static int capwap_crypt_handshake(struct capwap_dtls* dtls) { int result; ASSERT(dtls != NULL); ASSERT(dtls->enable != 0); ASSERT((dtls->action == CAPWAP_DTLS_ACTION_NONE) || (dtls->action == CAPWAP_DTLS_ACTION_HANDSHAKE)); /* */ if (dtls->dtlscontext->type == CAPWAP_DTLS_SERVER) { result = CyaSSL_accept((CYASSL*)dtls->sslsession); } else { result = CyaSSL_connect((CYASSL*)dtls->sslsession); } /* */ if (result != SSL_SUCCESS) { result = CyaSSL_get_error((CYASSL*)dtls->sslsession, 0); if ((result == SSL_ERROR_WANT_READ) || (result == SSL_ERROR_WANT_WRITE)) { /* Incomplete handshake */ dtls->action = CAPWAP_DTLS_ACTION_HANDSHAKE; return CAPWAP_HANDSHAKE_CONTINUE; } /* Handshake error */ dtls->action = CAPWAP_DTLS_ACTION_ERROR; return CAPWAP_HANDSHAKE_ERROR; } /* Handshake complete */ dtls->action = CAPWAP_DTLS_ACTION_DATA; return CAPWAP_HANDSHAKE_COMPLETE; }
/* * Pulled in from examples/server/server.c * Function to handle nonblocking. Loops until tcp_select notifies that it's * ready for action. */ int NonBlockingSSL(CYASSL* ssl) { int ret; int error; int select_ret; int sockfd = CyaSSL_get_fd(ssl); ret = CyaSSL_accept(ssl); error = CyaSSL_get_error(ssl, 0); while (ret != SSL_SUCCESS && (error == SSL_ERROR_WANT_READ || error == SSL_ERROR_WANT_WRITE)) { int currTimeout = 1; /* print out for user notification */ if (error == SSL_ERROR_WANT_READ) printf("... server would read block\n"); else printf("... server would write block\n"); select_ret = tcp_select(sockfd, currTimeout); /* if tcp_select signals ready try to accept otherwise continue loop*/ if ((select_ret == TEST_RECV_READY) || (select_ret == TEST_ERROR_READY)) { ret = CyaSSL_accept(ssl); error = CyaSSL_get_error(ssl, 0); } else if (select_ret == TEST_TIMEOUT) { error = SSL_ERROR_WANT_READ; } else { error = SSL_FATAL_ERROR; } } /* faliure to accept */ if (ret != SSL_SUCCESS) { printf("Fatal error : SSL_accept failed\n"); ret = SSL_FATAL_ERROR; } return ret; }
/* * Handles response to client. */ int respond(struct epoll_event povent, int epollfd) { int n; /* length of string read */ char buf[MAXLINE]; /* string read from client */ struct client_ssl* info = povent.data.ptr; int sockfd = info->fd; CyaSSL_accept(info->ssl); CyaSSL_get_error(info->ssl, 0); memset(buf, 0, MAXLINE); n = CyaSSL_read(info->ssl, buf, MAXLINE); if (n > 0) { printf("%s\n", buf); if (CyaSSL_write(info->ssl, buf, strlen(buf)) != strlen(buf)) { printf("write error"); } } if (n < 0) { if (errno != EAGAIN) { printf("respond: read error\n"); numCon--; CyaSSL_shutdown(info->ssl); CyaSSL_free(info->ssl); free(info); epoll_ctl(epollfd, EPOLL_CTL_DEL, sockfd, &povent); printf("disconected client that had error\n"); return 1; } return 0; } if (n == 0) { numCon--; CyaSSL_shutdown(info->ssl); CyaSSL_free(info->ssl); free(info); epoll_ctl(epollfd, EPOLL_CTL_DEL, sockfd, &povent); printf("a client has disconected\n"); } return 0; }
static THREAD_RETURN CYASSL_THREAD run_cyassl_server(void* args) { callback_functions* callbacks = ((func_args*)args)->callbacks; CYASSL_CTX* ctx = CyaSSL_CTX_new(callbacks->method()); CYASSL* ssl = NULL; SOCKET_T sfd = 0; SOCKET_T cfd = 0; word16 port = yasslPort; char msg[] = "I hear you fa shizzle!"; int len = (int) XSTRLEN(msg); char input[1024]; int idx; #ifdef CYASSL_TIRTOS fdOpenSession(Task_self()); #endif ((func_args*)args)->return_code = TEST_FAIL; #if defined(NO_MAIN_DRIVER) && !defined(USE_WINDOWS_API) && \ !defined(CYASSL_SNIFFER) && !defined(CYASSL_MDK_SHELL) && \ !defined(CYASSL_TIRTOS) port = 0; #endif CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0); #ifdef OPENSSL_EXTRA CyaSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); #endif AssertIntEQ(SSL_SUCCESS, CyaSSL_CTX_load_verify_locations(ctx, cliCert, 0)); AssertIntEQ(SSL_SUCCESS, CyaSSL_CTX_use_certificate_file(ctx, svrCert, SSL_FILETYPE_PEM)); AssertIntEQ(SSL_SUCCESS, CyaSSL_CTX_use_PrivateKey_file(ctx, svrKey, SSL_FILETYPE_PEM)); if (callbacks->ctx_ready) callbacks->ctx_ready(ctx); ssl = CyaSSL_new(ctx); tcp_accept(&sfd, &cfd, (func_args*)args, port, 0, 0); CloseSocket(sfd); CyaSSL_set_fd(ssl, cfd); #ifdef NO_PSK #if !defined(NO_FILESYSTEM) && !defined(NO_DH) CyaSSL_SetTmpDH_file(ssl, dhParam, SSL_FILETYPE_PEM); #elif !defined(NO_DH) SetDH(ssl); /* will repick suites with DHE, higher priority than PSK */ #endif #endif if (callbacks->ssl_ready) callbacks->ssl_ready(ssl); /* AssertIntEQ(SSL_SUCCESS, CyaSSL_accept(ssl)); */ if (CyaSSL_accept(ssl) != SSL_SUCCESS) { int err = CyaSSL_get_error(ssl, 0); char buffer[CYASSL_MAX_ERROR_SZ]; printf("error = %d, %s\n", err, CyaSSL_ERR_error_string(err, buffer)); } else { if (0 < (idx = CyaSSL_read(ssl, input, sizeof(input)-1))) { input[idx] = 0; printf("Client message: %s\n", input); } AssertIntEQ(len, CyaSSL_write(ssl, msg, len)); #ifdef CYASSL_TIRTOS Task_yield(); #endif CyaSSL_shutdown(ssl); } if (callbacks->on_result) callbacks->on_result(ssl); CyaSSL_free(ssl); CyaSSL_CTX_free(ctx); CloseSocket(cfd); ((func_args*)args)->return_code = TEST_SUCCESS; #ifdef CYASSL_TIRTOS fdCloseSession(Task_self()); #endif #if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \ && defined(HAVE_THREAD_LS) ecc_fp_free(); /* free per thread cache */ #endif #ifndef CYASSL_TIRTOS return 0; #endif }
static THREAD_RETURN CYASSL_THREAD test_server_nofail(void* args) { SOCKET_T sockfd = 0; SOCKET_T clientfd = 0; word16 port = yasslPort; CYASSL_METHOD* method = 0; CYASSL_CTX* ctx = 0; CYASSL* ssl = 0; char msg[] = "I hear you fa shizzle!"; char input[1024]; int idx; #ifdef CYASSL_TIRTOS fdOpenSession(Task_self()); #endif ((func_args*)args)->return_code = TEST_FAIL; method = CyaSSLv23_server_method(); ctx = CyaSSL_CTX_new(method); #if defined(NO_MAIN_DRIVER) && !defined(USE_WINDOWS_API) && \ !defined(CYASSL_SNIFFER) && !defined(CYASSL_MDK_SHELL) && \ !defined(CYASSL_TIRTOS) port = 0; #endif CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0); #ifdef OPENSSL_EXTRA CyaSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); #endif if (CyaSSL_CTX_load_verify_locations(ctx, cliCert, 0) != SSL_SUCCESS) { /*err_sys("can't load ca file, Please run from CyaSSL home dir");*/ goto done; } if (CyaSSL_CTX_use_certificate_file(ctx, svrCert, SSL_FILETYPE_PEM) != SSL_SUCCESS) { /*err_sys("can't load server cert chain file, " "Please run from CyaSSL home dir");*/ goto done; } if (CyaSSL_CTX_use_PrivateKey_file(ctx, svrKey, SSL_FILETYPE_PEM) != SSL_SUCCESS) { /*err_sys("can't load server key file, " "Please run from CyaSSL home dir");*/ goto done; } ssl = CyaSSL_new(ctx); tcp_accept(&sockfd, &clientfd, (func_args*)args, port, 0, 0); CloseSocket(sockfd); CyaSSL_set_fd(ssl, clientfd); #ifdef NO_PSK #if !defined(NO_FILESYSTEM) && !defined(NO_DH) CyaSSL_SetTmpDH_file(ssl, dhParam, SSL_FILETYPE_PEM); #elif !defined(NO_DH) SetDH(ssl); /* will repick suites with DHE, higher priority than PSK */ #endif #endif if (CyaSSL_accept(ssl) != SSL_SUCCESS) { int err = CyaSSL_get_error(ssl, 0); char buffer[CYASSL_MAX_ERROR_SZ]; printf("error = %d, %s\n", err, CyaSSL_ERR_error_string(err, buffer)); /*err_sys("SSL_accept failed");*/ goto done; } idx = CyaSSL_read(ssl, input, sizeof(input)-1); if (idx > 0) { input[idx] = 0; printf("Client message: %s\n", input); } if (CyaSSL_write(ssl, msg, sizeof(msg)) != sizeof(msg)) { /*err_sys("SSL_write failed");*/ #ifdef CYASSL_TIRTOS return; #else return 0; #endif } #ifdef CYASSL_TIRTOS Task_yield(); #endif done: CyaSSL_shutdown(ssl); CyaSSL_free(ssl); CyaSSL_CTX_free(ctx); CloseSocket(clientfd); ((func_args*)args)->return_code = TEST_SUCCESS; #ifdef CYASSL_TIRTOS fdCloseSession(Task_self()); #endif #if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \ && defined(HAVE_THREAD_LS) ecc_fp_free(); /* free per thread cache */ #endif #ifndef CYASSL_TIRTOS return 0; #endif }
THREAD_RETURN CYASSL_THREAD echoserver_test(void* args) { SOCKET_T sockfd = 0; CYASSL_METHOD* method = 0; CYASSL_CTX* ctx = 0; int ret = 0; int doDTLS = 0; int doPSK = 0; int outCreated = 0; int shutDown = 0; int useAnyAddr = 0; word16 port; int argc = ((func_args*)args)->argc; char** argv = ((func_args*)args)->argv; #ifdef ECHO_OUT FILE* fout = stdout; if (argc >= 2) { fout = fopen(argv[1], "w"); outCreated = 1; } if (!fout) err_sys("can't open output file"); #endif (void)outCreated; (void)argc; (void)argv; ((func_args*)args)->return_code = -1; /* error state */ #ifdef CYASSL_DTLS doDTLS = 1; #endif #ifdef CYASSL_LEANPSK doPSK = 1; #endif #if defined(NO_RSA) && !defined(HAVE_ECC) doPSK = 1; #endif #if defined(NO_MAIN_DRIVER) && !defined(CYASSL_SNIFFER) && \ !defined(WOLFSSL_MDK_SHELL) && !defined(CYASSL_TIRTOS) && \ !defined(USE_WINDOWS_API) /* Let tcp_listen assign port */ port = 0; #else /* Use default port */ port = wolfSSLPort; #endif #if defined(USE_ANY_ADDR) useAnyAddr = 1; #endif #ifdef CYASSL_TIRTOS fdOpenSession(Task_self()); #endif tcp_listen(&sockfd, &port, useAnyAddr, doDTLS, 0); #if defined(CYASSL_DTLS) method = CyaDTLSv1_2_server_method(); #elif !defined(NO_TLS) method = CyaSSLv23_server_method(); #elif defined(WOLFSSL_ALLOW_SSLV3) method = CyaSSLv3_server_method(); #else #error "no valid server method built in" #endif ctx = CyaSSL_CTX_new(method); /* CyaSSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF); */ #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) CyaSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); #endif #if defined(HAVE_SESSION_TICKET) && defined(HAVE_CHACHA) && \ defined(HAVE_POLY1305) if (TicketInit() != 0) err_sys("unable to setup Session Ticket Key context"); wolfSSL_CTX_set_TicketEncCb(ctx, myTicketEncCb); #endif #ifndef NO_FILESYSTEM if (doPSK == 0) { #if defined(HAVE_NTRU) && defined(WOLFSSL_STATIC_RSA) /* ntru */ if (CyaSSL_CTX_use_certificate_file(ctx, ntruCertFile, SSL_FILETYPE_PEM) != SSL_SUCCESS) err_sys("can't load ntru cert file, " "Please run from wolfSSL home dir"); if (CyaSSL_CTX_use_NTRUPrivateKey_file(ctx, ntruKeyFile) != SSL_SUCCESS) err_sys("can't load ntru key file, " "Please run from wolfSSL home dir"); #elif defined(HAVE_ECC) && !defined(CYASSL_SNIFFER) /* ecc */ if (CyaSSL_CTX_use_certificate_file(ctx, eccCertFile, SSL_FILETYPE_PEM) != SSL_SUCCESS) err_sys("can't load server cert file, " "Please run from wolfSSL home dir"); if (CyaSSL_CTX_use_PrivateKey_file(ctx, eccKeyFile, SSL_FILETYPE_PEM) != SSL_SUCCESS) err_sys("can't load server key file, " "Please run from wolfSSL home dir"); #elif defined(NO_CERTS) /* do nothing, just don't load cert files */ #else /* normal */ if (CyaSSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM) != SSL_SUCCESS) err_sys("can't load server cert file, " "Please run from wolfSSL home dir"); if (CyaSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM) != SSL_SUCCESS) err_sys("can't load server key file, " "Please run from wolfSSL home dir"); #endif } /* doPSK */ #elif !defined(NO_CERTS) if (!doPSK) { load_buffer(ctx, svrCertFile, WOLFSSL_CERT); load_buffer(ctx, svrKeyFile, WOLFSSL_KEY); } #endif #if defined(CYASSL_SNIFFER) /* don't use EDH, can't sniff tmp keys */ CyaSSL_CTX_set_cipher_list(ctx, "AES256-SHA"); #endif if (doPSK) { #ifndef NO_PSK const char *defaultCipherList; CyaSSL_CTX_set_psk_server_callback(ctx, my_psk_server_cb); CyaSSL_CTX_use_psk_identity_hint(ctx, "cyassl server"); #ifdef HAVE_NULL_CIPHER defaultCipherList = "PSK-NULL-SHA256"; #elif defined(HAVE_AESGCM) && !defined(NO_DH) defaultCipherList = "DHE-PSK-AES128-GCM-SHA256"; #else defaultCipherList = "PSK-AES128-CBC-SHA256"; #endif if (CyaSSL_CTX_set_cipher_list(ctx, defaultCipherList) != SSL_SUCCESS) err_sys("server can't set cipher list 2"); #endif } #ifdef WOLFSSL_ASYNC_CRYPT ret = wolfAsync_DevOpen(&devId); if (ret != 0) { err_sys("Async device open failed"); } wolfSSL_CTX_UseAsync(ctx, devId); #endif /* WOLFSSL_ASYNC_CRYPT */ SignalReady(args, port); while (!shutDown) { CYASSL* ssl = NULL; CYASSL* write_ssl = NULL; /* may have separate w/ HAVE_WRITE_DUP */ char command[SVR_COMMAND_SIZE+1]; int echoSz = 0; int clientfd; int firstRead = 1; int gotFirstG = 0; int err = 0; SOCKADDR_IN_T client; socklen_t client_len = sizeof(client); #ifndef CYASSL_DTLS clientfd = accept(sockfd, (struct sockaddr*)&client, (ACCEPT_THIRD_T)&client_len); #else clientfd = sockfd; { /* For DTLS, peek at the next datagram so we can get the client's * address and set it into the ssl object later to generate the * cookie. */ int n; byte b[1500]; n = (int)recvfrom(clientfd, (char*)b, sizeof(b), MSG_PEEK, (struct sockaddr*)&client, &client_len); if (n <= 0) err_sys("recvfrom failed"); } #endif if (WOLFSSL_SOCKET_IS_INVALID(clientfd)) err_sys("tcp accept failed"); ssl = CyaSSL_new(ctx); if (ssl == NULL) err_sys("SSL_new failed"); CyaSSL_set_fd(ssl, clientfd); #ifdef CYASSL_DTLS wolfSSL_dtls_set_peer(ssl, &client, client_len); #endif #if !defined(NO_FILESYSTEM) && !defined(NO_DH) && !defined(NO_ASN) CyaSSL_SetTmpDH_file(ssl, dhParamFile, SSL_FILETYPE_PEM); #elif !defined(NO_DH) SetDH(ssl); /* will repick suites with DHE, higher than PSK */ #endif do { #ifdef WOLFSSL_ASYNC_CRYPT if (err == WC_PENDING_E) { ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); if (ret < 0) { break; } else if (ret == 0) { continue; } } #endif err = 0; /* Reset error */ ret = CyaSSL_accept(ssl); if (ret != SSL_SUCCESS) { err = CyaSSL_get_error(ssl, 0); } } while (ret != SSL_SUCCESS && err == WC_PENDING_E); if (ret != SSL_SUCCESS) { char buffer[CYASSL_MAX_ERROR_SZ]; err = CyaSSL_get_error(ssl, 0); printf("error = %d, %s\n", err, CyaSSL_ERR_error_string(err, buffer)); printf("SSL_accept failed\n"); CyaSSL_free(ssl); CloseSocket(clientfd); continue; } #if defined(PEER_INFO) showPeer(ssl); #endif #ifdef HAVE_WRITE_DUP write_ssl = wolfSSL_write_dup(ssl); if (write_ssl == NULL) { printf("wolfSSL_write_dup failed\n"); CyaSSL_free(ssl); CloseSocket(clientfd); continue; } #else write_ssl = ssl; #endif while ( (echoSz = CyaSSL_read(ssl, command, sizeof(command)-1)) > 0) { if (firstRead == 1) { firstRead = 0; /* browser may send 1 byte 'G' to start */ if (echoSz == 1 && command[0] == 'G') { gotFirstG = 1; continue; } } else if (gotFirstG == 1 && strncmp(command, "ET /", 4) == 0) { strncpy(command, "GET", 4); /* fall through to normal GET */ } if ( strncmp(command, "quit", 4) == 0) { printf("client sent quit command: shutting down!\n"); shutDown = 1; break; } if ( strncmp(command, "break", 5) == 0) { printf("client sent break command: closing session!\n"); break; } #ifdef PRINT_SESSION_STATS if ( strncmp(command, "printstats", 10) == 0) { CyaSSL_PrintSessionStats(); break; } #endif if ( strncmp(command, "GET", 3) == 0) { char type[] = "HTTP/1.0 200 ok\r\nContent-type:" " text/html\r\n\r\n"; char header[] = "<html><body BGCOLOR=\"#ffffff\">\n<pre>\n"; char body[] = "greetings from wolfSSL\n"; char footer[] = "</body></html>\r\n\r\n"; strncpy(command, type, sizeof(type)); echoSz = sizeof(type) - 1; strncpy(&command[echoSz], header, sizeof(header)); echoSz += (int)sizeof(header) - 1; strncpy(&command[echoSz], body, sizeof(body)); echoSz += (int)sizeof(body) - 1; strncpy(&command[echoSz], footer, sizeof(footer)); echoSz += (int)sizeof(footer); if (CyaSSL_write(write_ssl, command, echoSz) != echoSz) err_sys("SSL_write failed"); break; } command[echoSz] = 0; #ifdef ECHO_OUT fputs(command, fout); #endif if (CyaSSL_write(write_ssl, command, echoSz) != echoSz) err_sys("SSL_write failed"); } #ifndef CYASSL_DTLS CyaSSL_shutdown(ssl); #endif #ifdef HAVE_WRITE_DUP CyaSSL_free(write_ssl); #endif CyaSSL_free(ssl); CloseSocket(clientfd); #ifdef CYASSL_DTLS tcp_listen(&sockfd, &port, useAnyAddr, doDTLS, 0); SignalReady(args, port); #endif } CloseSocket(sockfd); CyaSSL_CTX_free(ctx); #ifdef ECHO_OUT if (outCreated) fclose(fout); #endif ((func_args*)args)->return_code = 0; #if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \ && defined(HAVE_THREAD_LS) ecc_fp_free(); /* free per thread cache */ #endif #ifdef CYASSL_TIRTOS fdCloseSession(Task_self()); #endif #if defined(HAVE_SESSION_TICKET) && defined(HAVE_CHACHA) && \ defined(HAVE_POLY1305) TicketCleanup(); #endif #ifdef WOLFSSL_ASYNC_CRYPT wolfAsync_DevClose(&devId); #endif #ifndef CYASSL_TIRTOS return 0; #endif }
THREAD_RETURN CYASSL_THREAD echoserver_test(void* args) { SOCKET_T sockfd = 0; CYASSL_METHOD* method = 0; CYASSL_CTX* ctx = 0; int doDTLS = 0; int doPSK = 0; int outCreated = 0; int shutDown = 0; int useAnyAddr = 0; word16 port = yasslPort; int argc = ((func_args*)args)->argc; char** argv = ((func_args*)args)->argv; #ifdef ECHO_OUT FILE* fout = stdout; if (argc >= 2) { fout = fopen(argv[1], "w"); outCreated = 1; } if (!fout) err_sys("can't open output file"); #endif (void)outCreated; (void)argc; (void)argv; ((func_args*)args)->return_code = -1; /* error state */ #ifdef CYASSL_DTLS doDTLS = 1; #endif #ifdef CYASSL_LEANPSK doPSK = 1; #endif #if defined(NO_RSA) && !defined(HAVE_ECC) doPSK = 1; #endif #if defined(NO_MAIN_DRIVER) && !defined(USE_WINDOWS_API) && \ !defined(CYASSL_SNIFFER) && !defined(CYASSL_MDK_ARM) port = 0; #endif #if defined(USE_ANY_ADDR) useAnyAddr = 1; #endif tcp_listen(&sockfd, &port, useAnyAddr, doDTLS); #if defined(CYASSL_DTLS) method = CyaDTLSv1_server_method(); #elif !defined(NO_TLS) method = CyaSSLv23_server_method(); #else method = CyaSSLv3_server_method(); #endif ctx = CyaSSL_CTX_new(method); /* CyaSSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF); */ #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) CyaSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); #endif #ifndef NO_FILESYSTEM if (doPSK == 0) { #ifdef HAVE_NTRU /* ntru */ if (CyaSSL_CTX_use_certificate_file(ctx, ntruCert, SSL_FILETYPE_PEM) != SSL_SUCCESS) err_sys("can't load ntru cert file, " "Please run from CyaSSL home dir"); if (CyaSSL_CTX_use_NTRUPrivateKey_file(ctx, ntruKey) != SSL_SUCCESS) err_sys("can't load ntru key file, " "Please run from CyaSSL home dir"); #elif defined(HAVE_ECC) /* ecc */ if (CyaSSL_CTX_use_certificate_file(ctx, eccCert, SSL_FILETYPE_PEM) != SSL_SUCCESS) err_sys("can't load server cert file, " "Please run from CyaSSL home dir"); if (CyaSSL_CTX_use_PrivateKey_file(ctx, eccKey, SSL_FILETYPE_PEM) != SSL_SUCCESS) err_sys("can't load server key file, " "Please run from CyaSSL home dir"); #elif defined(NO_CERTS) /* do nothing, just don't load cert files */ #else /* normal */ if (CyaSSL_CTX_use_certificate_file(ctx, svrCert, SSL_FILETYPE_PEM) != SSL_SUCCESS) err_sys("can't load server cert file, " "Please run from CyaSSL home dir"); if (CyaSSL_CTX_use_PrivateKey_file(ctx, svrKey, SSL_FILETYPE_PEM) != SSL_SUCCESS) err_sys("can't load server key file, " "Please run from CyaSSL home dir"); #endif } /* doPSK */ #elif !defined(NO_CERTS) if (!doPSK) { load_buffer(ctx, svrCert, CYASSL_CERT); load_buffer(ctx, svrKey, CYASSL_KEY); } #endif #if defined(CYASSL_SNIFFER) && !defined(HAVE_NTRU) && !defined(HAVE_ECC) /* don't use EDH, can't sniff tmp keys */ CyaSSL_CTX_set_cipher_list(ctx, "AES256-SHA"); #endif if (doPSK) { #ifndef NO_PSK const char *defaultCipherList; CyaSSL_CTX_set_psk_server_callback(ctx, my_psk_server_cb); CyaSSL_CTX_use_psk_identity_hint(ctx, "cyassl server"); #ifdef HAVE_NULL_CIPHER defaultCipherList = "PSK-NULL-SHA256"; #else defaultCipherList = "PSK-AES128-CBC-SHA256"; #endif if (CyaSSL_CTX_set_cipher_list(ctx, defaultCipherList) != SSL_SUCCESS) err_sys("server can't set cipher list 2"); #endif } SignalReady(args, port); while (!shutDown) { CYASSL* ssl = 0; char command[SVR_COMMAND_SIZE+1]; int echoSz = 0; int clientfd; int firstRead = 1; int gotFirstG = 0; #ifndef CYASSL_DTLS SOCKADDR_IN_T client; socklen_t client_len = sizeof(client); clientfd = accept(sockfd, (struct sockaddr*)&client, (ACCEPT_THIRD_T)&client_len); #else clientfd = udp_read_connect(sockfd); #endif if (clientfd == -1) err_sys("tcp accept failed"); ssl = CyaSSL_new(ctx); if (ssl == NULL) err_sys("SSL_new failed"); CyaSSL_set_fd(ssl, clientfd); #if !defined(NO_FILESYSTEM) && !defined(NO_DH) CyaSSL_SetTmpDH_file(ssl, dhParam, SSL_FILETYPE_PEM); #elif !defined(NO_DH) SetDH(ssl); /* will repick suites with DHE, higher than PSK */ #endif if (CyaSSL_accept(ssl) != SSL_SUCCESS) { printf("SSL_accept failed\n"); CyaSSL_free(ssl); CloseSocket(clientfd); continue; } #if defined(PEER_INFO) showPeer(ssl); #endif while ( (echoSz = CyaSSL_read(ssl, command, sizeof(command)-1)) > 0) { if (firstRead == 1) { firstRead = 0; /* browser may send 1 byte 'G' to start */ if (echoSz == 1 && command[0] == 'G') { gotFirstG = 1; continue; } } else if (gotFirstG == 1 && strncmp(command, "ET /", 4) == 0) { strncpy(command, "GET", 4); /* fall through to normal GET */ } if ( strncmp(command, "quit", 4) == 0) { printf("client sent quit command: shutting down!\n"); shutDown = 1; break; } if ( strncmp(command, "break", 5) == 0) { printf("client sent break command: closing session!\n"); break; } #ifdef SESSION_STATS if ( strncmp(command, "printstats", 10) == 0) { PrintSessionStats(); break; } #endif if ( strncmp(command, "GET", 3) == 0) { char type[] = "HTTP/1.0 200 ok\r\nContent-type:" " text/html\r\n\r\n"; char header[] = "<html><body BGCOLOR=\"#ffffff\">\n<pre>\n"; char body[] = "greetings from CyaSSL\n"; char footer[] = "</body></html>\r\n\r\n"; strncpy(command, type, sizeof(type)); echoSz = sizeof(type) - 1; strncpy(&command[echoSz], header, sizeof(header)); echoSz += (int)sizeof(header) - 1; strncpy(&command[echoSz], body, sizeof(body)); echoSz += (int)sizeof(body) - 1; strncpy(&command[echoSz], footer, sizeof(footer)); echoSz += (int)sizeof(footer); if (CyaSSL_write(ssl, command, echoSz) != echoSz) err_sys("SSL_write failed"); break; } command[echoSz] = 0; #ifdef ECHO_OUT fputs(command, fout); #endif if (CyaSSL_write(ssl, command, echoSz) != echoSz) err_sys("SSL_write failed"); } #ifndef CYASSL_DTLS CyaSSL_shutdown(ssl); #endif CyaSSL_free(ssl); CloseSocket(clientfd); #ifdef CYASSL_DTLS tcp_listen(&sockfd, &port, useAnyAddr, doDTLS); SignalReady(args, port); #endif } CloseSocket(sockfd); CyaSSL_CTX_free(ctx); #ifdef ECHO_OUT if (outCreated) fclose(fout); #endif ((func_args*)args)->return_code = 0; return 0; }
void* ThreadControl(void* openSock) { pthread_detach(pthread_self()); threadArgs* args = (threadArgs*)openSock; int recvLen = 0; /* length of message */ int activefd = args->activefd; /* the active descriptor */ int msgLen = args->size; /* the size of message */ unsigned char buff[msgLen]; /* the incoming message */ char ack[] = "I hear you fashizzle!\n"; CYASSL* ssl; memcpy(buff, args->b, msgLen); /* Create the CYASSL Object */ if ((ssl = CyaSSL_new(ctx)) == NULL) { printf("CyaSSL_new error.\n"); cleanup = 1; return NULL; } /* set the session ssl to client connection port */ CyaSSL_set_fd(ssl, activefd); if (CyaSSL_accept(ssl) != SSL_SUCCESS) { int e = CyaSSL_get_error(ssl, 0); printf("error = %d, %s\n", e, CyaSSL_ERR_reason_error_string(e)); printf("SSL_accept failed.\n"); return NULL; } if ((recvLen = CyaSSL_read(ssl, buff, msgLen-1)) > 0) { printf("heard %d bytes\n", recvLen); buff[recvLen] = 0; printf("I heard this: \"%s\"\n", buff); } else if (recvLen < 0) { int readErr = CyaSSL_get_error(ssl, 0); if(readErr != SSL_ERROR_WANT_READ) { printf("SSL_read failed.\n"); cleanup = 1; return NULL; } } if (CyaSSL_write(ssl, ack, sizeof(ack)) < 0) { printf("CyaSSL_write fail.\n"); cleanup = 1; return NULL; } else { printf("Sending reply.\n"); } printf("reply sent \"%s\"\n", ack); CyaSSL_shutdown(ssl); CyaSSL_free(ssl); close(activefd); free(openSock); /* valgrind friendly free */ printf("Client left return to idle state\n"); printf("Exiting thread.\n\n"); pthread_exit(openSock); }
THREAD_RETURN CYASSL_THREAD test_server_nofail(void* args) { SOCKET_T sockfd = 0; int clientfd = 0; CYASSL_METHOD* method = 0; CYASSL_CTX* ctx = 0; CYASSL* ssl = 0; char msg[] = "I hear you fa shizzle!"; char input[1024]; int idx; ((func_args*)args)->return_code = TEST_FAIL; method = CyaSSLv23_server_method(); ctx = CyaSSL_CTX_new(method); CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0); #ifdef OPENSSL_EXTRA CyaSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); #endif if (CyaSSL_CTX_load_verify_locations(ctx, cliCert, 0) != SSL_SUCCESS) { /*err_sys("can't load ca file, Please run from CyaSSL home dir");*/ goto done; } if (CyaSSL_CTX_use_certificate_file(ctx, svrCert, SSL_FILETYPE_PEM) != SSL_SUCCESS) { /*err_sys("can't load server cert chain file, " "Please run from CyaSSL home dir");*/ goto done; } if (CyaSSL_CTX_use_PrivateKey_file(ctx, svrKey, SSL_FILETYPE_PEM) != SSL_SUCCESS) { /*err_sys("can't load server key file, " "Please run from CyaSSL home dir");*/ goto done; } ssl = CyaSSL_new(ctx); tcp_accept(&sockfd, &clientfd, (func_args*)args, yasslPort, 0, 0); CloseSocket(sockfd); CyaSSL_set_fd(ssl, clientfd); #ifdef NO_PSK #if !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) CyaSSL_SetTmpDH_file(ssl, dhParam, SSL_FILETYPE_PEM); #else SetDH(ssl); /* will repick suites with DHE, higher priority than PSK */ #endif #endif if (CyaSSL_accept(ssl) != SSL_SUCCESS) { int err = CyaSSL_get_error(ssl, 0); char buffer[80]; printf("error = %d, %s\n", err, CyaSSL_ERR_error_string(err, buffer)); /*err_sys("SSL_accept failed");*/ goto done; } idx = CyaSSL_read(ssl, input, sizeof(input)-1); if (idx > 0) { input[idx] = 0; printf("Client message: %s\n", input); } if (CyaSSL_write(ssl, msg, sizeof(msg)) != sizeof(msg)) { /*err_sys("SSL_write failed");*/ return 0; } done: CyaSSL_shutdown(ssl); CyaSSL_free(ssl); CyaSSL_CTX_free(ctx); CloseSocket(clientfd); ((func_args*)args)->return_code = TEST_SUCCESS; return 0; }
/* Checks if NonBlocking I/O is wanted, if it is wanted it will * wait until it's available on the socket before reading or writing */ int NonBlocking_ReadWriteAccept(CYASSL* ssl, socklen_t socketfd, enum read_write_t rw) { const char reply[] = "I hear ya fa shizzle!\n"; char buff[256]; int rwret = 0; int selectRet; int ret; /* Clear the buffer memory for anything possibly left over */ memset(&buff, 0, sizeof(buff)); if (rw == READ) rwret = CyaSSL_read(ssl, buff, sizeof(buff)-1); else if (rw == WRITE) rwret = CyaSSL_write(ssl, reply, sizeof(reply)-1); else if (rw == ACCEPT) rwret = CyaSSL_accept(ssl); if (rwret == 0) { printf("The client has closed the connection!\n"); return 0; } else if (rwret != SSL_SUCCESS) { int error = CyaSSL_get_error(ssl, 0); /* while I/O is not ready, keep waiting */ while ((error == SSL_ERROR_WANT_READ || error == SSL_ERROR_WANT_WRITE)) { if (error == SSL_ERROR_WANT_READ) printf("... server would read block\n"); else printf("... server would write block\n"); selectRet = TCPSelect(socketfd); if ((selectRet == 1) || (selectRet == 2)) { if (rw == READ) rwret = CyaSSL_read(ssl, buff, sizeof(buff)-1); else if (rw == WRITE) rwret = CyaSSL_write(ssl, reply, sizeof(reply)-1); else if (rw == ACCEPT) rwret = CyaSSL_accept(ssl); error = CyaSSL_get_error(ssl, 0); } else { error = SSL_FATAL_ERROR; return -1; } } /* Print any data the client sends to the console */ if (rw == READ) printf("Client: %s\n", buff); /* Reply back to the client */ else if (rw == WRITE) { if ((ret = CyaSSL_write(ssl, reply, sizeof(reply)-1)) < 0) { printf("CyaSSL_write error = %d\n", CyaSSL_get_error(ssl, ret)); } } } return 1; }