static void test_client_wolfSSL_new(void) { #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) WOLFSSL_CTX *ctx; WOLFSSL_CTX *ctx_nocert; WOLFSSL *ssl; AssertNotNull(ctx_nocert = wolfSSL_CTX_new(wolfSSLv23_client_method())); AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); AssertTrue(wolfSSL_CTX_load_verify_locations(ctx, caCert, 0)); /* invalid context */ AssertNull(ssl = wolfSSL_new(NULL)); /* success */ AssertNotNull(ssl = wolfSSL_new(ctx_nocert)); wolfSSL_free(ssl); /* success */ AssertNotNull(ssl = wolfSSL_new(ctx)); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); wolfSSL_CTX_free(ctx_nocert); #endif }
static void test_server_wolfSSL_new(void) { #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) WOLFSSL_CTX *ctx; WOLFSSL_CTX *ctx_nocert; WOLFSSL *ssl; AssertNotNull(ctx_nocert = wolfSSL_CTX_new(wolfSSLv23_server_method())); AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCert, SSL_FILETYPE_PEM)); AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKey, SSL_FILETYPE_PEM)); /* invalid context */ AssertNull(ssl = wolfSSL_new(NULL)); AssertNull(ssl = wolfSSL_new(ctx_nocert)); /* success */ AssertNotNull(ssl = wolfSSL_new(ctx)); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); wolfSSL_CTX_free(ctx_nocert); #endif }
bool NET_PRES_EncProviderStreamClientInit0(NET_PRES_TransportObject * transObject) { const uint8_t * caCertsPtr; int32_t caCertsLen; if (!NET_PRES_CertStoreGetCACerts(&caCertsPtr, &caCertsLen, 0)) { return false; } if (_net_pres_wolfsslUsers == 0) { wolfSSL_Init(); _net_pres_wolfsslUsers++; } net_pres_wolfSSLInfoStreamClient0.transObject = transObject; net_pres_wolfSSLInfoStreamClient0.context = wolfSSL_CTX_new(wolfSSLv23_client_method()); if (net_pres_wolfSSLInfoStreamClient0.context == 0) { return false; } wolfSSL_SetIORecv(net_pres_wolfSSLInfoStreamClient0.context, (CallbackIORecv)&NET_PRES_EncGlue_StreamClientReceiveCb0); wolfSSL_SetIOSend(net_pres_wolfSSLInfoStreamClient0.context, (CallbackIOSend)&NET_PRES_EncGlue_StreamClientSendCb0); // Turn off verification, because SNTP is usually blocked by a firewall wolfSSL_CTX_set_verify(net_pres_wolfSSLInfoStreamClient0.context, SSL_VERIFY_NONE, 0); if (wolfSSL_CTX_load_verify_buffer(net_pres_wolfSSLInfoStreamClient0.context, caCertsPtr, caCertsLen, SSL_FILETYPE_ASN1) != SSL_SUCCESS) { // Couldn't load the certificates wolfSSL_CTX_free(net_pres_wolfSSLInfoStreamClient0.context); return false; } if(wolfSSL_CTX_use_PrivateKey_buffer(net_pres_wolfSSLInfoStreamClient0.context, (unsigned char *)appData.clientKey, strlen((char *)appData.clientKey), SSL_FILETYPE_PEM) != SSL_SUCCESS) { // Couldn't load the private key wolfSSL_CTX_free(net_pres_wolfSSLInfoStreamClient0.context); return false; } // Loading the client cert so that the server can authenticate us (client authentication)) if(wolfSSL_CTX_use_certificate_buffer(net_pres_wolfSSLInfoStreamClient0.context, (unsigned char *)appData.clientCert, strlen((char *)appData.clientCert), SSL_FILETYPE_PEM) != SSL_SUCCESS) { // Couldn't load the client certificate wolfSSL_CTX_free(net_pres_wolfSSLInfoStreamClient0.context); return false; } // Turn off verification, because SNTP is usually blocked by a firewall wolfSSL_CTX_set_verify(net_pres_wolfSSLInfoStreamClient0.context, SSL_VERIFY_NONE, 0); net_pres_wolfSSLInfoStreamClient0.isInited = true; return true; }
void mod_wolftls_destroy(void *arg) { _mod_wolftls_t *mod = (_mod_wolftls_t *)arg; wolfSSL_CTX_free(mod->ctx); free(mod); }
int MqttSocket_Disconnect(MqttClient *client) { int rc = MQTT_CODE_SUCCESS; if (client) { #ifdef ENABLE_MQTT_TLS if (client->tls.ssl) wolfSSL_free(client->tls.ssl); if (client->tls.ctx) wolfSSL_CTX_free(client->tls.ctx); wolfSSL_Cleanup(); client->flags &= ~MQTT_CLIENT_FLAG_IS_TLS; #endif /* Make sure socket is closed */ if (client->net && client->net->disconnect) { rc = client->net->disconnect(client->net->context); } client->flags &= ~MQTT_CLIENT_FLAG_IS_CONNECTED; } #ifdef WOLFMQTT_DEBUG_SOCKET printf("MqttSocket_Disconnect: Rc=%d\n", rc); #endif /* Check for error */ if (rc < 0) { rc = MQTT_CODE_ERROR_NETWORK; } return rc; }
/* Cleanup the wolfSSL context and wolfSSL library. * * ctx The wolfSSL context object. */ static void WolfSSLCtx_Final(WOLFSSL_CTX* ctx) { wolfSSL_CTX_free(ctx); #ifdef WOLFSSL_ASYNC_CRYPT wolfAsync_DevClose(&devId); #endif }
/* Free the WOLFSSL object and context. */ static void wolfssl_free(WOLFSSL_CTX* ctx, WOLFSSL* ssl) { if (ssl != NULL) wolfSSL_free(ssl); if (ctx != NULL) wolfSSL_CTX_free(ctx); }
bool NET_PRES_EncProviderStreamClientInit0(NET_PRES_TransportObject * transObject) { const uint8_t * caCertsPtr; int32_t caCertsLen; if (!NET_PRES_CertStoreGetCACerts(&caCertsPtr, &caCertsLen, 0)) { return false; } if (_net_pres_wolfsslUsers == 0) { wolfSSL_Init(); _net_pres_wolfsslUsers++; } net_pres_wolfSSLInfoStreamClient0.transObject = transObject; net_pres_wolfSSLInfoStreamClient0.context = wolfSSL_CTX_new(wolfSSLv23_client_method()); if (net_pres_wolfSSLInfoStreamClient0.context == 0) { return false; } wolfSSL_SetIORecv(net_pres_wolfSSLInfoStreamClient0.context, (CallbackIORecv)&NET_PRES_EncGlue_StreamClientReceiveCb0); wolfSSL_SetIOSend(net_pres_wolfSSLInfoStreamClient0.context, (CallbackIOSend)&NET_PRES_EncGlue_StreamClientSendCb0); if (wolfSSL_CTX_load_verify_buffer(net_pres_wolfSSLInfoStreamClient0.context, caCertsPtr, caCertsLen, SSL_FILETYPE_ASN1) != SSL_SUCCESS) { // Couldn't load the certificates //SYS_CONSOLE_MESSAGE("Something went wrong loading the certificates\r\n"); wolfSSL_CTX_free(net_pres_wolfSSLInfoStreamClient0.context); return false; } // Turn off verification, because SNTP is usually blocked by a firewall wolfSSL_CTX_set_verify(net_pres_wolfSSLInfoStreamClient0.context, SSL_VERIFY_NONE, 0); net_pres_wolfSSLInfoStreamClient0.isInited = true; return true; }
static void test_wolfSSL_CTX_load_verify_locations(void) { #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) WOLFSSL_CTX *ctx; AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); /* invalid context */ AssertFalse(wolfSSL_CTX_load_verify_locations(NULL, caCert, 0)); /* invalid ca file */ AssertFalse(wolfSSL_CTX_load_verify_locations(ctx, NULL, 0)); AssertFalse(wolfSSL_CTX_load_verify_locations(ctx, bogusFile, 0)); #ifndef WOLFSSL_TIRTOS /* invalid path */ /* not working... investigate! */ /* AssertFalse(wolfSSL_CTX_load_verify_locations(ctx, caCert, bogusFile)); */ #endif /* success */ AssertTrue(wolfSSL_CTX_load_verify_locations(ctx, caCert, 0)); wolfSSL_CTX_free(ctx); #endif }
static void* client_thread(void* args) { /* set up client */ WOLFSSL_CTX* cli_ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()); if (cli_ctx == NULL) err_sys("bad client ctx new"); int ret = wolfSSL_CTX_load_verify_locations(cli_ctx, cacert, NULL); if (ret != SSL_SUCCESS) err_sys("bad ca load"); wolfSSL_SetIOSend(cli_ctx, ClientSend); wolfSSL_SetIORecv(cli_ctx, ClientRecv); WOLFSSL* cli_ssl = wolfSSL_new(cli_ctx); if (cli_ctx == NULL) err_sys("bad client new"); ret = wolfSSL_connect(cli_ssl); if (ret != SSL_SUCCESS) err_sys("bad client tls connect"); printf("wolfSSL client success!\n"); ret = wolfSSL_write(cli_ssl, "hello memory wolfSSL!", 21); /* clean up */ wolfSSL_free(cli_ssl); wolfSSL_CTX_free(cli_ctx); return NULL; }
static void test_wolfSSL_UseSupportedCurve(void) { #ifdef HAVE_SUPPORTED_CURVES WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); WOLFSSL *ssl = wolfSSL_new(ctx); AssertNotNull(ctx); AssertNotNull(ssl); #ifndef NO_WOLFSSL_CLIENT /* error cases */ AssertIntNE(SSL_SUCCESS, wolfSSL_CTX_UseSupportedCurve(NULL, WOLFSSL_ECC_SECP256R1)); AssertIntNE(SSL_SUCCESS, wolfSSL_CTX_UseSupportedCurve(ctx, 0)); AssertIntNE(SSL_SUCCESS, wolfSSL_UseSupportedCurve(NULL, WOLFSSL_ECC_SECP256R1)); AssertIntNE(SSL_SUCCESS, wolfSSL_UseSupportedCurve(ssl, 0)); /* success case */ AssertIntEQ(SSL_SUCCESS, wolfSSL_CTX_UseSupportedCurve(ctx, WOLFSSL_ECC_SECP256R1)); AssertIntEQ(SSL_SUCCESS, wolfSSL_UseSupportedCurve(ssl, WOLFSSL_ECC_SECP256R1)); #endif wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); #endif }
static void test_wolfSSL_CTX_use_PrivateKey_file(void) { #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) WOLFSSL_CTX *ctx; AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); /* invalid context */ AssertFalse(wolfSSL_CTX_use_PrivateKey_file(NULL, svrKey, SSL_FILETYPE_PEM)); /* invalid key file */ AssertFalse(wolfSSL_CTX_use_PrivateKey_file(ctx, bogusFile, SSL_FILETYPE_PEM)); /* invalid key type */ AssertFalse(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKey, 9999)); /* success */ #ifdef NO_RSA /* rsa needed */ AssertFalse(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKey, SSL_FILETYPE_PEM)); #else /* success */ AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKey, SSL_FILETYPE_PEM)); #endif wolfSSL_CTX_free(ctx); #endif }
static void test_wolfSSL_UseMaxFragment(void) { #ifdef HAVE_MAX_FRAGMENT WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); WOLFSSL *ssl = wolfSSL_new(ctx); AssertNotNull(ctx); AssertNotNull(ssl); /* error cases */ AssertIntNE(SSL_SUCCESS, wolfSSL_CTX_UseMaxFragment(NULL, WOLFSSL_MFL_2_9)); AssertIntNE(SSL_SUCCESS, wolfSSL_UseMaxFragment( NULL, WOLFSSL_MFL_2_9)); AssertIntNE(SSL_SUCCESS, wolfSSL_CTX_UseMaxFragment(ctx, 0)); AssertIntNE(SSL_SUCCESS, wolfSSL_CTX_UseMaxFragment(ctx, 6)); AssertIntNE(SSL_SUCCESS, wolfSSL_UseMaxFragment(ssl, 0)); AssertIntNE(SSL_SUCCESS, wolfSSL_UseMaxFragment(ssl, 6)); /* success case */ AssertIntEQ(SSL_SUCCESS, wolfSSL_CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_9)); AssertIntEQ(SSL_SUCCESS, wolfSSL_CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_10)); AssertIntEQ(SSL_SUCCESS, wolfSSL_CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_11)); AssertIntEQ(SSL_SUCCESS, wolfSSL_CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_12)); AssertIntEQ(SSL_SUCCESS, wolfSSL_CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_13)); AssertIntEQ(SSL_SUCCESS, wolfSSL_UseMaxFragment( ssl, WOLFSSL_MFL_2_9)); AssertIntEQ(SSL_SUCCESS, wolfSSL_UseMaxFragment( ssl, WOLFSSL_MFL_2_10)); AssertIntEQ(SSL_SUCCESS, wolfSSL_UseMaxFragment( ssl, WOLFSSL_MFL_2_11)); AssertIntEQ(SSL_SUCCESS, wolfSSL_UseMaxFragment( ssl, WOLFSSL_MFL_2_12)); AssertIntEQ(SSL_SUCCESS, wolfSSL_UseMaxFragment( ssl, WOLFSSL_MFL_2_13)); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); #endif }
/* * ======== exitApp ======== * Cleans up the SSL context and exits the application */ void exitApp(WOLFSSL_CTX* ctx) { if (ctx != NULL) { wolfSSL_CTX_free(ctx); wolfSSL_Cleanup(); } BIOS_exit(-1); }
/* Cleanup the wolfSSL context and wolfSSL library. * * ctx The wolfSSL context object. */ static void WolfSSLCtx_Final(ThreadData* threadData) { wolfSSL_CTX_free(threadData->ctx); threadData->ctx = NULL; #ifdef WOLFSSL_ASYNC_CRYPT wolfAsync_DevClose(&threadData->devId); #endif }
WolfSSLConnection::~WolfSSLConnection() { if (sslContext != NULL) { wolfSSL_CTX_free(sslContext); sslContext = NULL; } wolfSSL_Cleanup(); }
bool NET_PRES_EncProviderStreamClientDeinit0() { wolfSSL_CTX_free(net_pres_wolfSSLInfoStreamClient0.context); net_pres_wolfSSLInfoStreamClient0.isInited = false; _net_pres_wolfsslUsers--; if (_net_pres_wolfsslUsers == 0) { wolfSSL_Cleanup(); } return true; }
static void test_wolfSSL_CTX_new(WOLFSSL_METHOD *method) { WOLFSSL_CTX *ctx; AssertNull(ctx = wolfSSL_CTX_new(NULL)); AssertNotNull(method); AssertNotNull(ctx = wolfSSL_CTX_new(method)); wolfSSL_CTX_free(ctx); }
/* Create a new wolfSSL client with a server CA certificate. */ static int wolfssl_client_new(WOLFSSL_CTX** ctx, WOLFSSL** ssl) { int ret = 0; WOLFSSL_CTX* client_ctx = NULL; WOLFSSL* client_ssl = NULL; /* Create and initialize WOLFSSL_CTX */ if ((client_ctx = wolfSSL_CTX_new_ex(wolfTLSv1_2_client_method(), HEAP_HINT_CLIENT)) == NULL) { printf("ERROR: failed to create WOLFSSL_CTX\n"); ret = -1; } if (ret == 0) { /* Load CA certificates into WOLFSSL_CTX */ if (wolfSSL_CTX_load_verify_buffer(client_ctx, CA_CERTS, CA_CERTS_LEN, WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) { printf("ERROR: failed to load CA certificate\n"); ret = -1; } } if (ret == 0) { /* Register callbacks */ wolfSSL_SetIORecv(client_ctx, recv_client); wolfSSL_SetIOSend(client_ctx, send_client); } if (ret == 0) { /* Create a WOLFSSL object */ if ((client_ssl = wolfSSL_new(client_ctx)) == NULL) { printf("ERROR: failed to create WOLFSSL object\n"); ret = -1; } } if (ret == 0) { /* make wolfSSL object nonblocking */ wolfSSL_set_using_nonblock(client_ssl, 1); } if (ret == 0) { *ctx = client_ctx; *ssl = client_ssl; } else { if (client_ssl != NULL) wolfSSL_free(client_ssl); if (client_ctx != NULL) wolfSSL_CTX_free(client_ctx); } return ret; }
void *mod_wolftls_create(http_server_t *server, char *unused, mod_tls_t *modconfig) { int ret; _mod_wolftls_t *mod; if (!modconfig) return NULL; mod = calloc(1, sizeof(*mod)); wolfSSL_Init(); mod->method = wolfTLSv1_2_server_method(); if ( (mod->ctx = wolfSSL_CTX_new(mod->method)) == NULL) goto wolfftls_out_ctx; if (modconfig->crtfile) { ret = wolfSSL_CTX_use_certificate_file(mod->ctx, modconfig->crtfile, SSL_FILETYPE_PEM); if (ret != WOLFSSL_SUCCESS) { err("wolftls: CTX_use_certificate_file %d %d\n", ret, WOLFSSL_SUCCESS); goto wolfftls_out_certfile; } } if (modconfig->pemfile) { ret = wolfSSL_CTX_use_PrivateKey_file(mod->ctx, modconfig->pemfile, SSL_FILETYPE_PEM); if (ret != WOLFSSL_SUCCESS) { err("wolftls: CTX_use_PrivateKey_file pem %d\n", ret); goto wolfftls_out_certfile; } } if (modconfig->cachain) { ret = wolfSSL_CTX_use_certificate_chain_file(mod->ctx, modconfig->cachain); if (ret != WOLFSSL_SUCCESS) { err("wolftls: CTX_use_certificate_chain_file cachain %d\n", ret); goto wolfftls_out_certfile; } } httpserver_addmod(server, _mod_wolftls_getctx, _mod_wolftls_freectx, mod, str_wolftls); return mod; wolfftls_out_certfile: wolfSSL_CTX_free(mod->ctx); wolfftls_out_ctx: free(mod); return NULL; }
int Client(const char* ip, word16 port) { int n; char msg[] = "hello wolfssl"; char reply[MAXSZ]; int msgSz = strlen(msg); SOCKET_T fd; WOLFSSL_CTX* ctx; WOLFSSL* ssl; if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL) err_sys("Error in setting client ctx\n"); if (wolfSSL_CTX_load_verify_locations(ctx, caCert, 0) != SSL_SUCCESS) err_sys("trouble loading client cert"); if (wolfSSL_CTX_use_certificate_file(ctx, cliCert, SSL_FILETYPE_PEM) != SSL_SUCCESS) err_sys("trouble loading client cert"); if (wolfSSL_CTX_use_PrivateKey_file(ctx, cliKey, SSL_FILETYPE_PEM) != SSL_SUCCESS) err_sys("trouble loading client cert"); /*sets the IO callback methods*/ wolfSSL_SetIORecv(ctx, CbIORecv); wolfSSL_SetIOSend(ctx, CbIOSend); if ((ssl = wolfSSL_new(ctx)) == NULL) err_sys("issue when creating ssl"); tcp_connect(&fd, ip, port, 0); wolfSSL_set_fd(ssl, fd); if (wolfSSL_connect(ssl) != SSL_SUCCESS) err_sys("client connect failed"); if (wolfSSL_write(ssl, msg, msgSz) != msgSz) err_sys("client write failed"); memset(reply, 0, MAXSZ); if ((n = wolfSSL_read(ssl, reply, MAXSZ - 1)) > 0) { reply[n] = '\0'; } else { printf("client read returned %d\n", n); return -1; } printf("Server sent : %s\n", reply); wolfSSL_shutdown(ssl); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); return 0; }
int SuiteTest(void) { func_args args; char argv0[2][80]; char* myArgv[2]; printf(" Begin Cipher Suite Tests\n"); /* setup */ myArgv[0] = argv0[0]; myArgv[1] = argv0[1]; args.argv = myArgv; strcpy(argv0[0], "SuiteTest"); (void)test_harness; cipherSuiteCtx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()); if (cipherSuiteCtx == NULL) { printf("can't get cipher suite ctx\n"); exit(EXIT_FAILURE); } /* default case */ args.argc = 1; printf("starting default cipher suite tests\n"); test_harness(&args); if (args.return_code != 0) { printf("error from script %d\n", args.return_code); exit(EXIT_FAILURE); } /* any extra cases will need another argument */ args.argc = 2; #ifdef WOLFSSL_DTLS /* add dtls extra suites */ strcpy(argv0[1], "tests/test-dtls.conf"); printf("starting dtls extra cipher suite tests\n"); test_harness(&args); if (args.return_code != 0) { printf("error from script %d\n", args.return_code); exit(EXIT_FAILURE); } #endif printf(" End Cipher Suite Tests\n"); wolfSSL_CTX_free(cipherSuiteCtx); wolfSSL_Cleanup(); return args.return_code; }
static int create_wolfssl_instance(TLS_IO_INSTANCE* tls_io_instance) { int result; if (add_certificate_to_store(tls_io_instance) != 0) { wolfSSL_CTX_free(tls_io_instance->ssl_context); result = __LINE__; } else { tls_io_instance->ssl = wolfSSL_new(tls_io_instance->ssl_context); if (tls_io_instance->ssl == NULL) { wolfSSL_CTX_free(tls_io_instance->ssl_context); result = __LINE__; } else { tls_io_instance->socket_io_read_bytes = NULL; tls_io_instance->socket_io_read_byte_count = 0; tls_io_instance->on_send_complete = NULL; tls_io_instance->on_send_complete_callback_context = NULL; wolfSSL_set_using_nonblock(tls_io_instance->ssl, 1); wolfSSL_SetIOSend(tls_io_instance->ssl_context, on_io_send); wolfSSL_SetIORecv(tls_io_instance->ssl_context, on_io_recv); wolfSSL_SetHsDoneCb(tls_io_instance->ssl, on_handshake_done, tls_io_instance); wolfSSL_SetIOWriteCtx(tls_io_instance->ssl, tls_io_instance); wolfSSL_SetIOReadCtx(tls_io_instance->ssl, tls_io_instance); tls_io_instance->tlsio_state = TLSIO_STATE_NOT_OPEN; result = 0; } } return result; }
int main() { int sockfd; WOLFSSL_CTX* ctx; WOLFSSL* ssl; WOLFSSL_METHOD* method; struct sockaddr_in servAddr; const char message[] = "Hello, World!"; /* create and set up socket */ sockfd = socket(AF_INET, SOCK_STREAM, 0); memset(&servAddr, 0, sizeof(servAddr)); servAddr.sin_family = AF_INET; servAddr.sin_port = htons(SERV_PORT); /* connect to socket */ connect(sockfd, (struct sockaddr *) &servAddr, sizeof(servAddr)); /* initialize wolfssl library */ wolfSSL_Init(); method = wolfTLSv1_2_client_method(); /* use TLS v1.2 */ /* make new ssl context */ if ( (ctx = wolfSSL_CTX_new(method)) == NULL) { err_sys("wolfSSL_CTX_new error"); } /* make new wolfSSL struct */ if ( (ssl = wolfSSL_new(ctx)) == NULL) { err_sys("wolfSSL_new error"); } /* Add cert to ctx */ if (wolfSSL_CTX_load_verify_locations(ctx, "certs/ca-cert.pem", 0) != SSL_SUCCESS) { err_sys("Error loading certs/ca-cert.pem"); } /* Connect wolfssl to the socket, server, then send message */ wolfSSL_set_fd(ssl, sockfd); wolfSSL_connect(ssl); wolfSSL_write(ssl, message, strlen(message)); /* frees all data before client termination */ wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); wolfSSL_Cleanup(); }
bool WolfSSLConnection::close(bool shutdown) { bool result; if (!isConnected) { result = true; } else { isConnected = false; wolfSSL_CTX_free(sslContext); result = Socket::close(shutdown) == 0; } return result; }
void tlsio_wolfssl_destroy(CONCRETE_IO_HANDLE tls_io) { if (tls_io != NULL) { TLS_IO_INSTANCE* tls_io_instance = (TLS_IO_INSTANCE*)tls_io; if (tls_io_instance->socket_io_read_bytes != NULL) { free(tls_io_instance->socket_io_read_bytes); } if (tls_io_instance->certificate != NULL) { free(tls_io_instance->certificate); tls_io_instance->certificate = NULL; } wolfSSL_CTX_free(tls_io_instance->ssl_context); xio_destroy(tls_io_instance->socket_io); free(tls_io); } }
static void test_wolfSSL_UseTruncatedHMAC(void) { #ifdef HAVE_TRUNCATED_HMAC WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); WOLFSSL *ssl = wolfSSL_new(ctx); AssertNotNull(ctx); AssertNotNull(ssl); /* error cases */ AssertIntNE(SSL_SUCCESS, wolfSSL_CTX_UseTruncatedHMAC(NULL)); AssertIntNE(SSL_SUCCESS, wolfSSL_UseTruncatedHMAC(NULL)); /* success case */ AssertIntEQ(SSL_SUCCESS, wolfSSL_CTX_UseTruncatedHMAC(ctx)); AssertIntEQ(SSL_SUCCESS, wolfSSL_UseTruncatedHMAC(ssl)); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); #endif }
/* * applies TLS 1.2 security layer to data being sent. */ int Security(int sock) { WOLFSSL_CTX* ctx; WOLFSSL* ssl; /* create WOLFSSL object */ int ret = 0; wolfSSL_Init(); /* initialize wolfSSL */ /* create and initiLize WOLFSSL_CTX structure */ if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL) { printf("SSL_CTX_new error.\n"); return EXIT_FAILURE; } /* set callback for action when CA's are added */ wolfSSL_CTX_SetCACb(ctx, CaCb); /* load CA certificates into wolfSSL_CTX. which will verify the server */ if (wolfSSL_CTX_load_verify_locations(ctx, cert, 0) != SSL_SUCCESS) { printf("Error loading %s. Please check the file.\n", cert); return EXIT_FAILURE; } if ((ssl = wolfSSL_new(ctx)) == NULL) { printf("wolfSSL_new error.\n"); return EXIT_FAILURE; } wolfSSL_set_fd(ssl, sock); ret = wolfSSL_connect(ssl); if (ret == SSL_SUCCESS) { ret = ClientGreet(sock, ssl); } /* frees all data before client termination */ wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); wolfSSL_Cleanup(); return ret; }
int main() { /* set up server */ WOLFSSL_CTX* srv_ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method()); if (srv_ctx == NULL) err_sys("bad server ctx new"); int ret = wolfSSL_CTX_use_PrivateKey_file(srv_ctx, key, SSL_FILETYPE_PEM); if (ret != SSL_SUCCESS) err_sys("bad server key file load"); ret = wolfSSL_CTX_use_certificate_file(srv_ctx, cert, SSL_FILETYPE_PEM); if (ret != SSL_SUCCESS) err_sys("bad server cert file load"); wolfSSL_SetIOSend(srv_ctx, ServerSend); wolfSSL_SetIORecv(srv_ctx, ServerRecv); WOLFSSL* srv_ssl = wolfSSL_new(srv_ctx); if (srv_ctx == NULL) err_sys("bad server new"); /* start client thread */ pthread_t tid; pthread_create(&tid, 0, client_thread, NULL); /* accept tls connection without tcp sockets */ ret = wolfSSL_accept(srv_ssl); if (ret != SSL_SUCCESS) err_sys("bad server tls accept"); printf("wolfSSL accept success!\n"); /* read msg post handshake from client */ unsigned char buf[80]; memset(buf, 0, sizeof(buf)); ret = wolfSSL_read(srv_ssl, buf, sizeof(buf)-1); printf("client msg = %s\n", buf); /* clean up */ wolfSSL_free(srv_ssl); wolfSSL_CTX_free(srv_ctx); return 0; }
static void test_wolfSSL_UseSNI_params(void) { WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); WOLFSSL *ssl = wolfSSL_new(ctx); AssertNotNull(ctx); AssertNotNull(ssl); /* invalid [ctx|ssl] */ AssertIntNE(SSL_SUCCESS, wolfSSL_CTX_UseSNI(NULL, 0, "ctx", 3)); AssertIntNE(SSL_SUCCESS, wolfSSL_UseSNI( NULL, 0, "ssl", 3)); /* invalid type */ AssertIntNE(SSL_SUCCESS, wolfSSL_CTX_UseSNI(ctx, -1, "ctx", 3)); AssertIntNE(SSL_SUCCESS, wolfSSL_UseSNI( ssl, -1, "ssl", 3)); /* invalid data */ AssertIntNE(SSL_SUCCESS, wolfSSL_CTX_UseSNI(ctx, 0, NULL, 3)); AssertIntNE(SSL_SUCCESS, wolfSSL_UseSNI( ssl, 0, NULL, 3)); /* success case */ AssertIntEQ(SSL_SUCCESS, wolfSSL_CTX_UseSNI(ctx, 0, "ctx", 3)); AssertIntEQ(SSL_SUCCESS, wolfSSL_UseSNI( ssl, 0, "ssl", 3)); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); }