsSocketSend); client->tls.ssl = wolfSSL_new(client->tls.ctx); if (client->tls.ssl) { wolfSSL_SetIOReadCtx(client->tls.ssl, (void *)client); wolfSSL_SetIOWriteCtx(client->tls.ssl, (void *)client); rc = wolfSSL_connect(client->tls.ssl); if (rc == SSL_SUCCESS) { client->flags |= MQTT_CLIENT_FLAG_IS_TLS; rc = MQTT_CODE_SUCCESS; } } else { #ifndef WOLFMQTT_NO_STDIO printf("MqttSocket_TlsConnect: wolfSSL_new error!\n"); #endif rc = -1; } } else { #ifndef WOLFMQTT_NO_STDIO printf("MqttSocket_TlsConnect: wolfSSL_CTX_new error!\n"); #endif rc = -1; } } else { #ifndef WOLFMQTT_NO_STDIO printf("MqttSocket_TlsConnect: TLS callback error!\n"); #endif rc = -1; } /* Handle error case */ if (rc) { #ifndef WOLFMQTT_NO_STDIO const char* errstr = NULL; int errnum = 0; if (client->tls.ssl) { errnum = wolfSSL_get_error(client->tls.ssl, 0); errstr = wolfSSL_ERR_reason_error_string(errnum); } printf("MqttSocket_TlsConnect Error %d: Num %d, %s\n", rc, errnum, errstr); #endif /* Make sure we cleanup on error */ MqttSocket_Disconnect(client); rc = MQTT_CODE_ERROR_TLS_CONNECT; } } #else (void)cb; #endif /* ENABLE_MQTT_TLS */ #ifdef WOLFMQTT_DEBUG_SOCKET printf("MqttSocket_Connect: Rc=%d\n", rc); #endif /* Check for error */ if (rc < 0) { rc = MQTT_CODE_ERROR_NETWORK; } return rc; }
THREAD_RETURN WOLFSSL_THREAD client_test(void* args) { SOCKET_T sockfd = 0; WOLFSSL_METHOD* method = 0; WOLFSSL_CTX* ctx = 0; WOLFSSL* ssl = 0; WOLFSSL* sslResume = 0; WOLFSSL_SESSION* session = 0; char resumeMsg[] = "resuming wolfssl!"; int resumeSz = sizeof(resumeMsg); char msg[32] = "hello wolfssl!"; /* GET may make bigger */ char reply[80]; int input; int msgSz = (int)strlen(msg); word16 port = yasslPort; char* host = (char*)yasslIP; const char* domain = "www.yassl.com"; int ch; int version = CLIENT_INVALID_VERSION; int usePsk = 0; int useAnon = 0; int sendGET = 0; int benchmark = 0; int doDTLS = 0; int matchName = 0; int doPeerCheck = 1; int nonBlocking = 0; int resumeSession = 0; int scr = 0; /* allow secure renegotiation */ int forceScr = 0; /* force client initiaed scr */ int trackMemory = 0; int useClientCert = 1; int fewerPackets = 0; int atomicUser = 0; int pkCallbacks = 0; int overrideDateErrors = 0; char* cipherList = NULL; const char* verifyCert = caCert; const char* ourCert = cliCert; const char* ourKey = cliKey; #ifdef HAVE_SNI char* sniHostName = NULL; #endif #ifdef HAVE_MAX_FRAGMENT byte maxFragment = 0; #endif #ifdef HAVE_TRUNCATED_HMAC byte truncatedHMAC = 0; #endif #ifdef HAVE_OCSP int useOcsp = 0; char* ocspUrl = NULL; #endif int argc = ((func_args*)args)->argc; char** argv = ((func_args*)args)->argv; ((func_args*)args)->return_code = -1; /* error state */ #ifdef NO_RSA verifyCert = (char*)eccCert; ourCert = (char*)cliEccCert; ourKey = (char*)cliEccKey; #endif (void)resumeSz; (void)session; (void)sslResume; (void)trackMemory; (void)atomicUser; (void)pkCallbacks; (void)scr; (void)forceScr; StackTrap(); while ((ch = mygetopt(argc, argv, "?gdDusmNrRitfxUPh:p:v:l:A:c:k:b:zS:L:ToO:a")) != -1) { switch (ch) { case '?' : Usage(); exit(EXIT_SUCCESS); case 'g' : sendGET = 1; break; case 'd' : doPeerCheck = 0; break; case 'D' : overrideDateErrors = 1; break; case 'u' : doDTLS = 1; break; case 's' : usePsk = 1; break; case 't' : #ifdef USE_WOLFSSL_MEMORY trackMemory = 1; #endif break; case 'm' : matchName = 1; break; case 'x' : useClientCert = 0; break; case 'f' : fewerPackets = 1; break; case 'U' : #ifdef ATOMIC_USER atomicUser = 1; #endif break; case 'P' : #ifdef HAVE_PK_CALLBACKS pkCallbacks = 1; #endif break; case 'h' : host = myoptarg; domain = myoptarg; break; case 'p' : port = (word16)atoi(myoptarg); #if !defined(NO_MAIN_DRIVER) || defined(USE_WINDOWS_API) if (port == 0) err_sys("port number cannot be 0"); #endif break; case 'v' : version = atoi(myoptarg); if (version < 0 || version > 3) { Usage(); exit(MY_EX_USAGE); } break; case 'l' : cipherList = myoptarg; break; case 'A' : verifyCert = myoptarg; break; case 'c' : ourCert = myoptarg; break; case 'k' : ourKey = myoptarg; break; case 'b' : benchmark = atoi(myoptarg); if (benchmark < 0 || benchmark > 1000000) { Usage(); exit(MY_EX_USAGE); } break; case 'N' : nonBlocking = 1; break; case 'r' : resumeSession = 1; break; case 'R' : #ifdef HAVE_SECURE_RENEGOTIATION scr = 1; #endif break; case 'i' : #ifdef HAVE_SECURE_RENEGOTIATION scr = 1; forceScr = 1; #endif break; case 'z' : #ifndef WOLFSSL_LEANPSK wolfSSL_GetObjectSize(); #endif break; case 'S' : #ifdef HAVE_SNI sniHostName = myoptarg; #endif break; case 'L' : #ifdef HAVE_MAX_FRAGMENT maxFragment = atoi(myoptarg); if (maxFragment < WOLFSSL_MFL_2_9 || maxFragment > WOLFSSL_MFL_2_13) { Usage(); exit(MY_EX_USAGE); } #endif break; case 'T' : #ifdef HAVE_TRUNCATED_HMAC truncatedHMAC = 1; #endif break; case 'o' : #ifdef HAVE_OCSP useOcsp = 1; #endif break; case 'O' : #ifdef HAVE_OCSP useOcsp = 1; ocspUrl = myoptarg; #endif break; case 'a' : #ifdef HAVE_ANON useAnon = 1; #endif break; default: Usage(); exit(MY_EX_USAGE); } } myoptind = 0; /* reset for test cases */ /* sort out DTLS versus TLS versions */ if (version == CLIENT_INVALID_VERSION) { if (doDTLS) version = CLIENT_DTLS_DEFAULT_VERSION; else version = CLIENT_DEFAULT_VERSION; } else { if (doDTLS) { if (version == 3) version = -2; else version = -1; } } #ifdef USE_WOLFSSL_MEMORY if (trackMemory) InitMemoryTracker(); #endif switch (version) { #ifndef NO_OLD_TLS case 0: method = wolfSSLv3_client_method(); break; #ifndef NO_TLS case 1: method = wolfTLSv1_client_method(); break; case 2: method = wolfTLSv1_1_client_method(); break; #endif /* NO_TLS */ #endif /* NO_OLD_TLS */ #ifndef NO_TLS case 3: method = wolfTLSv1_2_client_method(); break; #endif #ifdef WOLFSSL_DTLS case -1: method = wolfDTLSv1_client_method(); break; case -2: method = wolfDTLSv1_2_client_method(); break; #endif default: err_sys("Bad SSL version"); break; } if (method == NULL) err_sys("unable to get method"); ctx = wolfSSL_CTX_new(method); if (ctx == NULL) err_sys("unable to get ctx"); if (cipherList) if (wolfSSL_CTX_set_cipher_list(ctx, cipherList) != SSL_SUCCESS) err_sys("client can't set cipher list 1"); #ifdef WOLFSSL_LEANPSK usePsk = 1; #endif #if defined(NO_RSA) && !defined(HAVE_ECC) usePsk = 1; #endif if (fewerPackets) wolfSSL_CTX_set_group_messages(ctx); if (usePsk) { #ifndef NO_PSK wolfSSL_CTX_set_psk_client_callback(ctx, my_psk_client_cb); if (cipherList == NULL) { const char *defaultCipherList; #ifdef HAVE_NULL_CIPHER defaultCipherList = "PSK-NULL-SHA256"; #else defaultCipherList = "PSK-AES128-CBC-SHA256"; #endif if (wolfSSL_CTX_set_cipher_list(ctx,defaultCipherList) !=SSL_SUCCESS) err_sys("client can't set cipher list 2"); } #endif useClientCert = 0; } if (useAnon) { #ifdef HAVE_ANON if (cipherList == NULL) { wolfSSL_CTX_allow_anon_cipher(ctx); if (wolfSSL_CTX_set_cipher_list(ctx,"ADH-AES128-SHA") != SSL_SUCCESS) err_sys("client can't set cipher list 4"); } #endif useClientCert = 0; } #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); #endif #if defined(WOLFSSL_SNIFFER) && !defined(HAVE_NTRU) && !defined(HAVE_ECC) if (cipherList == NULL) { /* don't use EDH, can't sniff tmp keys */ if (wolfSSL_CTX_set_cipher_list(ctx, "AES256-SHA256") != SSL_SUCCESS) { err_sys("client can't set cipher list 3"); } } #endif #ifdef HAVE_OCSP if (useOcsp) { if (ocspUrl != NULL) { wolfSSL_CTX_SetOCSP_OverrideURL(ctx, ocspUrl); wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_NO_NONCE | WOLFSSL_OCSP_URL_OVERRIDE); } else wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_NO_NONCE); } #endif #ifdef USER_CA_CB wolfSSL_CTX_SetCACb(ctx, CaCb); #endif #ifdef VERIFY_CALLBACK wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myVerify); #endif #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) if (useClientCert){ if (wolfSSL_CTX_use_certificate_chain_file(ctx, ourCert) != SSL_SUCCESS) err_sys("can't load client cert file, check file and run from" " wolfSSL home dir"); if (wolfSSL_CTX_use_PrivateKey_file(ctx, ourKey, SSL_FILETYPE_PEM) != SSL_SUCCESS) err_sys("can't load client private key file, check file and run " "from wolfSSL home dir"); } if (!usePsk && !useAnon) { if (wolfSSL_CTX_load_verify_locations(ctx, verifyCert, 0) != SSL_SUCCESS) err_sys("can't load ca file, Please run from wolfSSL home dir"); } #endif #if !defined(NO_CERTS) if (!usePsk && !useAnon && doPeerCheck == 0) wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); if (!usePsk && !useAnon && overrideDateErrors == 1) wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myDateCb); #endif #ifdef HAVE_CAVIUM wolfSSL_CTX_UseCavium(ctx, CAVIUM_DEV_ID); #endif #ifdef HAVE_SNI if (sniHostName) if (wolfSSL_CTX_UseSNI(ctx, 0, sniHostName, XSTRLEN(sniHostName)) != SSL_SUCCESS) err_sys("UseSNI failed"); #endif #ifdef HAVE_MAX_FRAGMENT if (maxFragment) if (wolfSSL_CTX_UseMaxFragment(ctx, maxFragment) != SSL_SUCCESS) err_sys("UseMaxFragment failed"); #endif #ifdef HAVE_TRUNCATED_HMAC if (truncatedHMAC) if (wolfSSL_CTX_UseTruncatedHMAC(ctx) != SSL_SUCCESS) err_sys("UseTruncatedHMAC failed"); #endif #ifdef HAVE_SESSION_TICKET if (wolfSSL_CTX_UseSessionTicket(ctx) != SSL_SUCCESS) err_sys("UseSessionTicket failed"); #endif if (benchmark) { /* time passed in number of connects give average */ int times = benchmark; int i = 0; double start = current_time(), avg; for (i = 0; i < times; i++) { tcp_connect(&sockfd, host, port, doDTLS); ssl = wolfSSL_new(ctx); wolfSSL_set_fd(ssl, sockfd); if (wolfSSL_connect(ssl) != SSL_SUCCESS) err_sys("SSL_connect failed"); wolfSSL_shutdown(ssl); wolfSSL_free(ssl); CloseSocket(sockfd); } avg = current_time() - start; avg /= times; avg *= 1000; /* milliseconds */ printf("wolfSSL_connect avg took: %8.3f milliseconds\n", avg); wolfSSL_CTX_free(ctx); ((func_args*)args)->return_code = 0; exit(EXIT_SUCCESS); } #if defined(WOLFSSL_MDK_ARM) wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); #endif ssl = wolfSSL_new(ctx); if (ssl == NULL) err_sys("unable to get SSL object"); #ifdef HAVE_SESSION_TICKET wolfSSL_set_SessionTicket_cb(ssl, sessionTicketCB, (void*)"initial session"); #endif if (doDTLS) { SOCKADDR_IN_T addr; build_addr(&addr, host, port, 1); wolfSSL_dtls_set_peer(ssl, &addr, sizeof(addr)); tcp_socket(&sockfd, 1); } else { tcp_connect(&sockfd, host, port, 0); } #ifdef HAVE_POLY1305 /* use old poly to connect with google server */ if (!XSTRNCMP(domain, "www.google.com", 14)) { if (wolfSSL_use_old_poly(ssl, 1) != 0) err_sys("unable to set to old poly"); } #endif wolfSSL_set_fd(ssl, sockfd); #ifdef HAVE_CRL if (wolfSSL_EnableCRL(ssl, WOLFSSL_CRL_CHECKALL) != SSL_SUCCESS) err_sys("can't enable crl check"); if (wolfSSL_LoadCRL(ssl, crlPemDir, SSL_FILETYPE_PEM, 0) != SSL_SUCCESS) err_sys("can't load crl, check crlfile and date validity"); if (wolfSSL_SetCRL_Cb(ssl, CRL_CallBack) != SSL_SUCCESS) err_sys("can't set crl callback"); #endif #ifdef HAVE_SECURE_RENEGOTIATION if (scr) { if (wolfSSL_UseSecureRenegotiation(ssl) != SSL_SUCCESS) err_sys("can't enable secure renegotiation"); } #endif #ifdef ATOMIC_USER if (atomicUser) SetupAtomicUser(ctx, ssl); #endif #ifdef HAVE_PK_CALLBACKS if (pkCallbacks) SetupPkCallbacks(ctx, ssl); #endif if (matchName && doPeerCheck) wolfSSL_check_domain_name(ssl, domain); #ifndef WOLFSSL_CALLBACKS if (nonBlocking) { wolfSSL_set_using_nonblock(ssl, 1); tcp_set_nonblocking(&sockfd); NonBlockingSSL_Connect(ssl); } else if (wolfSSL_connect(ssl) != SSL_SUCCESS) { /* see note at top of README */ int err = wolfSSL_get_error(ssl, 0); char buffer[WOLFSSL_MAX_ERROR_SZ]; printf("err = %d, %s\n", err, wolfSSL_ERR_error_string(err, buffer)); err_sys("SSL_connect failed"); /* if you're getting an error here */ } #else timeout.tv_sec = 2; timeout.tv_usec = 0; NonBlockingSSL_Connect(ssl); /* will keep retrying on timeout */ #endif showPeer(ssl); #ifdef HAVE_SECURE_RENEGOTIATION if (scr && forceScr) { if (nonBlocking) { printf("not doing secure renegotiation on example with" " nonblocking yet"); } else { #ifndef NO_SESSION_CACHE if (resumeSession) { session = wolfSSL_get_session(ssl); wolfSSL_set_session(ssl, session); resumeSession = 0; /* only resume once */ } #endif if (wolfSSL_Rehandshake(ssl) != SSL_SUCCESS) { int err = wolfSSL_get_error(ssl, 0); char buffer[WOLFSSL_MAX_ERROR_SZ]; printf("err = %d, %s\n", err, wolfSSL_ERR_error_string(err, buffer)); err_sys("wolfSSL_Rehandshake failed"); } } } #endif /* HAVE_SECURE_RENEGOTIATION */ if (sendGET) { printf("SSL connect ok, sending GET...\n"); msgSz = 28; strncpy(msg, "GET /index.html HTTP/1.0\r\n\r\n", msgSz); msg[msgSz] = '\0'; } if (wolfSSL_write(ssl, msg, msgSz) != msgSz) err_sys("SSL_write failed"); input = wolfSSL_read(ssl, reply, sizeof(reply)-1); if (input > 0) { reply[input] = 0; printf("Server response: %s\n", reply); if (sendGET) { /* get html */ while (1) { input = wolfSSL_read(ssl, reply, sizeof(reply)-1); if (input > 0) { reply[input] = 0; printf("%s\n", reply); } else break; } } } else if (input < 0) { int readErr = wolfSSL_get_error(ssl, 0); if (readErr != SSL_ERROR_WANT_READ) err_sys("wolfSSL_read failed"); } #ifndef NO_SESSION_CACHE if (resumeSession) { if (doDTLS) { strncpy(msg, "break", 6); msgSz = (int)strlen(msg); /* try to send session close */ wolfSSL_write(ssl, msg, msgSz); } session = wolfSSL_get_session(ssl); sslResume = wolfSSL_new(ctx); } #endif if (doDTLS == 0) /* don't send alert after "break" command */ wolfSSL_shutdown(ssl); /* echoserver will interpret as new conn */ #ifdef ATOMIC_USER if (atomicUser) FreeAtomicUser(ssl); #endif wolfSSL_free(ssl); CloseSocket(sockfd); #ifndef NO_SESSION_CACHE if (resumeSession) { if (doDTLS) { SOCKADDR_IN_T addr; #ifdef USE_WINDOWS_API Sleep(500); #elif defined(WOLFSSL_TIRTOS) Task_sleep(1); #else sleep(1); #endif build_addr(&addr, host, port, 1); wolfSSL_dtls_set_peer(sslResume, &addr, sizeof(addr)); tcp_socket(&sockfd, 1); } else { tcp_connect(&sockfd, host, port, 0); } wolfSSL_set_fd(sslResume, sockfd); wolfSSL_set_session(sslResume, session); #ifdef HAVE_SESSION_TICKET wolfSSL_set_SessionTicket_cb(sslResume, sessionTicketCB, (void*)"resumed session"); #endif showPeer(sslResume); #ifndef WOLFSSL_CALLBACKS if (nonBlocking) { wolfSSL_set_using_nonblock(sslResume, 1); tcp_set_nonblocking(&sockfd); NonBlockingSSL_Connect(sslResume); } else if (wolfSSL_connect(sslResume) != SSL_SUCCESS) err_sys("SSL resume failed"); #else timeout.tv_sec = 2; timeout.tv_usec = 0; NonBlockingSSL_Connect(ssl); /* will keep retrying on timeout */ #endif if (wolfSSL_session_reused(sslResume)) printf("reused session id\n"); else printf("didn't reuse session id!!!\n"); if (wolfSSL_write(sslResume, resumeMsg, resumeSz) != resumeSz) err_sys("SSL_write failed"); if (nonBlocking) { /* give server a chance to bounce a message back to client */ #ifdef USE_WINDOWS_API Sleep(500); #elif defined(WOLFSSL_TIRTOS) Task_sleep(1); #else sleep(1); #endif } input = wolfSSL_read(sslResume, reply, sizeof(reply)-1); if (input > 0) { reply[input] = 0; printf("Server resume response: %s\n", reply); } /* try to send session break */ wolfSSL_write(sslResume, msg, msgSz); wolfSSL_shutdown(sslResume); wolfSSL_free(sslResume); CloseSocket(sockfd); } #endif /* NO_SESSION_CACHE */ wolfSSL_CTX_free(ctx); ((func_args*)args)->return_code = 0; #ifdef USE_WOLFSSL_MEMORY if (trackMemory) ShowMemoryTracker(); #endif /* USE_WOLFSSL_MEMORY */ #if !defined(WOLFSSL_TIRTOS) return 0; #endif }
CONCRETE_IO_HANDLE tlsio_wolfssl_create(void* io_create_parameters) { TLSIO_CONFIG* tls_io_config = io_create_parameters; TLS_IO_INSTANCE* result; if (tls_io_config == NULL) { result = NULL; } else { result = (TLS_IO_INSTANCE*)malloc(sizeof(TLS_IO_INSTANCE)); if (result != NULL) { memset(result, 0, sizeof(TLS_IO_INSTANCE)); mallocAndStrcpy_s(&result->hostname, tls_io_config->hostname); result->port = tls_io_config->port; result->socket_io_read_bytes = 0; result->socket_io_read_byte_count = 0; result->socket_io = NULL; result->ssl = NULL; result->ssl_context = NULL; result->certificate = NULL; result->on_bytes_received = NULL; result->on_bytes_received_context = NULL; result->on_io_open_complete = NULL; result->on_io_open_complete_context = NULL; result->on_io_close_complete = NULL; result->on_io_close_complete_context = NULL; result->on_io_error = NULL; result->on_io_error_context = NULL; result->tlsio_state = TLSIO_STATE_NOT_OPEN; result->ssl_context = wolfSSL_CTX_new(wolfTLSv1_client_method()); if (result->ssl_context == NULL) { free(result); result = NULL; } else { const IO_INTERFACE_DESCRIPTION* socket_io_interface = socketio_get_interface_description(); if (socket_io_interface == NULL) { wolfSSL_CTX_free(result->ssl_context); free(result); result = NULL; } else { SOCKETIO_CONFIG socketio_config; socketio_config.hostname = result->hostname; socketio_config.port = result->port; socketio_config.accepted_socket = NULL; result->socket_io = xio_create(socket_io_interface, &socketio_config); if (result->socket_io == NULL) { LogError("Failure connecting to underlying socket_io"); wolfSSL_CTX_free(result->ssl_context); free(result); result = NULL; } } } } } return result; }
int main() { /* * Creates a socket that uses an internet IP address, * Sets the type to be Stream based (TCP), * 0 means choose the default protocol. */ socklen_t sockfd = socket(AF_INET, SOCK_STREAM, 0); int ret = 0; /* Return Variable */ int loopExit = 0; /* 0 = False, 1 = True */ /* Server and Client socket address structures */ struct sockaddr_in serverAddr = {0}, clientAddr = {0}; /* Initialize the server address struct to zero */ memset((char *)&serverAddr, 0, sizeof(serverAddr)); /* Fill the server's address family */ serverAddr.sin_family = AF_INET; serverAddr.sin_addr.s_addr = INADDR_ANY; serverAddr.sin_port = htons(DEFAULT_PORT); /* initialize wolfSSL */ wolfSSL_Init(); /* If positive value, the socket is valid */ if (sockfd == -1) { printf("ERROR: failed to create the socket\n"); return EXIT_FAILURE; } /* Create and initialize WOLFSSL_CTX structure */ if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method())) == NULL) { fprintf(stderr, "wolfSSL_CTX_new error.\n"); return EXIT_FAILURE; } /* Load server certificate into WOLFSSL_CTX */ if (wolfSSL_CTX_use_certificate_file(ctx, "../certs/server-cert.pem", SSL_FILETYPE_PEM) != SSL_SUCCESS) { fprintf(stderr, "Error loading certs/server-cert.pem, please check" "the file.\n"); return EXIT_FAILURE; } /* Load server key into WOLFSSL_CTX */ if (wolfSSL_CTX_use_PrivateKey_file(ctx, "../certs/server-key.pem", SSL_FILETYPE_PEM) != SSL_SUCCESS) { fprintf(stderr, "Error loading certs/server-key.pem, please check" "the file.\n"); return EXIT_FAILURE; } /* Attach the server socket to our port */ if (bind(sockfd, (struct sockaddr *)&serverAddr, sizeof(serverAddr)) < 0) { printf("ERROR: failed to bind\n"); return EXIT_FAILURE; } printf("Waiting for a connection...\n"); /* Continuously accept connects while not currently in an active connection or told to quit */ while (loopExit == 0) { /* Listen for a new connection, allow 5 pending connections */ ret = listen(sockfd, 5); if (ret == 0) { /* Accept client connections and read from them */ loopExit = AcceptAndRead(sockfd, clientAddr); } } wolfSSL_CTX_free(ctx); /* Free WOLFSSL_CTX */ wolfSSL_Cleanup(); /* Free wolfSSL */ return EXIT_SUCCESS; }
int main (int argc, char** argv) { /* standard variables used in a dtls client*/ int sockfd = 0; int err1; int readErr; struct sockaddr_in servAddr; const char* host = argv[1]; WOLFSSL* ssl = 0; WOLFSSL_CTX* ctx = 0; WOLFSSL* sslResume = 0; WOLFSSL_SESSION* session = 0; char* srTest = "testing session resume"; char cert_array[] = "../certs/ca-cert.pem"; char buffer[80]; char* certs = cert_array; /* variables used in a dtls client for session reuse*/ int recvlen; char sendLine[MAXLINE]; char recvLine[MAXLINE - 1]; if (argc != 2) { printf("usage: udpcli <IP address>\n"); return 1; } wolfSSL_Init(); /* Un-comment the following line to enable debugging */ /* wolfSSL_Debugging_ON(); */ if ( (ctx = wolfSSL_CTX_new(wolfDTLSv1_2_client_method())) == NULL) { fprintf(stderr, "wolfSSL_CTX_new error.\n"); return 1; } if (wolfSSL_CTX_load_verify_locations(ctx, certs, 0) != SSL_SUCCESS) { fprintf(stderr, "Error loading %s, please check the file.\n", certs); return 1; } ssl = wolfSSL_new(ctx); if (ssl == NULL) { printf("unable to get ssl object"); return 1; } memset(&servAddr, 0, sizeof(servAddr)); servAddr.sin_family = AF_INET; servAddr.sin_port = htons(SERV_PORT); if ( (inet_pton(AF_INET, host, &servAddr.sin_addr)) < 1) { printf("Error and/or invalid IP address"); return 1; } wolfSSL_dtls_set_peer(ssl, &servAddr, sizeof(servAddr)); if ( (sockfd = socket(AF_INET, SOCK_DGRAM, 0)) < 0) { printf("cannot create a socket."); return 1; } wolfSSL_set_fd(ssl, sockfd); if (wolfSSL_connect(ssl) != SSL_SUCCESS) { err1 = wolfSSL_get_error(ssl, 0); memset(buffer, 0, 80); printf("err = %d, %s\n", err1, wolfSSL_ERR_error_string(err1, buffer)); printf("SSL_connect failed"); return 1; } /*****************************************************************************/ /* Code for sending datagram to server */ /* Loop while the user gives input or until an EOF is read */ while( fgets(sendLine, MAXLINE, stdin) != NULL ) { /* Attempt to send sendLine to the server */ if ( ( wolfSSL_write(ssl, sendLine, strlen(sendLine))) != strlen(sendLine) ) { printf("Error: wolfSSL_write failed.\n"); } /* Attempt to read a message from server and store it in recvLine */ recvlen = wolfSSL_read(ssl, recvLine, sizeof(recvLine) - 1); /* Error checking wolfSSL_read */ if (recvlen < 0) { readErr = wolfSSL_get_error(ssl, 0); if (readErr != SSL_ERROR_WANT_READ) { printf("Error: wolfSSL_read failed.\n"); } } recvLine[recvlen] = '\0'; fputs(recvLine, stdout); } /* */ /*****************************************************************************/ /* Keep track of the old session information */ wolfSSL_write(ssl, srTest, sizeof(srTest)); session = wolfSSL_get_session(ssl); sslResume = wolfSSL_new(ctx); /* Cleanup the memory used by the old session & ssl object */ wolfSSL_shutdown(ssl); wolfSSL_free(ssl); close(sockfd); /* Perform setup with new variables/old session information */ memset(&servAddr, 0, sizeof(servAddr)); servAddr.sin_family = AF_INET; servAddr.sin_port = htons(SERV_PORT); if ( (inet_pton(AF_INET, host, &servAddr.sin_addr)) < 1) { printf("Error and/or invalid IP address"); return 1; } wolfSSL_dtls_set_peer(sslResume, &servAddr, sizeof(servAddr)); if ( (sockfd = socket(AF_INET, SOCK_DGRAM, 0)) < 0) { printf("cannot create a socket."); return 1; } wolfSSL_set_fd(sslResume, sockfd); /* New method call - specifies to the WOLFSSL object to use the * * given WOLFSSL_SESSION object */ wolfSSL_set_session(sslResume, session); wolfSSL_set_fd(sslResume, sockfd); if (wolfSSL_connect(sslResume) != SSL_SUCCESS) { err1 = wolfSSL_get_error(sslResume, 0); memset(buffer, 0, 80); printf("err = %d, %s\n", err1, wolfSSL_ERR_error_string(err1, buffer)); printf("SSL_connect failed on session reuse\n"); return 1; } if (wolfSSL_session_reused(sslResume)) { printf("reused session id\n"); } else { printf("didn't reuse session id!!!\n"); } /*****************************************************************************/ /* Code for sending datagram to server */ /* Clear out variables for reuse */ recvlen = 0; memset(sendLine, 0, MAXLINE); memset(recvLine, 0, MAXLINE - 1); /* Loop while the user gives input or until an EOF is read */ while( fgets(sendLine, MAXLINE, stdin) != NULL ) { /* Attempt to send sendLine to the server */ if ( ( wolfSSL_write(ssl, sendLine, strlen(sendLine))) != strlen(sendLine) ) { printf("Error: wolfSSL_write failed.\n"); } /* Attempt to read a message from server and store it in recvLine */ recvlen = wolfSSL_read(ssl, recvLine, sizeof(recvLine) - 1); /* Error checking wolfSSL_read */ if (recvlen < 0) { readErr = wolfSSL_get_error(ssl, 0); if (readErr != SSL_ERROR_WANT_READ) { printf("Error: wolfSSL_read failed.\n"); } } recvLine[recvlen] = '\0'; fputs(recvLine, stdout); } /* */ /*****************************************************************************/ wolfSSL_write(sslResume, srTest, sizeof(srTest)); /* Cleanup memory used for storing the session information */ wolfSSL_shutdown(sslResume); wolfSSL_free(sslResume); close(sockfd); wolfSSL_CTX_free(ctx); wolfSSL_Cleanup(); return 0; }
static void test_wolfSSL_UseSNI_params(void) { WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); WOLFSSL *ssl = wolfSSL_new(ctx); AssertNotNull(ctx); AssertNotNull(ssl); /* invalid [ctx|ssl] */ AssertIntNE(SSL_SUCCESS, wolfSSL_CTX_UseSNI(NULL, 0, "ctx", 3)); AssertIntNE(SSL_SUCCESS, wolfSSL_UseSNI( NULL, 0, "ssl", 3)); /* invalid type */ AssertIntNE(SSL_SUCCESS, wolfSSL_CTX_UseSNI(ctx, -1, "ctx", 3)); AssertIntNE(SSL_SUCCESS, wolfSSL_UseSNI( ssl, -1, "ssl", 3)); /* invalid data */ AssertIntNE(SSL_SUCCESS, wolfSSL_CTX_UseSNI(ctx, 0, NULL, 3)); AssertIntNE(SSL_SUCCESS, wolfSSL_UseSNI( ssl, 0, NULL, 3)); /* success case */ AssertIntEQ(SSL_SUCCESS, wolfSSL_CTX_UseSNI(ctx, 0, "ctx", 3)); AssertIntEQ(SSL_SUCCESS, wolfSSL_UseSNI( ssl, 0, "ssl", 3)); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); }