static void test_client_wolfSSL_new(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA)
WOLFSSL_CTX *ctx;
WOLFSSL_CTX *ctx_nocert;
WOLFSSL *ssl;
AssertNotNull(ctx_nocert = wolfSSL_CTX_new(wolfSSLv23_client_method()));
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
AssertTrue(wolfSSL_CTX_load_verify_locations(ctx, caCert, 0));
/* invalid context */
AssertNull(ssl = wolfSSL_new(NULL));
/* success */
AssertNotNull(ssl = wolfSSL_new(ctx_nocert));
wolfSSL_free(ssl);
/* success */
AssertNotNull(ssl = wolfSSL_new(ctx));
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
wolfSSL_CTX_free(ctx_nocert);
#endif
}
static void test_server_wolfSSL_new(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA)
WOLFSSL_CTX *ctx;
WOLFSSL_CTX *ctx_nocert;
WOLFSSL *ssl;
AssertNotNull(ctx_nocert = wolfSSL_CTX_new(wolfSSLv23_server_method()));
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCert, SSL_FILETYPE_PEM));
AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKey, SSL_FILETYPE_PEM));
/* invalid context */
AssertNull(ssl = wolfSSL_new(NULL));
AssertNull(ssl = wolfSSL_new(ctx_nocert));
/* success */
AssertNotNull(ssl = wolfSSL_new(ctx));
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
wolfSSL_CTX_free(ctx_nocert);
#endif
}
bool NET_PRES_EncProviderStreamClientInit0(NET_PRES_TransportObject * transObject)
{
const uint8_t * caCertsPtr;
int32_t caCertsLen;
if (!NET_PRES_CertStoreGetCACerts(&caCertsPtr, &caCertsLen, 0))
{
return false;
}
if (_net_pres_wolfsslUsers == 0)
{
wolfSSL_Init();
_net_pres_wolfsslUsers++;
}
net_pres_wolfSSLInfoStreamClient0.transObject = transObject;
net_pres_wolfSSLInfoStreamClient0.context = wolfSSL_CTX_new(wolfSSLv23_client_method());
if (net_pres_wolfSSLInfoStreamClient0.context == 0)
{
return false;
}
wolfSSL_SetIORecv(net_pres_wolfSSLInfoStreamClient0.context, (CallbackIORecv)&NET_PRES_EncGlue_StreamClientReceiveCb0);
wolfSSL_SetIOSend(net_pres_wolfSSLInfoStreamClient0.context, (CallbackIOSend)&NET_PRES_EncGlue_StreamClientSendCb0);
// Turn off verification, because SNTP is usually blocked by a firewall
wolfSSL_CTX_set_verify(net_pres_wolfSSLInfoStreamClient0.context, SSL_VERIFY_NONE, 0);
if (wolfSSL_CTX_load_verify_buffer(net_pres_wolfSSLInfoStreamClient0.context, caCertsPtr, caCertsLen, SSL_FILETYPE_ASN1) != SSL_SUCCESS)
{
// Couldn't load the certificates
wolfSSL_CTX_free(net_pres_wolfSSLInfoStreamClient0.context);
return false;
}
if(wolfSSL_CTX_use_PrivateKey_buffer(net_pres_wolfSSLInfoStreamClient0.context, (unsigned char *)appData.clientKey, strlen((char *)appData.clientKey), SSL_FILETYPE_PEM) != SSL_SUCCESS)
{
// Couldn't load the private key
wolfSSL_CTX_free(net_pres_wolfSSLInfoStreamClient0.context);
return false;
}
// Loading the client cert so that the server can authenticate us (client authentication))
if(wolfSSL_CTX_use_certificate_buffer(net_pres_wolfSSLInfoStreamClient0.context, (unsigned char *)appData.clientCert, strlen((char *)appData.clientCert), SSL_FILETYPE_PEM) != SSL_SUCCESS)
{
// Couldn't load the client certificate
wolfSSL_CTX_free(net_pres_wolfSSLInfoStreamClient0.context);
return false;
}
// Turn off verification, because SNTP is usually blocked by a firewall
wolfSSL_CTX_set_verify(net_pres_wolfSSLInfoStreamClient0.context, SSL_VERIFY_NONE, 0);
net_pres_wolfSSLInfoStreamClient0.isInited = true;
return true;
}
void mod_wolftls_destroy(void *arg)
{
_mod_wolftls_t *mod = (_mod_wolftls_t *)arg;
wolfSSL_CTX_free(mod->ctx);
free(mod);
}
int MqttSocket_Disconnect(MqttClient *client)
{
int rc = MQTT_CODE_SUCCESS;
if (client) {
#ifdef ENABLE_MQTT_TLS
if (client->tls.ssl) wolfSSL_free(client->tls.ssl);
if (client->tls.ctx) wolfSSL_CTX_free(client->tls.ctx);
wolfSSL_Cleanup();
client->flags &= ~MQTT_CLIENT_FLAG_IS_TLS;
#endif
/* Make sure socket is closed */
if (client->net && client->net->disconnect) {
rc = client->net->disconnect(client->net->context);
}
client->flags &= ~MQTT_CLIENT_FLAG_IS_CONNECTED;
}
#ifdef WOLFMQTT_DEBUG_SOCKET
printf("MqttSocket_Disconnect: Rc=%d\n", rc);
#endif
/* Check for error */
if (rc < 0) {
rc = MQTT_CODE_ERROR_NETWORK;
}
return rc;
}
/* Cleanup the wolfSSL context and wolfSSL library.
*
* ctx The wolfSSL context object.
*/
static void WolfSSLCtx_Final(WOLFSSL_CTX* ctx)
{
wolfSSL_CTX_free(ctx);
#ifdef WOLFSSL_ASYNC_CRYPT
wolfAsync_DevClose(&devId);
#endif
}
/* Free the WOLFSSL object and context. */
static void wolfssl_free(WOLFSSL_CTX* ctx, WOLFSSL* ssl)
{
if (ssl != NULL)
wolfSSL_free(ssl);
if (ctx != NULL)
wolfSSL_CTX_free(ctx);
}
bool NET_PRES_EncProviderStreamClientInit0(NET_PRES_TransportObject * transObject)
{
const uint8_t * caCertsPtr;
int32_t caCertsLen;
if (!NET_PRES_CertStoreGetCACerts(&caCertsPtr, &caCertsLen, 0))
{
return false;
}
if (_net_pres_wolfsslUsers == 0)
{
wolfSSL_Init();
_net_pres_wolfsslUsers++;
}
net_pres_wolfSSLInfoStreamClient0.transObject = transObject;
net_pres_wolfSSLInfoStreamClient0.context = wolfSSL_CTX_new(wolfSSLv23_client_method());
if (net_pres_wolfSSLInfoStreamClient0.context == 0)
{
return false;
}
wolfSSL_SetIORecv(net_pres_wolfSSLInfoStreamClient0.context, (CallbackIORecv)&NET_PRES_EncGlue_StreamClientReceiveCb0);
wolfSSL_SetIOSend(net_pres_wolfSSLInfoStreamClient0.context, (CallbackIOSend)&NET_PRES_EncGlue_StreamClientSendCb0);
if (wolfSSL_CTX_load_verify_buffer(net_pres_wolfSSLInfoStreamClient0.context, caCertsPtr, caCertsLen, SSL_FILETYPE_ASN1) != SSL_SUCCESS)
{
// Couldn't load the certificates
//SYS_CONSOLE_MESSAGE("Something went wrong loading the certificates\r\n");
wolfSSL_CTX_free(net_pres_wolfSSLInfoStreamClient0.context);
return false;
}
// Turn off verification, because SNTP is usually blocked by a firewall
wolfSSL_CTX_set_verify(net_pres_wolfSSLInfoStreamClient0.context, SSL_VERIFY_NONE, 0);
net_pres_wolfSSLInfoStreamClient0.isInited = true;
return true;
}
static void test_wolfSSL_CTX_load_verify_locations(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
WOLFSSL_CTX *ctx;
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
/* invalid context */
AssertFalse(wolfSSL_CTX_load_verify_locations(NULL, caCert, 0));
/* invalid ca file */
AssertFalse(wolfSSL_CTX_load_verify_locations(ctx, NULL, 0));
AssertFalse(wolfSSL_CTX_load_verify_locations(ctx, bogusFile, 0));
#ifndef WOLFSSL_TIRTOS
/* invalid path */
/* not working... investigate! */
/* AssertFalse(wolfSSL_CTX_load_verify_locations(ctx, caCert, bogusFile)); */
#endif
/* success */
AssertTrue(wolfSSL_CTX_load_verify_locations(ctx, caCert, 0));
wolfSSL_CTX_free(ctx);
#endif
}
static void* client_thread(void* args)
{
/* set up client */
WOLFSSL_CTX* cli_ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());
if (cli_ctx == NULL) err_sys("bad client ctx new");
int ret = wolfSSL_CTX_load_verify_locations(cli_ctx, cacert, NULL);
if (ret != SSL_SUCCESS) err_sys("bad ca load");
wolfSSL_SetIOSend(cli_ctx, ClientSend);
wolfSSL_SetIORecv(cli_ctx, ClientRecv);
WOLFSSL* cli_ssl = wolfSSL_new(cli_ctx);
if (cli_ctx == NULL) err_sys("bad client new");
ret = wolfSSL_connect(cli_ssl);
if (ret != SSL_SUCCESS) err_sys("bad client tls connect");
printf("wolfSSL client success!\n");
ret = wolfSSL_write(cli_ssl, "hello memory wolfSSL!", 21);
/* clean up */
wolfSSL_free(cli_ssl);
wolfSSL_CTX_free(cli_ctx);
return NULL;
}
static void test_wolfSSL_UseSupportedCurve(void)
{
#ifdef HAVE_SUPPORTED_CURVES
WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
WOLFSSL *ssl = wolfSSL_new(ctx);
AssertNotNull(ctx);
AssertNotNull(ssl);
#ifndef NO_WOLFSSL_CLIENT
/* error cases */
AssertIntNE(SSL_SUCCESS,
wolfSSL_CTX_UseSupportedCurve(NULL, WOLFSSL_ECC_SECP256R1));
AssertIntNE(SSL_SUCCESS, wolfSSL_CTX_UseSupportedCurve(ctx, 0));
AssertIntNE(SSL_SUCCESS,
wolfSSL_UseSupportedCurve(NULL, WOLFSSL_ECC_SECP256R1));
AssertIntNE(SSL_SUCCESS, wolfSSL_UseSupportedCurve(ssl, 0));
/* success case */
AssertIntEQ(SSL_SUCCESS,
wolfSSL_CTX_UseSupportedCurve(ctx, WOLFSSL_ECC_SECP256R1));
AssertIntEQ(SSL_SUCCESS,
wolfSSL_UseSupportedCurve(ssl, WOLFSSL_ECC_SECP256R1));
#endif
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
#endif
}
static void test_wolfSSL_CTX_use_PrivateKey_file(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
WOLFSSL_CTX *ctx;
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
/* invalid context */
AssertFalse(wolfSSL_CTX_use_PrivateKey_file(NULL, svrKey,
SSL_FILETYPE_PEM));
/* invalid key file */
AssertFalse(wolfSSL_CTX_use_PrivateKey_file(ctx, bogusFile,
SSL_FILETYPE_PEM));
/* invalid key type */
AssertFalse(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKey, 9999));
/* success */
#ifdef NO_RSA
/* rsa needed */
AssertFalse(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKey, SSL_FILETYPE_PEM));
#else
/* success */
AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKey, SSL_FILETYPE_PEM));
#endif
wolfSSL_CTX_free(ctx);
#endif
}
static void test_wolfSSL_UseMaxFragment(void)
{
#ifdef HAVE_MAX_FRAGMENT
WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
WOLFSSL *ssl = wolfSSL_new(ctx);
AssertNotNull(ctx);
AssertNotNull(ssl);
/* error cases */
AssertIntNE(SSL_SUCCESS, wolfSSL_CTX_UseMaxFragment(NULL, WOLFSSL_MFL_2_9));
AssertIntNE(SSL_SUCCESS, wolfSSL_UseMaxFragment( NULL, WOLFSSL_MFL_2_9));
AssertIntNE(SSL_SUCCESS, wolfSSL_CTX_UseMaxFragment(ctx, 0));
AssertIntNE(SSL_SUCCESS, wolfSSL_CTX_UseMaxFragment(ctx, 6));
AssertIntNE(SSL_SUCCESS, wolfSSL_UseMaxFragment(ssl, 0));
AssertIntNE(SSL_SUCCESS, wolfSSL_UseMaxFragment(ssl, 6));
/* success case */
AssertIntEQ(SSL_SUCCESS, wolfSSL_CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_9));
AssertIntEQ(SSL_SUCCESS, wolfSSL_CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_10));
AssertIntEQ(SSL_SUCCESS, wolfSSL_CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_11));
AssertIntEQ(SSL_SUCCESS, wolfSSL_CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_12));
AssertIntEQ(SSL_SUCCESS, wolfSSL_CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_13));
AssertIntEQ(SSL_SUCCESS, wolfSSL_UseMaxFragment( ssl, WOLFSSL_MFL_2_9));
AssertIntEQ(SSL_SUCCESS, wolfSSL_UseMaxFragment( ssl, WOLFSSL_MFL_2_10));
AssertIntEQ(SSL_SUCCESS, wolfSSL_UseMaxFragment( ssl, WOLFSSL_MFL_2_11));
AssertIntEQ(SSL_SUCCESS, wolfSSL_UseMaxFragment( ssl, WOLFSSL_MFL_2_12));
AssertIntEQ(SSL_SUCCESS, wolfSSL_UseMaxFragment( ssl, WOLFSSL_MFL_2_13));
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
#endif
}
/*
* ======== exitApp ========
* Cleans up the SSL context and exits the application
*/
void exitApp(WOLFSSL_CTX* ctx) {
if (ctx != NULL) {
wolfSSL_CTX_free(ctx);
wolfSSL_Cleanup();
}
BIOS_exit(-1);
}
/* Cleanup the wolfSSL context and wolfSSL library.
*
* ctx The wolfSSL context object.
*/
static void WolfSSLCtx_Final(ThreadData* threadData)
{
wolfSSL_CTX_free(threadData->ctx);
threadData->ctx = NULL;
#ifdef WOLFSSL_ASYNC_CRYPT
wolfAsync_DevClose(&threadData->devId);
#endif
}
WolfSSLConnection::~WolfSSLConnection()
{
if (sslContext != NULL)
{
wolfSSL_CTX_free(sslContext);
sslContext = NULL;
}
wolfSSL_Cleanup();
}
bool NET_PRES_EncProviderStreamClientDeinit0()
{
wolfSSL_CTX_free(net_pres_wolfSSLInfoStreamClient0.context);
net_pres_wolfSSLInfoStreamClient0.isInited = false;
_net_pres_wolfsslUsers--;
if (_net_pres_wolfsslUsers == 0)
{
wolfSSL_Cleanup();
}
return true;
}
static void test_wolfSSL_CTX_new(WOLFSSL_METHOD *method)
{
WOLFSSL_CTX *ctx;
AssertNull(ctx = wolfSSL_CTX_new(NULL));
AssertNotNull(method);
AssertNotNull(ctx = wolfSSL_CTX_new(method));
wolfSSL_CTX_free(ctx);
}
/* Create a new wolfSSL client with a server CA certificate. */
static int wolfssl_client_new(WOLFSSL_CTX** ctx, WOLFSSL** ssl)
{
int ret = 0;
WOLFSSL_CTX* client_ctx = NULL;
WOLFSSL* client_ssl = NULL;
/* Create and initialize WOLFSSL_CTX */
if ((client_ctx = wolfSSL_CTX_new_ex(wolfTLSv1_2_client_method(),
HEAP_HINT_CLIENT)) == NULL) {
printf("ERROR: failed to create WOLFSSL_CTX\n");
ret = -1;
}
if (ret == 0) {
/* Load CA certificates into WOLFSSL_CTX */
if (wolfSSL_CTX_load_verify_buffer(client_ctx, CA_CERTS, CA_CERTS_LEN,
WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) {
printf("ERROR: failed to load CA certificate\n");
ret = -1;
}
}
if (ret == 0) {
/* Register callbacks */
wolfSSL_SetIORecv(client_ctx, recv_client);
wolfSSL_SetIOSend(client_ctx, send_client);
}
if (ret == 0) {
/* Create a WOLFSSL object */
if ((client_ssl = wolfSSL_new(client_ctx)) == NULL) {
printf("ERROR: failed to create WOLFSSL object\n");
ret = -1;
}
}
if (ret == 0) {
/* make wolfSSL object nonblocking */
wolfSSL_set_using_nonblock(client_ssl, 1);
}
if (ret == 0) {
*ctx = client_ctx;
*ssl = client_ssl;
}
else {
if (client_ssl != NULL)
wolfSSL_free(client_ssl);
if (client_ctx != NULL)
wolfSSL_CTX_free(client_ctx);
}
return ret;
}
void *mod_wolftls_create(http_server_t *server, char *unused, mod_tls_t *modconfig)
{
int ret;
_mod_wolftls_t *mod;
if (!modconfig)
return NULL;
mod = calloc(1, sizeof(*mod));
wolfSSL_Init();
mod->method = wolfTLSv1_2_server_method();
if ( (mod->ctx = wolfSSL_CTX_new(mod->method)) == NULL)
goto wolfftls_out_ctx;
if (modconfig->crtfile)
{
ret = wolfSSL_CTX_use_certificate_file(mod->ctx, modconfig->crtfile, SSL_FILETYPE_PEM);
if (ret != WOLFSSL_SUCCESS)
{
err("wolftls: CTX_use_certificate_file %d %d\n", ret, WOLFSSL_SUCCESS);
goto wolfftls_out_certfile;
}
}
if (modconfig->pemfile)
{
ret = wolfSSL_CTX_use_PrivateKey_file(mod->ctx, modconfig->pemfile, SSL_FILETYPE_PEM);
if (ret != WOLFSSL_SUCCESS)
{
err("wolftls: CTX_use_PrivateKey_file pem %d\n", ret);
goto wolfftls_out_certfile;
}
}
if (modconfig->cachain)
{
ret = wolfSSL_CTX_use_certificate_chain_file(mod->ctx, modconfig->cachain);
if (ret != WOLFSSL_SUCCESS)
{
err("wolftls: CTX_use_certificate_chain_file cachain %d\n", ret);
goto wolfftls_out_certfile;
}
}
httpserver_addmod(server, _mod_wolftls_getctx, _mod_wolftls_freectx, mod, str_wolftls);
return mod;
wolfftls_out_certfile:
wolfSSL_CTX_free(mod->ctx);
wolfftls_out_ctx:
free(mod);
return NULL;
}
int Client(const char* ip, word16 port)
{
int n;
char msg[] = "hello wolfssl";
char reply[MAXSZ];
int msgSz = strlen(msg);
SOCKET_T fd;
WOLFSSL_CTX* ctx;
WOLFSSL* ssl;
if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL)
err_sys("Error in setting client ctx\n");
if (wolfSSL_CTX_load_verify_locations(ctx, caCert, 0) != SSL_SUCCESS)
err_sys("trouble loading client cert");
if (wolfSSL_CTX_use_certificate_file(ctx, cliCert, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("trouble loading client cert");
if (wolfSSL_CTX_use_PrivateKey_file(ctx, cliKey, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("trouble loading client cert");
/*sets the IO callback methods*/
wolfSSL_SetIORecv(ctx, CbIORecv);
wolfSSL_SetIOSend(ctx, CbIOSend);
if ((ssl = wolfSSL_new(ctx)) == NULL)
err_sys("issue when creating ssl");
tcp_connect(&fd, ip, port, 0);
wolfSSL_set_fd(ssl, fd);
if (wolfSSL_connect(ssl) != SSL_SUCCESS)
err_sys("client connect failed");
if (wolfSSL_write(ssl, msg, msgSz) != msgSz)
err_sys("client write failed");
memset(reply, 0, MAXSZ);
if ((n = wolfSSL_read(ssl, reply, MAXSZ - 1)) > 0) {
reply[n] = '\0';
}
else {
printf("client read returned %d\n", n);
return -1;
}
printf("Server sent : %s\n", reply);
wolfSSL_shutdown(ssl);
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
return 0;
}
int SuiteTest(void)
{
func_args args;
char argv0[2][80];
char* myArgv[2];
printf(" Begin Cipher Suite Tests\n");
/* setup */
myArgv[0] = argv0[0];
myArgv[1] = argv0[1];
args.argv = myArgv;
strcpy(argv0[0], "SuiteTest");
(void)test_harness;
cipherSuiteCtx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());
if (cipherSuiteCtx == NULL) {
printf("can't get cipher suite ctx\n");
exit(EXIT_FAILURE);
}
/* default case */
args.argc = 1;
printf("starting default cipher suite tests\n");
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
exit(EXIT_FAILURE);
}
/* any extra cases will need another argument */
args.argc = 2;
#ifdef WOLFSSL_DTLS
/* add dtls extra suites */
strcpy(argv0[1], "tests/test-dtls.conf");
printf("starting dtls extra cipher suite tests\n");
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
exit(EXIT_FAILURE);
}
#endif
printf(" End Cipher Suite Tests\n");
wolfSSL_CTX_free(cipherSuiteCtx);
wolfSSL_Cleanup();
return args.return_code;
}
static int create_wolfssl_instance(TLS_IO_INSTANCE* tls_io_instance)
{
int result;
if (add_certificate_to_store(tls_io_instance) != 0)
{
wolfSSL_CTX_free(tls_io_instance->ssl_context);
result = __LINE__;
}
else
{
tls_io_instance->ssl = wolfSSL_new(tls_io_instance->ssl_context);
if (tls_io_instance->ssl == NULL)
{
wolfSSL_CTX_free(tls_io_instance->ssl_context);
result = __LINE__;
}
else
{
tls_io_instance->socket_io_read_bytes = NULL;
tls_io_instance->socket_io_read_byte_count = 0;
tls_io_instance->on_send_complete = NULL;
tls_io_instance->on_send_complete_callback_context = NULL;
wolfSSL_set_using_nonblock(tls_io_instance->ssl, 1);
wolfSSL_SetIOSend(tls_io_instance->ssl_context, on_io_send);
wolfSSL_SetIORecv(tls_io_instance->ssl_context, on_io_recv);
wolfSSL_SetHsDoneCb(tls_io_instance->ssl, on_handshake_done, tls_io_instance);
wolfSSL_SetIOWriteCtx(tls_io_instance->ssl, tls_io_instance);
wolfSSL_SetIOReadCtx(tls_io_instance->ssl, tls_io_instance);
tls_io_instance->tlsio_state = TLSIO_STATE_NOT_OPEN;
result = 0;
}
}
return result;
}
int main()
{
int sockfd;
WOLFSSL_CTX* ctx;
WOLFSSL* ssl;
WOLFSSL_METHOD* method;
struct sockaddr_in servAddr;
const char message[] = "Hello, World!";
/* create and set up socket */
sockfd = socket(AF_INET, SOCK_STREAM, 0);
memset(&servAddr, 0, sizeof(servAddr));
servAddr.sin_family = AF_INET;
servAddr.sin_port = htons(SERV_PORT);
/* connect to socket */
connect(sockfd, (struct sockaddr *) &servAddr, sizeof(servAddr));
/* initialize wolfssl library */
wolfSSL_Init();
method = wolfTLSv1_2_client_method(); /* use TLS v1.2 */
/* make new ssl context */
if ( (ctx = wolfSSL_CTX_new(method)) == NULL) {
err_sys("wolfSSL_CTX_new error");
}
/* make new wolfSSL struct */
if ( (ssl = wolfSSL_new(ctx)) == NULL) {
err_sys("wolfSSL_new error");
}
/* Add cert to ctx */
if (wolfSSL_CTX_load_verify_locations(ctx, "certs/ca-cert.pem", 0) !=
SSL_SUCCESS) {
err_sys("Error loading certs/ca-cert.pem");
}
/* Connect wolfssl to the socket, server, then send message */
wolfSSL_set_fd(ssl, sockfd);
wolfSSL_connect(ssl);
wolfSSL_write(ssl, message, strlen(message));
/* frees all data before client termination */
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
wolfSSL_Cleanup();
}
bool WolfSSLConnection::close(bool shutdown)
{
bool result;
if (!isConnected)
{
result = true;
}
else
{
isConnected = false;
wolfSSL_CTX_free(sslContext);
result = Socket::close(shutdown) == 0;
}
return result;
}
void tlsio_wolfssl_destroy(CONCRETE_IO_HANDLE tls_io)
{
if (tls_io != NULL)
{
TLS_IO_INSTANCE* tls_io_instance = (TLS_IO_INSTANCE*)tls_io;
if (tls_io_instance->socket_io_read_bytes != NULL)
{
free(tls_io_instance->socket_io_read_bytes);
}
if (tls_io_instance->certificate != NULL)
{
free(tls_io_instance->certificate);
tls_io_instance->certificate = NULL;
}
wolfSSL_CTX_free(tls_io_instance->ssl_context);
xio_destroy(tls_io_instance->socket_io);
free(tls_io);
}
}
static void test_wolfSSL_UseTruncatedHMAC(void)
{
#ifdef HAVE_TRUNCATED_HMAC
WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
WOLFSSL *ssl = wolfSSL_new(ctx);
AssertNotNull(ctx);
AssertNotNull(ssl);
/* error cases */
AssertIntNE(SSL_SUCCESS, wolfSSL_CTX_UseTruncatedHMAC(NULL));
AssertIntNE(SSL_SUCCESS, wolfSSL_UseTruncatedHMAC(NULL));
/* success case */
AssertIntEQ(SSL_SUCCESS, wolfSSL_CTX_UseTruncatedHMAC(ctx));
AssertIntEQ(SSL_SUCCESS, wolfSSL_UseTruncatedHMAC(ssl));
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
#endif
}
/*
* applies TLS 1.2 security layer to data being sent.
*/
int Security(int sock)
{
WOLFSSL_CTX* ctx;
WOLFSSL* ssl; /* create WOLFSSL object */
int ret = 0;
wolfSSL_Init(); /* initialize wolfSSL */
/* create and initiLize WOLFSSL_CTX structure */
if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL) {
printf("SSL_CTX_new error.\n");
return EXIT_FAILURE;
}
/* set callback for action when CA's are added */
wolfSSL_CTX_SetCACb(ctx, CaCb);
/* load CA certificates into wolfSSL_CTX. which will verify the server */
if (wolfSSL_CTX_load_verify_locations(ctx, cert, 0) != SSL_SUCCESS) {
printf("Error loading %s. Please check the file.\n", cert);
return EXIT_FAILURE;
}
if ((ssl = wolfSSL_new(ctx)) == NULL) {
printf("wolfSSL_new error.\n");
return EXIT_FAILURE;
}
wolfSSL_set_fd(ssl, sock);
ret = wolfSSL_connect(ssl);
if (ret == SSL_SUCCESS) {
ret = ClientGreet(sock, ssl);
}
/* frees all data before client termination */
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
wolfSSL_Cleanup();
return ret;
}
int main()
{
/* set up server */
WOLFSSL_CTX* srv_ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method());
if (srv_ctx == NULL) err_sys("bad server ctx new");
int ret = wolfSSL_CTX_use_PrivateKey_file(srv_ctx, key, SSL_FILETYPE_PEM);
if (ret != SSL_SUCCESS) err_sys("bad server key file load");
ret = wolfSSL_CTX_use_certificate_file(srv_ctx, cert, SSL_FILETYPE_PEM);
if (ret != SSL_SUCCESS) err_sys("bad server cert file load");
wolfSSL_SetIOSend(srv_ctx, ServerSend);
wolfSSL_SetIORecv(srv_ctx, ServerRecv);
WOLFSSL* srv_ssl = wolfSSL_new(srv_ctx);
if (srv_ctx == NULL) err_sys("bad server new");
/* start client thread */
pthread_t tid;
pthread_create(&tid, 0, client_thread, NULL);
/* accept tls connection without tcp sockets */
ret = wolfSSL_accept(srv_ssl);
if (ret != SSL_SUCCESS) err_sys("bad server tls accept");
printf("wolfSSL accept success!\n");
/* read msg post handshake from client */
unsigned char buf[80];
memset(buf, 0, sizeof(buf));
ret = wolfSSL_read(srv_ssl, buf, sizeof(buf)-1);
printf("client msg = %s\n", buf);
/* clean up */
wolfSSL_free(srv_ssl);
wolfSSL_CTX_free(srv_ctx);
return 0;
}
static void test_wolfSSL_UseSNI_params(void)
{
WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
WOLFSSL *ssl = wolfSSL_new(ctx);
AssertNotNull(ctx);
AssertNotNull(ssl);
/* invalid [ctx|ssl] */
AssertIntNE(SSL_SUCCESS, wolfSSL_CTX_UseSNI(NULL, 0, "ctx", 3));
AssertIntNE(SSL_SUCCESS, wolfSSL_UseSNI( NULL, 0, "ssl", 3));
/* invalid type */
AssertIntNE(SSL_SUCCESS, wolfSSL_CTX_UseSNI(ctx, -1, "ctx", 3));
AssertIntNE(SSL_SUCCESS, wolfSSL_UseSNI( ssl, -1, "ssl", 3));
/* invalid data */
AssertIntNE(SSL_SUCCESS, wolfSSL_CTX_UseSNI(ctx, 0, NULL, 3));
AssertIntNE(SSL_SUCCESS, wolfSSL_UseSNI( ssl, 0, NULL, 3));
/* success case */
AssertIntEQ(SSL_SUCCESS, wolfSSL_CTX_UseSNI(ctx, 0, "ctx", 3));
AssertIntEQ(SSL_SUCCESS, wolfSSL_UseSNI( ssl, 0, "ssl", 3));
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
}
