static void test_client_CyaSSL_new(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA)
CYASSL_CTX *ctx;
CYASSL_CTX *ctx_nocert;
CYASSL *ssl;
AssertNotNull(ctx_nocert = CyaSSL_CTX_new(CyaSSLv23_client_method()));
AssertNotNull(ctx = CyaSSL_CTX_new(CyaSSLv23_client_method()));
AssertTrue(CyaSSL_CTX_load_verify_locations(ctx, caCert, 0));
/* invalid context */
AssertNull(ssl = CyaSSL_new(NULL));
/* success */
AssertNotNull(ssl = CyaSSL_new(ctx_nocert));
CyaSSL_free(ssl);
/* success */
AssertNotNull(ssl = CyaSSL_new(ctx));
CyaSSL_free(ssl);
CyaSSL_CTX_free(ctx);
CyaSSL_CTX_free(ctx_nocert);
#endif
}
static void test_server_CyaSSL_new(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA)
CYASSL_CTX *ctx;
CYASSL_CTX *ctx_nocert;
CYASSL *ssl;
AssertNotNull(ctx_nocert = CyaSSL_CTX_new(CyaSSLv23_server_method()));
AssertNotNull(ctx = CyaSSL_CTX_new(CyaSSLv23_server_method()));
AssertTrue(CyaSSL_CTX_use_certificate_file(ctx, svrCert, SSL_FILETYPE_PEM));
AssertTrue(CyaSSL_CTX_use_PrivateKey_file(ctx, svrKey, SSL_FILETYPE_PEM));
/* invalid context */
AssertNull(ssl = CyaSSL_new(NULL));
AssertNull(ssl = CyaSSL_new(ctx_nocert));
/* success */
AssertNotNull(ssl = CyaSSL_new(ctx));
CyaSSL_free(ssl);
CyaSSL_CTX_free(ctx);
CyaSSL_CTX_free(ctx_nocert);
#endif
}
int capwap_crypt_createsession(struct capwap_dtls* dtls, struct capwap_dtls_context* dtlscontext) {
ASSERT(dtls != NULL);
ASSERT(dtlscontext != NULL);
ASSERT(dtlscontext->sslcontext != NULL);
/* Create ssl session */
dtls->sslsession = (void*)CyaSSL_new((CYASSL_CTX*)dtlscontext->sslcontext);
if (!dtls->sslsession) {
capwap_logging_debug("Error to initialize dtls session");
return 0;
}
/* */
CyaSSL_set_using_nonblock((CYASSL*)dtls->sslsession, 1);
CyaSSL_SetIOReadCtx((CYASSL*)dtls->sslsession, (void*)dtls);
CyaSSL_SetIOWriteCtx((CYASSL*)dtls->sslsession, (void*)dtls);
CyaSSL_SetCookieCtx((CYASSL*)dtls->sslsession, (void*)dtls);
/* */
dtls->action = CAPWAP_DTLS_ACTION_NONE;
dtls->dtlscontext = dtlscontext;
dtls->enable = 1;
dtls->buffer = NULL;
dtls->length = 0;
return 1;
}
inline static CYASSL* create_cyassl_object( CYASSL_CTX* cya_ctx, const Conn_t* conn )
{
assert( cya_ctx != 0 && "CyaSSL context must not be null!" );
assert( conn != 0 && "Conn ptr must not be null!" );
CYASSL* xCyaSSL_Object = 0;
xCyaSSL_Object = CyaSSL_new( cya_ctx );
if( xCyaSSL_Object != NULL )
{
CyaSSL_SetIORecv( cya_ctx, myPrivateRecv );
CyaSSL_SetIOSend( cya_ctx, myPrivateSend );
/* Associate the created CyaSSL object with the connected socket. */
if( CyaSSL_set_fd( xCyaSSL_Object, conn->sock_fd ) != SSL_SUCCESS )
{
return 0;
}
return xCyaSSL_Object;
}
return 0;
}
static void test_CyaSSL_UseMaxFragment(void)
{
#ifdef HAVE_MAX_FRAGMENT
CYASSL_CTX *ctx = CyaSSL_CTX_new(CyaSSLv23_client_method());
CYASSL *ssl = CyaSSL_new(ctx);
AssertNotNull(ctx);
AssertNotNull(ssl);
/* error cases */
AssertIntNE(SSL_SUCCESS, CyaSSL_CTX_UseMaxFragment(NULL, CYASSL_MFL_2_9));
AssertIntNE(SSL_SUCCESS, CyaSSL_UseMaxFragment( NULL, CYASSL_MFL_2_9));
AssertIntNE(SSL_SUCCESS, CyaSSL_CTX_UseMaxFragment(ctx, 0));
AssertIntNE(SSL_SUCCESS, CyaSSL_CTX_UseMaxFragment(ctx, 6));
AssertIntNE(SSL_SUCCESS, CyaSSL_UseMaxFragment(ssl, 0));
AssertIntNE(SSL_SUCCESS, CyaSSL_UseMaxFragment(ssl, 6));
/* success case */
AssertIntEQ(SSL_SUCCESS, CyaSSL_CTX_UseMaxFragment(ctx, CYASSL_MFL_2_9));
AssertIntEQ(SSL_SUCCESS, CyaSSL_CTX_UseMaxFragment(ctx, CYASSL_MFL_2_10));
AssertIntEQ(SSL_SUCCESS, CyaSSL_CTX_UseMaxFragment(ctx, CYASSL_MFL_2_11));
AssertIntEQ(SSL_SUCCESS, CyaSSL_CTX_UseMaxFragment(ctx, CYASSL_MFL_2_12));
AssertIntEQ(SSL_SUCCESS, CyaSSL_CTX_UseMaxFragment(ctx, CYASSL_MFL_2_13));
AssertIntEQ(SSL_SUCCESS, CyaSSL_UseMaxFragment( ssl, CYASSL_MFL_2_9));
AssertIntEQ(SSL_SUCCESS, CyaSSL_UseMaxFragment( ssl, CYASSL_MFL_2_10));
AssertIntEQ(SSL_SUCCESS, CyaSSL_UseMaxFragment( ssl, CYASSL_MFL_2_11));
AssertIntEQ(SSL_SUCCESS, CyaSSL_UseMaxFragment( ssl, CYASSL_MFL_2_12));
AssertIntEQ(SSL_SUCCESS, CyaSSL_UseMaxFragment( ssl, CYASSL_MFL_2_13));
CyaSSL_free(ssl);
CyaSSL_CTX_free(ctx);
#endif
}
static void test_CyaSSL_UseSupportedCurve(void)
{
#ifdef HAVE_SUPPORTED_CURVES
CYASSL_CTX *ctx = CyaSSL_CTX_new(CyaSSLv23_client_method());
CYASSL *ssl = CyaSSL_new(ctx);
AssertNotNull(ctx);
AssertNotNull(ssl);
#ifndef NO_CYASSL_CLIENT
/* error cases */
AssertIntNE(SSL_SUCCESS,
CyaSSL_CTX_UseSupportedCurve(NULL, CYASSL_ECC_SECP160R1));
AssertIntNE(SSL_SUCCESS, CyaSSL_CTX_UseSupportedCurve(ctx, 0));
AssertIntNE(SSL_SUCCESS,
CyaSSL_UseSupportedCurve(NULL, CYASSL_ECC_SECP160R1));
AssertIntNE(SSL_SUCCESS, CyaSSL_UseSupportedCurve(ssl, 0));
/* success case */
AssertIntEQ(SSL_SUCCESS,
CyaSSL_CTX_UseSupportedCurve(ctx, CYASSL_ECC_SECP160R1));
AssertIntEQ(SSL_SUCCESS,
CyaSSL_UseSupportedCurve(ssl, CYASSL_ECC_SECP160R1));
#endif
CyaSSL_free(ssl);
CyaSSL_CTX_free(ctx);
#endif
}
static int perform_get_test(int sockfd) {
char buffer[CYASSL_MAX_ERROR_SZ];
char reply[HTTP_BUF_SIZE];
int err, ret, input;
if (CyaSSL_Init() < 0)
err_sys("Unable to init ssl library");
CYASSL_METHOD *method;
method = CyaTLSv1_client_method();
if (method == NULL) {
err_sys("Unable to get method");
}
CYASSL_CTX *ctx = 0;
ctx = CyaSSL_CTX_new(method);
if (ctx == NULL) {
err_sys("Unable to get ctx");
}
CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
CYASSL* ssl = 0;
ssl = CyaSSL_new(ctx);
if (ssl == NULL) {
err_sys("Unable to get ssl obj");
}
if (CyaSSL_set_fd(ssl, sockfd) != SSL_SUCCESS) {
err_sys("Can't set fd");
}
ret = CyaSSL_connect(ssl);
if (ret != SSL_SUCCESS) {
err = CyaSSL_get_error(ssl, 0);
}
if (ret != SSL_SUCCESS) {
LOG_E("err = %d, %s\n", err, CyaSSL_ERR_error_string(err, buffer));
err_sys("cyaSSL_connect failed");
}
if (CyaSSL_write(ssl, msg, sizeof(msg)) != sizeof(msg)) {
err_sys("SSL_write failed");
};
input = CyaSSL_read(ssl, reply, sizeof(reply));
if (input > 0) {
if (!memcmp(reply, msg_200_ok, sizeof(msg_200_ok) - 1)) {
return 0;
} else {
return -1;
}
}
return -1;
}
int accept_process(struct epoll_event povent, int epollfd, int listenfd)
{
socklen_t cliLen;
struct sockaddr_in cliAddr;
int connfd;
char buff[MAXLINE];
struct client_ssl* info;
cliLen = sizeof(cliAddr);
connfd = accept(listenfd, (struct sockaddr *) &cliAddr, &cliLen);
if (connfd < 0) {
printf("accept error\n");
return 1;
}
else {
printf("Connection from %s, port %d\n",
inet_ntop(AF_INET, &cliAddr.sin_addr, buff, sizeof(buff)),
ntohs(cliAddr.sin_port));
if (fcntl(connfd, F_SETFL, O_NONBLOCK) < 0) {
printf("Fatal error : fcntl set failed\n");
return 1;
}
/* add fd to epoll */
info = malloc(sizeof(struct client_ssl));
if (info == NULL) {
printf("Error creating memory space with malloc!\n");
return 1;
}
info->u32 = EPOLLIN;
info->fd = connfd;
/* create CYASSL object */
if ((info->ssl = CyaSSL_new(ctx)) == NULL) {
printf("Fatal error : CyaSSL_new error\n");
return 1;
}
CyaSSL_set_fd(info->ssl, info->fd);
CyaSSL_set_using_nonblock(info->ssl, 1);
povent.data.ptr = info;
if (epoll_ctl(epollfd, EPOLL_CTL_ADD, connfd, &povent) == -1) {
printf("Error adding new fd\n");
return 1;
}
numCon++;
}
return 0;
}
int main(int argc, char** argv)
{
int ret, sockfd, clientfd;
char buff[80];
const char reply[] = "I hear ya fa shizzle!\n";
CYASSL* ssl;
CYASSL_CTX* ctx = CyaSSL_CTX_new(CyaSSLv23_server_method());
if (ctx == NULL)
err_sys("bad ctx new");
if (CyaSSL_CTX_use_certificate_file(ctx, "../certs/server-cert.pem",
SSL_FILETYPE_PEM) != SSL_SUCCESS) {
err_sys("Error loading server-cert.pem");
return EXIT_FAILURE;
}
if (CyaSSL_CTX_use_PrivateKey_file(ctx, "../certs/server-key.pem",
SSL_FILETYPE_PEM) != SSL_SUCCESS) {
err_sys("Error loading server-key.pem");
return EXIT_FAILURE;
}
printf("Waiting for a connection...\n");
tcp_accept(&sockfd, &clientfd, NULL, yasslPort, 1, 0);
if ((ssl = CyaSSL_new(ctx)) == NULL)
err_sys("bad cyassl setup");
if (CyaSSL_set_fd(ssl, clientfd) != SSL_SUCCESS)
err_sys("bad set fd");
ret = CyaSSL_read(ssl, buff, sizeof(buff)-1);
if (ret > 0) {
buff[ret] = '\0';
printf("Recieved: %s\n", buff);
if ((ret = CyaSSL_write(ssl, reply, sizeof(reply)-1)) < 0)
err_sys("bad cyassl write");
} else
err_sys("bad cyassl read");
close(sockfd);
close(clientfd);
CyaSSL_free(ssl);
CyaSSL_CTX_free(ctx);
CyaSSL_Cleanup();
return 0;
}
int AcceptAndRead(CYASSL_CTX* ctx, socklen_t socketfd, struct sockaddr_in clientAddr)
{
socklen_t size = sizeof(clientAddr);
/* Wait until a client connects */
int connd = accept(socketfd, (struct sockaddr *)&clientAddr, &size);
/* If fails to connect, loop back up and wait for a new connection */
if (connd == -1) {
printf("failed to accept the connection..\n");
}
/* If it connects, read in and reply to the client */
else {
printf("Client connected successfully!\n");
CYASSL* ssl;
if ( (ssl = CyaSSL_new(ctx)) == NULL) {
fprintf(stderr, "CyaSSL_new error.\n");
exit(EXIT_FAILURE);
}
/* Direct our ssl to our clients connection */
CyaSSL_set_fd(ssl, connd);
/* Sets CyaSSL_accept(ssl) */
if(NonBlocking_ReadWriteAccept(ssl, socketfd, ACCEPT) < 0)
return 0;
/*
* loop until the connected client disconnects
* and read in any messages the client sends
*/
for ( ; ; ) {
/* Read data in when I/O is available */
if (NonBlocking_ReadWriteAccept(ssl, socketfd, READ) == 0)
break;
/* Write data out when I/O is available */
if (NonBlocking_ReadWriteAccept(ssl, socketfd, WRITE) == 0)
break;
}
CyaSSL_free(ssl); /* Free the CYASSL object */
}
close(connd); /* close the connected socket */
return 0;
}
static void test_CyaSSL_UseTruncatedHMAC(void)
{
#ifdef HAVE_TRUNCATED_HMAC
CYASSL_CTX *ctx = CyaSSL_CTX_new(CyaSSLv23_client_method());
CYASSL *ssl = CyaSSL_new(ctx);
AssertNotNull(ctx);
AssertNotNull(ssl);
/* error cases */
AssertIntNE(SSL_SUCCESS, CyaSSL_CTX_UseTruncatedHMAC(NULL));
AssertIntNE(SSL_SUCCESS, CyaSSL_UseTruncatedHMAC(NULL));
/* success case */
AssertIntEQ(SSL_SUCCESS, CyaSSL_CTX_UseTruncatedHMAC(ctx));
AssertIntEQ(SSL_SUCCESS, CyaSSL_UseTruncatedHMAC(ssl));
CyaSSL_free(ssl);
CyaSSL_CTX_free(ctx);
#endif
}
/*
* applies TLS 1.2 security layer to data being sent.
*/
int Security(int sock)
{
CYASSL_CTX* ctx;
CYASSL* ssl; /* create CYASSL object */
int ret = 0;
CyaSSL_Init(); /* initialize CyaSSL */
/* create and initiLize CYASSL_CTX structure */
if ((ctx = CyaSSL_CTX_new(CyaTLSv1_2_client_method())) == NULL) {
printf("SSL_CTX_new error.\n");
return EXIT_FAILURE;
}
/* load CA certificates into CyaSSL_CTX. which will verify the server */
if (CyaSSL_CTX_load_verify_locations(ctx, cert, 0) != SSL_SUCCESS) {
printf("Error loading %s. Please check the file.\n", cert);
return EXIT_FAILURE;
}
if ((ssl = CyaSSL_new(ctx)) == NULL) {
printf("CyaSSL_new error.\n");
return EXIT_FAILURE;
}
CyaSSL_set_fd(ssl, sock);
ret = CyaSSL_connect(ssl);
if (ret == SSL_SUCCESS) {
ret = ClientGreet(sock, ssl);
}
/* frees all data before client termination */
CyaSSL_free(ssl);
CyaSSL_CTX_free(ctx);
CyaSSL_Cleanup();
return ret;
}
int Server(word16 port)
{
char msg[MAXSZ];
const char reply[] = "I hear ya fa shizzle!\n";
int n, listenfd, connfd;
CYASSL_CTX* ctx;
CYASSL* ssl;
CyaSSL_Init();
/* create ctx and configure certificates */
if ((ctx = CyaSSL_CTX_new(CyaTLSv1_2_server_method())) == NULL)
err_sys("Fatal error : CyaSSL_CTX_new error");
if (CyaSSL_CTX_use_certificate_file(ctx, svrCert, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("can't load server cert file,"
"Please run from CyaSSL home dir");
if (CyaSSL_CTX_use_PrivateKey_file(ctx, svrKey, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("can't load server key file, "
"Please run from CyaSSL home dir");
/*sets the IO callback methods*/
CyaSSL_SetIORecv(ctx, CbIORecv);
CyaSSL_SetIOSend(ctx, CbIOSend);
tcp_accept(&listenfd, &connfd, NULL, port, 1, 0);
if (connfd < 0) {
err_sys("Fatal error : accept error");
}
else {
/* create CYASSL object and respond */
if ((ssl = CyaSSL_new(ctx)) == NULL)
err_sys("Fatal error : CyaSSL_new error");
CyaSSL_set_fd(ssl, connfd);
memset(msg, 0, MAXSZ);
n = CyaSSL_read(ssl, msg, MAXSZ - 1);
if (n > 0) {
msg[n] = '\0';
printf("Client sent : %s\n", msg);
if (CyaSSL_write(ssl, reply, strlen(reply)) > strlen(reply))
err_sys("Fatal error : respond: write error");
}
if (n < 0)
err_sys("Fatal error :respond: read error");
/* closes the connections after responding */
CyaSSL_shutdown(ssl);
CyaSSL_free(ssl);
if (close(listenfd) == -1 && close(connfd) == -1)
err_sys("Fatal error : close error");
}
/* free up memory used by CyaSSL */
CyaSSL_CTX_free(ctx);
return 0;
}
struct variable *sys_connect(struct context *context)
{
struct variable *arguments = (struct variable*)stack_pop(context->operand_stack);
const char *serveraddr = param_str(arguments, 1);
const int32_t serverport = param_int(arguments, 2);
struct variable *listener = ((struct variable*)array_get(arguments->list, 2));
int sockfd;
struct sockaddr_in servaddr;
CYASSL_CTX* ctx;
CYASSL* ssl;
node_init();
// Create and initialize CYASSL_CTX structure
if ( (ctx = CyaSSL_CTX_new(CyaTLSv1_client_method())) == NULL)
{
context->vm_exception = variable_new_str(context, byte_array_from_string("SSL_CTX_new error"));
CyaSSL_Cleanup();
return NULL;
}
// Load CA certificates into CYASSL_CTX
if (CyaSSL_CTX_load_verify_locations(ctx, "./conf/ca-cert.pem", 0) != SSL_SUCCESS)
{
context->vm_exception = variable_new_str(context, byte_array_from_string("Error loading ca-cert.pem, please check the file.\n"));
CyaSSL_CTX_free(ctx);
CyaSSL_Cleanup();
return NULL;
}
// Create Socket file descriptor
sockfd = socket(AF_INET, SOCK_STREAM, 0);
bzero(&servaddr, sizeof(servaddr));
servaddr.sin_family = AF_INET;
servaddr.sin_port = htons(serverport);
inet_pton(AF_INET, serveraddr, &servaddr.sin_addr);
// Blocking Connect to socket file descriptor
connect(sockfd, (struct sockaddr *) &servaddr, sizeof(servaddr));
// Create CYASSL object
if ((ssl = CyaSSL_new(ctx)) == NULL)
{
context->vm_exception = variable_new_str(context, byte_array_from_string("CyaSSL_new error"));
CyaSSL_CTX_free(ctx);
CyaSSL_Cleanup();
return NULL;
}
CyaSSL_set_fd(ssl, sockfd);
fprintf(stderr, "Connected on %d -- %p\n", sockfd, ssl);
struct thread_argument *ta = (struct thread_argument *)malloc(sizeof(struct thread_argument));
ta->find = context->find;
ta->listener = listener;
ta->ssl = ssl;
ta->fd = sockfd;
ta->cya = ctx;
if (socket_listeners == NULL)
socket_listeners = map_new_ex(NULL, &int_compare, &int_hash, &int_copy, &int_del);
map_insert(socket_listeners, (void*)(VOID_INT)sockfd, (void*)(VOID_INT)ta);
return variable_new_int(context, sockfd);
}
// listens for incoming connections
void *sys_listen2(void *arg)
{
struct listen_arguments *la = (struct listen_arguments*)arg;
struct variable *listener = la->listener;
int serverport = la->serverport;
if (server_listeners == NULL)
server_listeners = map_new_ex(NULL, &int_compare, &int_hash, &int_copy, &int_del);
map_insert(server_listeners, (void*)(VOID_INT)serverport, listener);
node_init();
// Create and initialize CYASSL_CTX structure
CYASSL_CTX* ctx;
if ( (ctx = CyaSSL_CTX_new(CyaTLSv1_server_method())) == NULL)
{
fprintf(stderr, "CyaSSL_CTX_new error.\n");
return NULL;
}
// Load CA certificates into CYASSL_CTX
if (CyaSSL_CTX_load_verify_locations(ctx, "./conf/ca-cert.pem", 0) != SSL_SUCCESS)
{
fprintf(stderr, "Error loading ca-cert.pem, please check the file.\n");
return NULL;
}
// Load server certificate into CYASSL_CTX
if (CyaSSL_CTX_use_certificate_file(ctx, "conf/server-cert.pem", SSL_FILETYPE_PEM) != SSL_SUCCESS)
{
fprintf(stderr, "Error loading server-cert.pem, please check the file.\n");
return NULL;
}
// Load server key into CYASSL_CTX
if (CyaSSL_CTX_use_PrivateKey_file(ctx, "conf/server-key.pem", SSL_FILETYPE_PEM) != SSL_SUCCESS)
{
fprintf(stderr, "Error loading server-key.pem, please check the file.\n");
return NULL;
}
// open the server socket over specified port 8080 to accept client connections
int listenfd = socket(AF_INET, SOCK_STREAM, 0);
// setsockopt: Eliminates "ERROR on binding: Address already in use" error.
int optval = 1;
setsockopt(listenfd, SOL_SOCKET, SO_REUSEADDR, (const void *)&optval, sizeof(int));
struct sockaddr_in servaddr;
bzero(&servaddr, sizeof(servaddr));
servaddr.sin_family = AF_INET;
servaddr.sin_addr.s_addr = htonl(INADDR_ANY);
servaddr.sin_port = htons(serverport);
bind(listenfd, (struct sockaddr *) &servaddr, sizeof(servaddr));
listen(listenfd, 5);
// create thread for processing each client request
struct sockaddr_in client_addr;
socklen_t sin_size = sizeof (struct sockaddr_in);
for(;;)
{
int connfd = accept(listenfd, (struct sockaddr *) &client_addr, &sin_size );
DEBUGPRINT("\n Got a connection from (%s , %d)\n", inet_ntoa(client_addr.sin_addr), ntohs(client_addr.sin_port));
// Create CYASSL Object
CYASSL* ssl;
if ((ssl = CyaSSL_new(ctx)) == NULL) {
fprintf(stderr, "CyaSSL_new error");
return NULL;
}
CyaSSL_set_fd(ssl, connfd);
struct thread_argument *ta = (struct thread_argument *)malloc(sizeof(struct thread_argument));
ta->find = la->find;
ta->listener = listener;
ta->ssl = ssl;
ta->fd = connfd;
ta->cya = ctx;
DEBUGPRINT("listenting on %d - %p\n", connfd, ta->ssl);
pthread_t child;
pthread_create(&child, NULL, incoming_connection, &ta);
}
return NULL;
}
void* ThreadControl(void* openSock)
{
pthread_detach(pthread_self());
threadArgs* args = (threadArgs*)openSock;
int recvLen = 0; /* length of message */
int activefd = args->activefd; /* the active descriptor */
int msgLen = args->size; /* the size of message */
unsigned char buff[msgLen]; /* the incoming message */
char ack[] = "I hear you fashizzle!\n";
CYASSL* ssl;
memcpy(buff, args->b, msgLen);
/* Create the CYASSL Object */
if ((ssl = CyaSSL_new(ctx)) == NULL) {
printf("CyaSSL_new error.\n");
cleanup = 1;
return NULL;
}
/* set the session ssl to client connection port */
CyaSSL_set_fd(ssl, activefd);
if (CyaSSL_accept(ssl) != SSL_SUCCESS) {
int e = CyaSSL_get_error(ssl, 0);
printf("error = %d, %s\n", e, CyaSSL_ERR_reason_error_string(e));
printf("SSL_accept failed.\n");
return NULL;
}
if ((recvLen = CyaSSL_read(ssl, buff, msgLen-1)) > 0) {
printf("heard %d bytes\n", recvLen);
buff[recvLen] = 0;
printf("I heard this: \"%s\"\n", buff);
}
else if (recvLen < 0) {
int readErr = CyaSSL_get_error(ssl, 0);
if(readErr != SSL_ERROR_WANT_READ) {
printf("SSL_read failed.\n");
cleanup = 1;
return NULL;
}
}
if (CyaSSL_write(ssl, ack, sizeof(ack)) < 0) {
printf("CyaSSL_write fail.\n");
cleanup = 1;
return NULL;
}
else {
printf("Sending reply.\n");
}
printf("reply sent \"%s\"\n", ack);
CyaSSL_shutdown(ssl);
CyaSSL_free(ssl);
close(activefd);
free(openSock); /* valgrind friendly free */
printf("Client left return to idle state\n");
printf("Exiting thread.\n\n");
pthread_exit(openSock);
}
int AcceptAndRead(CYASSL_CTX* ctx, socklen_t sockfd, struct sockaddr_in
clientAddr)
{
/* Create our reply message */
const char reply[] = "I hear ya fa shizzle!\n";
socklen_t size = sizeof(clientAddr);
/* Wait until a client connects */
socklen_t connd = accept(sockfd, (struct sockaddr *)&clientAddr, &size);
/* If fails to connect,int loop back up and wait for a new connection */
if (connd == -1) {
printf("failed to accept the connection..\n");
}
/* If it connects, read in and reply to the client */
else {
printf("Client connected successfully\n");
CYASSL* ssl;
if ( (ssl = CyaSSL_new(ctx)) == NULL) {
fprintf(stderr, "CyaSSL_new error.\n");
exit(EXIT_FAILURE);
}
/* direct our ssl to our clients connection */
CyaSSL_set_fd(ssl, connd);
printf("Using Non-Blocking I/O: %d\n", CyaSSL_get_using_nonblock(
ssl));
for ( ; ; ) {
char buff[256];
int ret = 0;
/* Clear the buffer memory for anything possibly left over */
memset(&buff, 0, sizeof(buff));
/* Read the client data into our buff array */
if ((ret = CyaSSL_read(ssl, buff, sizeof(buff)-1)) > 0) {
/* Print any data the client sends to the console */
printf("Client: %s\n", buff);
/* Reply back to the client */
if ((ret = CyaSSL_write(ssl, reply, sizeof(reply)-1))
< 0)
{
printf("CyaSSL_write error = %d\n", CyaSSL_get_error(ssl, ret));
}
}
/* if the client disconnects break the loop */
else {
if (ret < 0)
printf("CyaSSL_read error = %d\n", CyaSSL_get_error(ssl
,ret));
else if (ret == 0)
printf("The client has closed the connection.\n");
break;
}
}
CyaSSL_free(ssl); /* Free the CYASSL object */
}
close(connd); /* close the connected socket */
return 0;
}
int main (int argc, char** argv)
{
int sockfd = 0;
struct sockaddr_in servAddr;
const char* host = argv[1];
CYASSL* ssl = 0;
CYASSL_CTX* ctx = 0;
CYASSL* sslResume = 0;
CYASSL_SESSION* session = 0;
int resumeSession = 0;
char cert_array[] = "../cyassl/certs/ca-cert.pem";
char* certs = cert_array;
char* srTest = "testing session resume";
if (argc != 2) {
printf("usage: udpcli <IP address>\n");
return 1;
}
CyaSSL_Init();
/* CyaSSL_Debugging_ON();*/
if ( (ctx = CyaSSL_CTX_new(CyaDTLSv1_2_client_method())) == NULL) {
fprintf(stderr, "CyaSSL_CTX_new error.\n");
return(EXIT_FAILURE);
}
if (CyaSSL_CTX_load_verify_locations(ctx,certs, 0) != SSL_SUCCESS) {
fprintf(stderr, "Error loading %s, please check the file.\n", certs);
return(EXIT_FAILURE);
}
ssl = CyaSSL_new(ctx);
if (ssl == NULL) {
printf("unable to get ssl object");
return 1;
}
memset(&servAddr, 0, sizeof(servAddr));
servAddr.sin_family = AF_INET;
servAddr.sin_port = htons(SERV_PORT);
if (inet_pton(AF_INET, host, &servAddr.sin_addr) < 1) {
printf("Error and/or invalid IP address");
return 1;
}
CyaSSL_dtls_set_peer(ssl, &servAddr, sizeof(servAddr));
if ( (sockfd = socket(AF_INET, SOCK_DGRAM, 0)) < 0) {
printf("cannot create a socket.");
return 1;
}
CyaSSL_set_fd(ssl, sockfd);
CyaSSL_set_using_nonblock(ssl, 1);
fcntl(sockfd, F_SETFL, O_NONBLOCK);
NonBlockingDTLS_Connect(ssl);
DatagramClient(ssl);
while ( (CyaSSL_write(ssl, srTest, sizeof(srTest))) != sizeof(srTest)) {
printf("failed to write");
return 1;
}
session = CyaSSL_get_session(ssl);
sslResume = CyaSSL_new(ctx);
CyaSSL_shutdown(ssl);
CyaSSL_free(ssl);
close(sockfd);
memset(&servAddr, 0, sizeof(servAddr));
servAddr.sin_family = AF_INET;
servAddr.sin_port = htons(SERV_PORT);
if (inet_pton(AF_INET, host, &servAddr.sin_addr) < 1) {
printf("Error and/or invalid IP address");
return 1;
}
CyaSSL_dtls_set_peer(sslResume, &servAddr, sizeof(servAddr));
if ( (sockfd = socket(AF_INET, SOCK_DGRAM, 0)) < 0) {
printf("cannot create a socket.");
return 1;
}
CyaSSL_set_fd(sslResume, sockfd);
CyaSSL_set_session(sslResume, session);
CyaSSL_set_using_nonblock(sslResume, 1);
fcntl(sockfd, F_SETFL, O_NONBLOCK);
NonBlockingDTLS_Connect(sslResume);
if(CyaSSL_session_reused(sslResume))
printf("reused session id\n");
else
printf("didn't reuse session id!!!\n");
DatagramClient(sslResume);
while ((CyaSSL_write(sslResume, srTest, sizeof(srTest))) != sizeof(srTest))
{
printf("failed to write");
return 1;
}
sleep(1);
CyaSSL_shutdown(sslResume);
CyaSSL_free(sslResume);
close(sockfd);
CyaSSL_CTX_free(ctx);
CyaSSL_Cleanup();
return 0;
}
static void run_cyassl_client(void* args)
{
callback_functions* callbacks = ((func_args*)args)->callbacks;
CYASSL_CTX* ctx = CyaSSL_CTX_new(callbacks->method());
CYASSL* ssl = NULL;
SOCKET_T sfd = 0;
char msg[] = "hello cyassl server!";
int len = (int) XSTRLEN(msg);
char input[1024];
int idx;
#ifdef CYASSL_TIRTOS
fdOpenSession(Task_self());
#endif
((func_args*)args)->return_code = TEST_FAIL;
#ifdef OPENSSL_EXTRA
CyaSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
#endif
AssertIntEQ(SSL_SUCCESS, CyaSSL_CTX_load_verify_locations(ctx, caCert, 0));
AssertIntEQ(SSL_SUCCESS,
CyaSSL_CTX_use_certificate_file(ctx, cliCert, SSL_FILETYPE_PEM));
AssertIntEQ(SSL_SUCCESS,
CyaSSL_CTX_use_PrivateKey_file(ctx, cliKey, SSL_FILETYPE_PEM));
if (callbacks->ctx_ready)
callbacks->ctx_ready(ctx);
tcp_connect(&sfd, yasslIP, ((func_args*)args)->signal->port, 0);
ssl = CyaSSL_new(ctx);
CyaSSL_set_fd(ssl, sfd);
if (callbacks->ssl_ready)
callbacks->ssl_ready(ssl);
if (CyaSSL_connect(ssl) != SSL_SUCCESS) {
int err = CyaSSL_get_error(ssl, 0);
char buffer[CYASSL_MAX_ERROR_SZ];
printf("error = %d, %s\n", err, CyaSSL_ERR_error_string(err, buffer));
} else {
AssertIntEQ(len, CyaSSL_write(ssl, msg, len));
if (0 < (idx = CyaSSL_read(ssl, input, sizeof(input)-1))) {
input[idx] = 0;
printf("Server response: %s\n", input);
}
}
if (callbacks->on_result)
callbacks->on_result(ssl);
CyaSSL_free(ssl);
CyaSSL_CTX_free(ctx);
CloseSocket(sfd);
((func_args*)args)->return_code = TEST_SUCCESS;
#ifdef CYASSL_TIRTOS
fdCloseSession(Task_self());
#endif
}
static void test_client_nofail(void* args)
{
SOCKET_T sockfd = 0;
CYASSL_METHOD* method = 0;
CYASSL_CTX* ctx = 0;
CYASSL* ssl = 0;
char msg[64] = "hello cyassl!";
char reply[1024];
int input;
int msgSz = (int)strlen(msg);
#ifdef CYASSL_TIRTOS
fdOpenSession(Task_self());
#endif
((func_args*)args)->return_code = TEST_FAIL;
method = CyaSSLv23_client_method();
ctx = CyaSSL_CTX_new(method);
#ifdef OPENSSL_EXTRA
CyaSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
#endif
if (CyaSSL_CTX_load_verify_locations(ctx, caCert, 0) != SSL_SUCCESS)
{
/* err_sys("can't load ca file, Please run from CyaSSL home dir");*/
goto done2;
}
if (CyaSSL_CTX_use_certificate_file(ctx, cliCert, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
{
/*err_sys("can't load client cert file, "
"Please run from CyaSSL home dir");*/
goto done2;
}
if (CyaSSL_CTX_use_PrivateKey_file(ctx, cliKey, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
{
/*err_sys("can't load client key file, "
"Please run from CyaSSL home dir");*/
goto done2;
}
tcp_connect(&sockfd, yasslIP, ((func_args*)args)->signal->port, 0);
ssl = CyaSSL_new(ctx);
CyaSSL_set_fd(ssl, sockfd);
if (CyaSSL_connect(ssl) != SSL_SUCCESS)
{
int err = CyaSSL_get_error(ssl, 0);
char buffer[CYASSL_MAX_ERROR_SZ];
printf("err = %d, %s\n", err, CyaSSL_ERR_error_string(err, buffer));
/*printf("SSL_connect failed");*/
goto done2;
}
if (CyaSSL_write(ssl, msg, msgSz) != msgSz)
{
/*err_sys("SSL_write failed");*/
goto done2;
}
input = CyaSSL_read(ssl, reply, sizeof(reply)-1);
if (input > 0)
{
reply[input] = 0;
printf("Server response: %s\n", reply);
}
done2:
CyaSSL_free(ssl);
CyaSSL_CTX_free(ctx);
CloseSocket(sockfd);
((func_args*)args)->return_code = TEST_SUCCESS;
#ifdef CYASSL_TIRTOS
fdCloseSession(Task_self());
#endif
return;
}
static THREAD_RETURN CYASSL_THREAD test_server_nofail(void* args)
{
SOCKET_T sockfd = 0;
SOCKET_T clientfd = 0;
word16 port = yasslPort;
CYASSL_METHOD* method = 0;
CYASSL_CTX* ctx = 0;
CYASSL* ssl = 0;
char msg[] = "I hear you fa shizzle!";
char input[1024];
int idx;
#ifdef CYASSL_TIRTOS
fdOpenSession(Task_self());
#endif
((func_args*)args)->return_code = TEST_FAIL;
method = CyaSSLv23_server_method();
ctx = CyaSSL_CTX_new(method);
#if defined(NO_MAIN_DRIVER) && !defined(USE_WINDOWS_API) && \
!defined(CYASSL_SNIFFER) && !defined(CYASSL_MDK_SHELL) && \
!defined(CYASSL_TIRTOS)
port = 0;
#endif
CyaSSL_CTX_set_verify(ctx,
SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0);
#ifdef OPENSSL_EXTRA
CyaSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
#endif
if (CyaSSL_CTX_load_verify_locations(ctx, cliCert, 0) != SSL_SUCCESS)
{
/*err_sys("can't load ca file, Please run from CyaSSL home dir");*/
goto done;
}
if (CyaSSL_CTX_use_certificate_file(ctx, svrCert, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
{
/*err_sys("can't load server cert chain file, "
"Please run from CyaSSL home dir");*/
goto done;
}
if (CyaSSL_CTX_use_PrivateKey_file(ctx, svrKey, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
{
/*err_sys("can't load server key file, "
"Please run from CyaSSL home dir");*/
goto done;
}
ssl = CyaSSL_new(ctx);
tcp_accept(&sockfd, &clientfd, (func_args*)args, port, 0, 0);
CloseSocket(sockfd);
CyaSSL_set_fd(ssl, clientfd);
#ifdef NO_PSK
#if !defined(NO_FILESYSTEM) && !defined(NO_DH)
CyaSSL_SetTmpDH_file(ssl, dhParam, SSL_FILETYPE_PEM);
#elif !defined(NO_DH)
SetDH(ssl); /* will repick suites with DHE, higher priority than PSK */
#endif
#endif
if (CyaSSL_accept(ssl) != SSL_SUCCESS)
{
int err = CyaSSL_get_error(ssl, 0);
char buffer[CYASSL_MAX_ERROR_SZ];
printf("error = %d, %s\n", err, CyaSSL_ERR_error_string(err, buffer));
/*err_sys("SSL_accept failed");*/
goto done;
}
idx = CyaSSL_read(ssl, input, sizeof(input)-1);
if (idx > 0) {
input[idx] = 0;
printf("Client message: %s\n", input);
}
if (CyaSSL_write(ssl, msg, sizeof(msg)) != sizeof(msg))
{
/*err_sys("SSL_write failed");*/
#ifdef CYASSL_TIRTOS
return;
#else
return 0;
#endif
}
#ifdef CYASSL_TIRTOS
Task_yield();
#endif
done:
CyaSSL_shutdown(ssl);
CyaSSL_free(ssl);
CyaSSL_CTX_free(ctx);
CloseSocket(clientfd);
((func_args*)args)->return_code = TEST_SUCCESS;
#ifdef CYASSL_TIRTOS
fdCloseSession(Task_self());
#endif
#if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \
&& defined(HAVE_THREAD_LS)
ecc_fp_free(); /* free per thread cache */
#endif
#ifndef CYASSL_TIRTOS
return 0;
#endif
}
void client_test(void* args)
{
SOCKET_T sockfd = 0;
CYASSL_METHOD* method = 0;
CYASSL_CTX* ctx = 0;
CYASSL* ssl = 0;
#ifdef TEST_RESUME
CYASSL* sslResume = 0;
CYASSL_SESSION* session = 0;
char resumeMsg[] = "resuming cyassl!";
int resumeSz = sizeof(resumeMsg);
#endif
char msg[64] = "hello cyassl!";
char reply[1024];
int input;
int msgSz = strlen(msg);
int port = yasslPort;
char* host = (char*)yasslIP;
char* domain = "www.yassl.com";
int ch;
int version = CLIENT_DEFAULT_VERSION;
int usePsk = 0;
int sendGET = 0;
int benchmark = 0;
int doDTLS = 0;
int matchName = 0;
int doPeerCheck = 1;
char* cipherList = NULL;
char* verifyCert = (char*)caCert;
char* ourCert = (char*)cliCert;
char* ourKey = (char*)cliKey;
int argc = ((func_args*)args)->argc;
char** argv = ((func_args*)args)->argv;
((func_args*)args)->return_code = -1; /* error state */
while ((ch = mygetopt(argc, argv, "?gdusmh:p:v:l:A:c:k:b:")) != -1) {
switch (ch) {
case '?' :
Usage();
exit(EXIT_SUCCESS);
case 'g' :
sendGET = 1;
break;
case 'd' :
doPeerCheck = 0;
break;
case 'u' :
doDTLS = 1;
version = -1; /* DTLS flag */
break;
case 's' :
usePsk = 1;
break;
case 'm' :
matchName = 1;
break;
case 'h' :
host = myoptarg;
domain = myoptarg;
break;
case 'p' :
port = atoi(myoptarg);
break;
case 'v' :
version = atoi(myoptarg);
if (version < 0 || version > 3) {
Usage();
exit(MY_EX_USAGE);
}
if (doDTLS)
version = -1; /* DTLS flag */
break;
case 'l' :
cipherList = myoptarg;
break;
case 'A' :
verifyCert = myoptarg;
break;
case 'c' :
ourCert = myoptarg;
break;
case 'k' :
ourKey = myoptarg;
break;
case 'b' :
benchmark = atoi(myoptarg);
if (benchmark < 0 || benchmark > 1000000) {
Usage();
exit(MY_EX_USAGE);
}
break;
default:
Usage();
exit(MY_EX_USAGE);
}
}
argc -= myoptind;
argv += myoptind;
myoptind = 0; /* reset for test cases */
switch (version) {
case 0:
method = CyaSSLv3_client_method();
break;
case 1:
method = CyaTLSv1_client_method();
break;
case 2:
method = CyaTLSv1_1_client_method();
break;
case 3:
method = CyaTLSv1_2_client_method();
break;
#ifdef CYASSL_DTLS
case -1:
method = CyaDTLSv1_client_method();
break;
#endif
default:
err_sys("Bad SSL version");
}
if (method == NULL)
err_sys("unable to get method");
ctx = CyaSSL_CTX_new(method);
if (ctx == NULL)
err_sys("unable to get ctx");
if (cipherList)
if (CyaSSL_CTX_set_cipher_list(ctx, cipherList) != SSL_SUCCESS)
err_sys("can't set cipher list");
#ifndef NO_PSK
if (usePsk)
CyaSSL_CTX_set_psk_client_callback(ctx, my_psk_client_cb);
#endif
#ifdef OPENSSL_EXTRA
CyaSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
#endif
#if defined(CYASSL_SNIFFER) && !defined(HAVE_NTRU) && !defined(HAVE_ECC)
/* don't use EDH, can't sniff tmp keys */
if (cipherList == NULL)
if (CyaSSL_CTX_set_cipher_list(ctx, "AES256-SHA") != SSL_SUCCESS)
err_sys("can't set cipher list");
#endif
#ifdef USER_CA_CB
CyaSSL_CTX_SetCACb(ctx, CaCb);
#endif
#ifdef VERIFY_CALLBACK
CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myVerify);
#endif
if (CyaSSL_CTX_use_certificate_file(ctx, ourCert, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("can't load client cert file, check file and run from"
" CyaSSL home dir");
if (CyaSSL_CTX_use_PrivateKey_file(ctx, ourKey, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("can't load client cert file, check file and run from"
" CyaSSL home dir");
if (CyaSSL_CTX_load_verify_locations(ctx, verifyCert, 0) != SSL_SUCCESS)
err_sys("can't load ca file, Please run from CyaSSL home dir");
if (doPeerCheck == 0)
CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
if (benchmark) {
/* time passed in number of connects give average */
int times = benchmark;
int i = 0;
double start = current_time(), avg;
for (i = 0; i < times; i++) {
tcp_connect(&sockfd, host, port, doDTLS);
ssl = CyaSSL_new(ctx);
CyaSSL_set_fd(ssl, sockfd);
if (CyaSSL_connect(ssl) != SSL_SUCCESS)
err_sys("SSL_connect failed");
CyaSSL_shutdown(ssl);
CyaSSL_free(ssl);
CloseSocket(sockfd);
}
avg = current_time() - start;
avg /= times;
avg *= 1000; /* milliseconds */
printf("CyaSSL_connect avg took: %8.3f milliseconds\n", avg);
CyaSSL_CTX_free(ctx);
((func_args*)args)->return_code = 0;
exit(EXIT_SUCCESS);
}
tcp_connect(&sockfd, host, port, doDTLS);
ssl = CyaSSL_new(ctx);
if (ssl == NULL)
err_sys("unable to get SSL object");
CyaSSL_set_fd(ssl, sockfd);
#ifdef HAVE_CRL
if (CyaSSL_EnableCRL(ssl, CYASSL_CRL_CHECKALL) != SSL_SUCCESS)
err_sys("can't enable crl check");
if (CyaSSL_LoadCRL(ssl, crlPemDir, SSL_FILETYPE_PEM, 0) != SSL_SUCCESS)
err_sys("can't load crl, check crlfile and date validity");
if (CyaSSL_SetCRL_Cb(ssl, CRL_CallBack) != SSL_SUCCESS)
err_sys("can't set crl callback");
#endif
if (matchName && doPeerCheck)
CyaSSL_check_domain_name(ssl, domain);
#ifdef NON_BLOCKING
tcp_set_nonblocking(&sockfd);
NonBlockingSSL_Connect(ssl);
#else
#ifndef CYASSL_CALLBACKS
if (CyaSSL_connect(ssl) != SSL_SUCCESS) {/* see note at top of README */
int err = CyaSSL_get_error(ssl, 0);
char buffer[80];
printf("err = %d, %s\n", err, CyaSSL_ERR_error_string(err, buffer));
err_sys("SSL_connect failed");/* if you're getting an error here */
}
#else
timeout.tv_sec = 2;
timeout.tv_usec = 0;
NonBlockingSSL_Connect(ssl); /* will keep retrying on timeout */
#endif
#endif
showPeer(ssl);
if (sendGET) {
printf("SSL connect ok, sending GET...\n");
msgSz = 28;
strncpy(msg, "GET /index.html HTTP/1.0\r\n\r\n", msgSz);
}
if (CyaSSL_write(ssl, msg, msgSz) != msgSz)
err_sys("SSL_write failed");
input = CyaSSL_read(ssl, reply, sizeof(reply));
if (input > 0) {
reply[input] = 0;
printf("Server response: %s\n", reply);
if (sendGET) { /* get html */
while (1) {
input = CyaSSL_read(ssl, reply, sizeof(reply));
if (input > 0) {
reply[input] = 0;
printf("%s\n", reply);
}
else
break;
}
}
}
#ifdef TEST_RESUME
if (doDTLS) {
strncpy(msg, "break", 6);
msgSz = (int)strlen(msg);
/* try to send session close */
CyaSSL_write(ssl, msg, msgSz);
}
session = CyaSSL_get_session(ssl);
sslResume = CyaSSL_new(ctx);
#endif
if (doDTLS == 0) /* don't send alert after "break" command */
CyaSSL_shutdown(ssl); /* echoserver will interpret as new conn */
CyaSSL_free(ssl);
CloseSocket(sockfd);
#ifdef TEST_RESUME
if (doDTLS) {
#ifdef USE_WINDOWS_API
Sleep(500);
#else
sleep(1);
#endif
}
tcp_connect(&sockfd, host, port, doDTLS);
CyaSSL_set_fd(sslResume, sockfd);
CyaSSL_set_session(sslResume, session);
showPeer(sslResume);
#ifdef NON_BLOCKING
tcp_set_nonblocking(&sockfd);
NonBlockingSSL_Connect(sslResume);
#else
#ifndef CYASSL_CALLBACKS
if (CyaSSL_connect(sslResume) != SSL_SUCCESS)
err_sys("SSL resume failed");
#else
timeout.tv_sec = 2;
timeout.tv_usec = 0;
NonBlockingSSL_Connect(ssl); /* will keep retrying on timeout */
#endif
#endif
#ifdef OPENSSL_EXTRA
if (CyaSSL_session_reused(sslResume))
printf("reused session id\n");
else
printf("didn't reuse session id!!!\n");
#endif
if (CyaSSL_write(sslResume, resumeMsg, resumeSz) != resumeSz)
err_sys("SSL_write failed");
#ifdef NON_BLOCKING
/* need to give server a chance to bounce a message back to client */
#ifdef USE_WINDOWS_API
Sleep(500);
#else
sleep(1);
#endif
#endif
input = CyaSSL_read(sslResume, reply, sizeof(reply));
if (input > 0) {
reply[input] = 0;
printf("Server resume response: %s\n", reply);
}
/* try to send session break */
CyaSSL_write(sslResume, msg, msgSz);
CyaSSL_shutdown(sslResume);
CyaSSL_free(sslResume);
#endif /* TEST_RESUME */
CyaSSL_CTX_free(ctx);
CloseSocket(sockfd);
((func_args*)args)->return_code = 0;
}
static THREAD_RETURN CYASSL_THREAD run_cyassl_server(void* args)
{
callback_functions* callbacks = ((func_args*)args)->callbacks;
CYASSL_CTX* ctx = CyaSSL_CTX_new(callbacks->method());
CYASSL* ssl = NULL;
SOCKET_T sfd = 0;
SOCKET_T cfd = 0;
word16 port = yasslPort;
char msg[] = "I hear you fa shizzle!";
int len = (int) XSTRLEN(msg);
char input[1024];
int idx;
#ifdef CYASSL_TIRTOS
fdOpenSession(Task_self());
#endif
((func_args*)args)->return_code = TEST_FAIL;
#if defined(NO_MAIN_DRIVER) && !defined(USE_WINDOWS_API) && \
!defined(CYASSL_SNIFFER) && !defined(CYASSL_MDK_SHELL) && \
!defined(CYASSL_TIRTOS)
port = 0;
#endif
CyaSSL_CTX_set_verify(ctx,
SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0);
#ifdef OPENSSL_EXTRA
CyaSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
#endif
AssertIntEQ(SSL_SUCCESS, CyaSSL_CTX_load_verify_locations(ctx, cliCert, 0));
AssertIntEQ(SSL_SUCCESS,
CyaSSL_CTX_use_certificate_file(ctx, svrCert, SSL_FILETYPE_PEM));
AssertIntEQ(SSL_SUCCESS,
CyaSSL_CTX_use_PrivateKey_file(ctx, svrKey, SSL_FILETYPE_PEM));
if (callbacks->ctx_ready)
callbacks->ctx_ready(ctx);
ssl = CyaSSL_new(ctx);
tcp_accept(&sfd, &cfd, (func_args*)args, port, 0, 0);
CloseSocket(sfd);
CyaSSL_set_fd(ssl, cfd);
#ifdef NO_PSK
#if !defined(NO_FILESYSTEM) && !defined(NO_DH)
CyaSSL_SetTmpDH_file(ssl, dhParam, SSL_FILETYPE_PEM);
#elif !defined(NO_DH)
SetDH(ssl); /* will repick suites with DHE, higher priority than PSK */
#endif
#endif
if (callbacks->ssl_ready)
callbacks->ssl_ready(ssl);
/* AssertIntEQ(SSL_SUCCESS, CyaSSL_accept(ssl)); */
if (CyaSSL_accept(ssl) != SSL_SUCCESS) {
int err = CyaSSL_get_error(ssl, 0);
char buffer[CYASSL_MAX_ERROR_SZ];
printf("error = %d, %s\n", err, CyaSSL_ERR_error_string(err, buffer));
} else {
if (0 < (idx = CyaSSL_read(ssl, input, sizeof(input)-1))) {
input[idx] = 0;
printf("Client message: %s\n", input);
}
AssertIntEQ(len, CyaSSL_write(ssl, msg, len));
#ifdef CYASSL_TIRTOS
Task_yield();
#endif
CyaSSL_shutdown(ssl);
}
if (callbacks->on_result)
callbacks->on_result(ssl);
CyaSSL_free(ssl);
CyaSSL_CTX_free(ctx);
CloseSocket(cfd);
((func_args*)args)->return_code = TEST_SUCCESS;
#ifdef CYASSL_TIRTOS
fdCloseSession(Task_self());
#endif
#if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \
&& defined(HAVE_THREAD_LS)
ecc_fp_free(); /* free per thread cache */
#endif
#ifndef CYASSL_TIRTOS
return 0;
#endif
}
/* See the comments at the top of main.c. */
void vSecureTCPServerTask( void *pvParameters )
{
portBASE_TYPE xReturned;
long lBytes;
uint8_t cReceivedString[ 60 ];
struct sockaddr_in xClient;
int xClientAddressLength = sizeof( struct sockaddr_in );
SOCKET xListeningSocket, xConnectedSocket;
CYASSL* xCyaSSL_Object; /* Only one connection is accepted at a time, so only one object is needed at a time. */
/* Just to prevent compiler warnings. */
( void ) pvParameters;
/* Perform the initialisation necessary before CyaSSL can be used. */
prvInitialiseCyaSSL();
configASSERT( xCyaSSL_ServerContext );
/* Attempt to open the socket. */
xListeningSocket = prvOpenServerSocket();
/* Now the server socket has been created and the CyaSSL library has been
initialised, the task that implements the client side can be created. */
xTaskCreate( vSecureTCPClientTask, "Client", configMINIMAL_STACK_SIZE, NULL, sstSECURE_CLIENT_TASK_PRIORITY, NULL );
if( xListeningSocket != INVALID_SOCKET )
{
for( ;; )
{
/* Wait until the client connects. */
printf( "Waiting for new connection\r\n" );
xConnectedSocket = accept( xListeningSocket, ( struct sockaddr * ) &xClient, &xClientAddressLength );
if( xConnectedSocket != INVALID_SOCKET )
{
printf( "Connection established\r\n" );
/* A connection has been accepted by the server. Create a
CyaSSL object for use with the newly connected socket. */
xCyaSSL_Object = NULL;
xCyaSSL_Object = CyaSSL_new( xCyaSSL_ServerContext );
if( xCyaSSL_Object != NULL )
{
/* Associate the created CyaSSL object with the connected
socket. */
xReturned = CyaSSL_set_fd( xCyaSSL_Object, xConnectedSocket );
configASSERT( xReturned == SSL_SUCCESS );
do
{
/* The next line is the secure equivalent to the
standard sockets call:
lBytes = recv( xConnectedSocket, cReceivedString, 50, 0 ); */
lBytes = CyaSSL_read( xCyaSSL_Object, cReceivedString, sizeof( cReceivedString ) );
/* Print the received characters. */
if( lBytes > 0 )
{
printf( "Received by the secure server: %s\r\n", cReceivedString );
}
} while ( lBytes > 0 );
/* The connection was closed, close the socket and free the
CyaSSL object. */
closesocket( xConnectedSocket );
CyaSSL_free( xCyaSSL_Object );
printf( "Connection closed, back to start\r\n\r\n" );
}
}
}
}
else
{
/* The socket could not be opened. */
vTaskDelete( NULL );
}
}
static void test_CyaSSL_UseSNI(void)
{
#ifdef HAVE_SNI
callback_functions client_callbacks = {CyaSSLv23_client_method, 0, 0, 0};
callback_functions server_callbacks = {CyaSSLv23_server_method, 0, 0, 0};
CYASSL_CTX *ctx = CyaSSL_CTX_new(CyaSSLv23_client_method());
CYASSL *ssl = CyaSSL_new(ctx);
AssertNotNull(ctx);
AssertNotNull(ssl);
/* error cases */
AssertIntNE(SSL_SUCCESS,
CyaSSL_CTX_UseSNI(NULL, 0, (void *) "ctx", XSTRLEN("ctx")));
AssertIntNE(SSL_SUCCESS,
CyaSSL_UseSNI( NULL, 0, (void *) "ssl", XSTRLEN("ssl")));
AssertIntNE(SSL_SUCCESS,
CyaSSL_CTX_UseSNI(ctx, -1, (void *) "ctx", XSTRLEN("ctx")));
AssertIntNE(SSL_SUCCESS,
CyaSSL_UseSNI( ssl, -1, (void *) "ssl", XSTRLEN("ssl")));
AssertIntNE(SSL_SUCCESS,
CyaSSL_CTX_UseSNI(ctx, 0, (void *) NULL, XSTRLEN("ctx")));
AssertIntNE(SSL_SUCCESS,
CyaSSL_UseSNI( ssl, 0, (void *) NULL, XSTRLEN("ssl")));
/* success case */
AssertIntEQ(SSL_SUCCESS,
CyaSSL_CTX_UseSNI(ctx, 0, (void *) "ctx", XSTRLEN("ctx")));
AssertIntEQ(SSL_SUCCESS,
CyaSSL_UseSNI( ssl, 0, (void *) "ssl", XSTRLEN("ssl")));
CyaSSL_free(ssl);
CyaSSL_CTX_free(ctx);
/* Testing success case at ctx */
client_callbacks.ctx_ready = server_callbacks.ctx_ready = use_SNI_at_ctx;
server_callbacks.on_result = verify_SNI_real_matching;
test_CyaSSL_client_server(&client_callbacks, &server_callbacks);
/* Testing success case at ssl */
client_callbacks.ctx_ready = server_callbacks.ctx_ready = NULL;
client_callbacks.ssl_ready = server_callbacks.ssl_ready = use_SNI_at_ssl;
test_CyaSSL_client_server(&client_callbacks, &server_callbacks);
/* Testing default mismatch behaviour */
client_callbacks.ssl_ready = different_SNI_at_ssl;
client_callbacks.on_result = verify_SNI_abort_on_client;
server_callbacks.on_result = verify_SNI_abort_on_server;
test_CyaSSL_client_server(&client_callbacks, &server_callbacks);
client_callbacks.on_result = NULL;
/* Testing continue on mismatch */
client_callbacks.ssl_ready = different_SNI_at_ssl;
server_callbacks.ssl_ready = use_SNI_WITH_CONTINUE_at_ssl;
server_callbacks.on_result = verify_SNI_no_matching;
test_CyaSSL_client_server(&client_callbacks, &server_callbacks);
/* Testing fake answer on mismatch */
server_callbacks.ssl_ready = use_SNI_WITH_FAKE_ANSWER_at_ssl;
server_callbacks.on_result = verify_SNI_fake_matching;
test_CyaSSL_client_server(&client_callbacks, &server_callbacks);
test_CyaSSL_SNI_GetFromBuffer();
#endif
}
THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
{
SOCKET_T sockfd = 0;
CYASSL_METHOD* method = 0;
CYASSL_CTX* ctx = 0;
int doDTLS = 0;
int doPSK = 0;
int outCreated = 0;
int shutDown = 0;
int useAnyAddr = 0;
word16 port = yasslPort;
int argc = ((func_args*)args)->argc;
char** argv = ((func_args*)args)->argv;
#ifdef ECHO_OUT
FILE* fout = stdout;
if (argc >= 2) {
fout = fopen(argv[1], "w");
outCreated = 1;
}
if (!fout) err_sys("can't open output file");
#endif
(void)outCreated;
(void)argc;
(void)argv;
((func_args*)args)->return_code = -1; /* error state */
#ifdef CYASSL_DTLS
doDTLS = 1;
#endif
#ifdef CYASSL_LEANPSK
doPSK = 1;
#endif
#if defined(NO_RSA) && !defined(HAVE_ECC)
doPSK = 1;
#endif
#if defined(NO_MAIN_DRIVER) && !defined(USE_WINDOWS_API) && \
!defined(CYASSL_SNIFFER) && !defined(CYASSL_MDK_ARM)
port = 0;
#endif
#if defined(USE_ANY_ADDR)
useAnyAddr = 1;
#endif
tcp_listen(&sockfd, &port, useAnyAddr, doDTLS);
#if defined(CYASSL_DTLS)
method = CyaDTLSv1_server_method();
#elif !defined(NO_TLS)
method = CyaSSLv23_server_method();
#else
method = CyaSSLv3_server_method();
#endif
ctx = CyaSSL_CTX_new(method);
/* CyaSSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF); */
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
CyaSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
#endif
#ifndef NO_FILESYSTEM
if (doPSK == 0) {
#ifdef HAVE_NTRU
/* ntru */
if (CyaSSL_CTX_use_certificate_file(ctx, ntruCert, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("can't load ntru cert file, "
"Please run from CyaSSL home dir");
if (CyaSSL_CTX_use_NTRUPrivateKey_file(ctx, ntruKey)
!= SSL_SUCCESS)
err_sys("can't load ntru key file, "
"Please run from CyaSSL home dir");
#elif defined(HAVE_ECC)
/* ecc */
if (CyaSSL_CTX_use_certificate_file(ctx, eccCert, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("can't load server cert file, "
"Please run from CyaSSL home dir");
if (CyaSSL_CTX_use_PrivateKey_file(ctx, eccKey, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("can't load server key file, "
"Please run from CyaSSL home dir");
#elif defined(NO_CERTS)
/* do nothing, just don't load cert files */
#else
/* normal */
if (CyaSSL_CTX_use_certificate_file(ctx, svrCert, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("can't load server cert file, "
"Please run from CyaSSL home dir");
if (CyaSSL_CTX_use_PrivateKey_file(ctx, svrKey, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("can't load server key file, "
"Please run from CyaSSL home dir");
#endif
} /* doPSK */
#elif !defined(NO_CERTS)
if (!doPSK) {
load_buffer(ctx, svrCert, CYASSL_CERT);
load_buffer(ctx, svrKey, CYASSL_KEY);
}
#endif
#if defined(CYASSL_SNIFFER) && !defined(HAVE_NTRU) && !defined(HAVE_ECC)
/* don't use EDH, can't sniff tmp keys */
CyaSSL_CTX_set_cipher_list(ctx, "AES256-SHA");
#endif
if (doPSK) {
#ifndef NO_PSK
const char *defaultCipherList;
CyaSSL_CTX_set_psk_server_callback(ctx, my_psk_server_cb);
CyaSSL_CTX_use_psk_identity_hint(ctx, "cyassl server");
#ifdef HAVE_NULL_CIPHER
defaultCipherList = "PSK-NULL-SHA256";
#else
defaultCipherList = "PSK-AES128-CBC-SHA256";
#endif
if (CyaSSL_CTX_set_cipher_list(ctx, defaultCipherList) != SSL_SUCCESS)
err_sys("server can't set cipher list 2");
#endif
}
SignalReady(args, port);
while (!shutDown) {
CYASSL* ssl = 0;
char command[SVR_COMMAND_SIZE+1];
int echoSz = 0;
int clientfd;
int firstRead = 1;
int gotFirstG = 0;
#ifndef CYASSL_DTLS
SOCKADDR_IN_T client;
socklen_t client_len = sizeof(client);
clientfd = accept(sockfd, (struct sockaddr*)&client,
(ACCEPT_THIRD_T)&client_len);
#else
clientfd = udp_read_connect(sockfd);
#endif
if (clientfd == -1) err_sys("tcp accept failed");
ssl = CyaSSL_new(ctx);
if (ssl == NULL) err_sys("SSL_new failed");
CyaSSL_set_fd(ssl, clientfd);
#if !defined(NO_FILESYSTEM) && !defined(NO_DH)
CyaSSL_SetTmpDH_file(ssl, dhParam, SSL_FILETYPE_PEM);
#elif !defined(NO_DH)
SetDH(ssl); /* will repick suites with DHE, higher than PSK */
#endif
if (CyaSSL_accept(ssl) != SSL_SUCCESS) {
printf("SSL_accept failed\n");
CyaSSL_free(ssl);
CloseSocket(clientfd);
continue;
}
#if defined(PEER_INFO)
showPeer(ssl);
#endif
while ( (echoSz = CyaSSL_read(ssl, command, sizeof(command)-1)) > 0) {
if (firstRead == 1) {
firstRead = 0; /* browser may send 1 byte 'G' to start */
if (echoSz == 1 && command[0] == 'G') {
gotFirstG = 1;
continue;
}
}
else if (gotFirstG == 1 && strncmp(command, "ET /", 4) == 0) {
strncpy(command, "GET", 4);
/* fall through to normal GET */
}
if ( strncmp(command, "quit", 4) == 0) {
printf("client sent quit command: shutting down!\n");
shutDown = 1;
break;
}
if ( strncmp(command, "break", 5) == 0) {
printf("client sent break command: closing session!\n");
break;
}
#ifdef SESSION_STATS
if ( strncmp(command, "printstats", 10) == 0) {
PrintSessionStats();
break;
}
#endif
if ( strncmp(command, "GET", 3) == 0) {
char type[] = "HTTP/1.0 200 ok\r\nContent-type:"
" text/html\r\n\r\n";
char header[] = "<html><body BGCOLOR=\"#ffffff\">\n<pre>\n";
char body[] = "greetings from CyaSSL\n";
char footer[] = "</body></html>\r\n\r\n";
strncpy(command, type, sizeof(type));
echoSz = sizeof(type) - 1;
strncpy(&command[echoSz], header, sizeof(header));
echoSz += (int)sizeof(header) - 1;
strncpy(&command[echoSz], body, sizeof(body));
echoSz += (int)sizeof(body) - 1;
strncpy(&command[echoSz], footer, sizeof(footer));
echoSz += (int)sizeof(footer);
if (CyaSSL_write(ssl, command, echoSz) != echoSz)
err_sys("SSL_write failed");
break;
}
command[echoSz] = 0;
#ifdef ECHO_OUT
fputs(command, fout);
#endif
if (CyaSSL_write(ssl, command, echoSz) != echoSz)
err_sys("SSL_write failed");
}
#ifndef CYASSL_DTLS
CyaSSL_shutdown(ssl);
#endif
CyaSSL_free(ssl);
CloseSocket(clientfd);
#ifdef CYASSL_DTLS
tcp_listen(&sockfd, &port, useAnyAddr, doDTLS);
SignalReady(args, port);
#endif
}
CloseSocket(sockfd);
CyaSSL_CTX_free(ctx);
#ifdef ECHO_OUT
if (outCreated)
fclose(fout);
#endif
((func_args*)args)->return_code = 0;
return 0;
}
THREAD_RETURN CYASSL_THREAD client_test(void* args)
{
SOCKET_T sockfd = 0;
CYASSL_METHOD* method = 0;
CYASSL_CTX* ctx = 0;
CYASSL* ssl = 0;
CYASSL* sslResume = 0;
CYASSL_SESSION* session = 0;
char resumeMsg[] = "resuming cyassl!";
int resumeSz = sizeof(resumeMsg);
char msg[32] = "hello cyassl!"; /* GET may make bigger */
char reply[80];
int input;
int msgSz = (int)strlen(msg);
int port = yasslPort;
char* host = (char*)yasslIP;
char* domain = (char*)"www.yassl.com";
int ch;
int version = CLIENT_INVALID_VERSION;
int usePsk = 0;
int sendGET = 0;
int benchmark = 0;
int doDTLS = 0;
int matchName = 0;
int doPeerCheck = 1;
int nonBlocking = 0;
int resumeSession = 0;
int trackMemory = 0;
int useClientCert = 1;
int fewerPackets = 0;
int atomicUser = 0;
int pkCallbacks = 0;
char* cipherList = NULL;
char* verifyCert = (char*)caCert;
char* ourCert = (char*)cliCert;
char* ourKey = (char*)cliKey;
#ifdef HAVE_SNI
char* sniHostName = NULL;
#endif
#ifdef HAVE_MAX_FRAGMENT
byte maxFragment = 0;
#endif
#ifdef HAVE_TRUNCATED_HMAC
byte truncatedHMAC = 0;
#endif
#ifdef HAVE_OCSP
int useOcsp = 0;
char* ocspUrl = NULL;
#endif
int argc = ((func_args*)args)->argc;
char** argv = ((func_args*)args)->argv;
((func_args*)args)->return_code = -1; /* error state */
#ifdef NO_RSA
verifyCert = (char*)eccCert;
ourCert = (char*)cliEccCert;
ourKey = (char*)cliEccKey;
#endif
(void)resumeSz;
(void)session;
(void)sslResume;
(void)trackMemory;
(void)atomicUser;
(void)pkCallbacks;
StackTrap();
while ((ch = mygetopt(argc, argv,
"?gdusmNrtfxUPh:p:v:l:A:c:k:b:zS:L:ToO:")) != -1) {
switch (ch) {
case '?' :
Usage();
exit(EXIT_SUCCESS);
case 'g' :
sendGET = 1;
break;
case 'd' :
doPeerCheck = 0;
break;
case 'u' :
doDTLS = 1;
break;
case 's' :
usePsk = 1;
break;
case 't' :
#ifdef USE_CYASSL_MEMORY
trackMemory = 1;
#endif
break;
case 'm' :
matchName = 1;
break;
case 'x' :
useClientCert = 0;
break;
case 'f' :
fewerPackets = 1;
break;
case 'U' :
#ifdef ATOMIC_USER
atomicUser = 1;
#endif
break;
case 'P' :
#ifdef HAVE_PK_CALLBACKS
pkCallbacks = 1;
#endif
break;
case 'h' :
host = myoptarg;
domain = myoptarg;
break;
case 'p' :
port = atoi(myoptarg);
#if !defined(NO_MAIN_DRIVER) || defined(USE_WINDOWS_API)
if (port == 0)
err_sys("port number cannot be 0");
#endif
break;
case 'v' :
version = atoi(myoptarg);
if (version < 0 || version > 3) {
Usage();
exit(MY_EX_USAGE);
}
break;
case 'l' :
cipherList = myoptarg;
break;
case 'A' :
verifyCert = myoptarg;
break;
case 'c' :
ourCert = myoptarg;
break;
case 'k' :
ourKey = myoptarg;
break;
case 'b' :
benchmark = atoi(myoptarg);
if (benchmark < 0 || benchmark > 1000000) {
Usage();
exit(MY_EX_USAGE);
}
break;
case 'N' :
nonBlocking = 1;
break;
case 'r' :
resumeSession = 1;
break;
case 'z' :
#ifndef CYASSL_LEANPSK
CyaSSL_GetObjectSize();
#endif
break;
case 'S' :
#ifdef HAVE_SNI
sniHostName = myoptarg;
#endif
break;
case 'L' :
#ifdef HAVE_MAX_FRAGMENT
maxFragment = atoi(myoptarg);
if (maxFragment < CYASSL_MFL_2_9 ||
maxFragment > CYASSL_MFL_2_13) {
Usage();
exit(MY_EX_USAGE);
}
#endif
break;
case 'T' :
#ifdef HAVE_TRUNCATED_HMAC
truncatedHMAC = 1;
#endif
break;
case 'o' :
#ifdef HAVE_OCSP
useOcsp = 1;
#endif
break;
case 'O' :
#ifdef HAVE_OCSP
useOcsp = 1;
ocspUrl = myoptarg;
#endif
break;
default:
Usage();
exit(MY_EX_USAGE);
}
}
myoptind = 0; /* reset for test cases */
/* sort out DTLS versus TLS versions */
if (version == CLIENT_INVALID_VERSION) {
if (doDTLS)
version = CLIENT_DTLS_DEFAULT_VERSION;
else
version = CLIENT_DEFAULT_VERSION;
}
else {
if (doDTLS) {
if (version == 3)
version = -2;
else
version = -1;
}
}
#ifdef USE_CYASSL_MEMORY
if (trackMemory)
InitMemoryTracker();
#endif
switch (version) {
#ifndef NO_OLD_TLS
case 0:
method = CyaSSLv3_client_method();
break;
#ifndef NO_TLS
case 1:
method = CyaTLSv1_client_method();
break;
case 2:
method = CyaTLSv1_1_client_method();
break;
#endif /* NO_TLS */
#endif /* NO_OLD_TLS */
#ifndef NO_TLS
case 3:
method = CyaTLSv1_2_client_method();
break;
#endif
#ifdef CYASSL_DTLS
case -1:
method = CyaDTLSv1_client_method();
break;
case -2:
method = CyaDTLSv1_2_client_method();
break;
#endif
default:
err_sys("Bad SSL version");
break;
}
if (method == NULL)
err_sys("unable to get method");
ctx = CyaSSL_CTX_new(method);
if (ctx == NULL)
err_sys("unable to get ctx");
if (cipherList)
if (CyaSSL_CTX_set_cipher_list(ctx, cipherList) != SSL_SUCCESS)
err_sys("client can't set cipher list 1");
#ifdef CYASSL_LEANPSK
usePsk = 1;
#endif
#if defined(NO_RSA) && !defined(HAVE_ECC)
usePsk = 1;
#endif
if (fewerPackets)
CyaSSL_CTX_set_group_messages(ctx);
if (usePsk) {
#ifndef NO_PSK
CyaSSL_CTX_set_psk_client_callback(ctx, my_psk_client_cb);
if (cipherList == NULL) {
const char *defaultCipherList;
#ifdef HAVE_NULL_CIPHER
defaultCipherList = "PSK-NULL-SHA256";
#else
defaultCipherList = "PSK-AES128-CBC-SHA256";
#endif
if (CyaSSL_CTX_set_cipher_list(ctx,defaultCipherList) !=SSL_SUCCESS)
err_sys("client can't set cipher list 2");
}
#endif
useClientCert = 0;
}
#ifdef OPENSSL_EXTRA
CyaSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
#endif
#if defined(CYASSL_SNIFFER) && !defined(HAVE_NTRU) && !defined(HAVE_ECC)
if (cipherList == NULL) {
/* don't use EDH, can't sniff tmp keys */
if (CyaSSL_CTX_set_cipher_list(ctx, "AES256-SHA256") != SSL_SUCCESS) {
err_sys("client can't set cipher list 3");
}
}
#endif
#ifdef HAVE_OCSP
if (useOcsp) {
if (ocspUrl != NULL) {
CyaSSL_CTX_SetOCSP_OverrideURL(ctx, ocspUrl);
CyaSSL_CTX_EnableOCSP(ctx, CYASSL_OCSP_NO_NONCE
| CYASSL_OCSP_URL_OVERRIDE);
}
else
CyaSSL_CTX_EnableOCSP(ctx, CYASSL_OCSP_NO_NONCE);
}
#endif
#ifdef USER_CA_CB
CyaSSL_CTX_SetCACb(ctx, CaCb);
#endif
#ifdef VERIFY_CALLBACK
CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myVerify);
#endif
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
if (useClientCert){
if (CyaSSL_CTX_use_certificate_chain_file(ctx, ourCert) != SSL_SUCCESS)
err_sys("can't load client cert file, check file and run from"
" CyaSSL home dir");
if (CyaSSL_CTX_use_PrivateKey_file(ctx, ourKey, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("can't load client private key file, check file and run "
"from CyaSSL home dir");
}
if (!usePsk) {
if (CyaSSL_CTX_load_verify_locations(ctx, verifyCert, 0) != SSL_SUCCESS)
err_sys("can't load ca file, Please run from CyaSSL home dir");
}
#endif
#if !defined(NO_CERTS)
if (!usePsk && doPeerCheck == 0)
CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
#endif
#ifdef HAVE_CAVIUM
CyaSSL_CTX_UseCavium(ctx, CAVIUM_DEV_ID);
#endif
#ifdef HAVE_SNI
if (sniHostName)
if (CyaSSL_CTX_UseSNI(ctx, 0, sniHostName, XSTRLEN(sniHostName))
!= SSL_SUCCESS)
err_sys("UseSNI failed");
#endif
#ifdef HAVE_MAX_FRAGMENT
if (maxFragment)
if (CyaSSL_CTX_UseMaxFragment(ctx, maxFragment) != SSL_SUCCESS)
err_sys("UseMaxFragment failed");
#endif
#ifdef HAVE_TRUNCATED_HMAC
if (truncatedHMAC)
if (CyaSSL_CTX_UseTruncatedHMAC(ctx) != SSL_SUCCESS)
err_sys("UseTruncatedHMAC failed");
#endif
if (benchmark) {
/* time passed in number of connects give average */
int times = benchmark;
int i = 0;
double start = current_time(), avg;
for (i = 0; i < times; i++) {
tcp_connect(&sockfd, host, port, doDTLS);
ssl = CyaSSL_new(ctx);
CyaSSL_set_fd(ssl, sockfd);
if (CyaSSL_connect(ssl) != SSL_SUCCESS)
err_sys("SSL_connect failed");
CyaSSL_shutdown(ssl);
CyaSSL_free(ssl);
CloseSocket(sockfd);
}
avg = current_time() - start;
avg /= times;
avg *= 1000; /* milliseconds */
printf("CyaSSL_connect avg took: %8.3f milliseconds\n", avg);
CyaSSL_CTX_free(ctx);
((func_args*)args)->return_code = 0;
exit(EXIT_SUCCESS);
}
#if defined(CYASSL_MDK_ARM)
CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
#endif
ssl = CyaSSL_new(ctx);
if (ssl == NULL)
err_sys("unable to get SSL object");
if (doDTLS) {
SOCKADDR_IN_T addr;
build_addr(&addr, host, port, 1);
CyaSSL_dtls_set_peer(ssl, &addr, sizeof(addr));
tcp_socket(&sockfd, 1);
}
else {
tcp_connect(&sockfd, host, port, 0);
}
CyaSSL_set_fd(ssl, sockfd);
#ifdef HAVE_CRL
if (CyaSSL_EnableCRL(ssl, CYASSL_CRL_CHECKALL) != SSL_SUCCESS)
err_sys("can't enable crl check");
if (CyaSSL_LoadCRL(ssl, crlPemDir, SSL_FILETYPE_PEM, 0) != SSL_SUCCESS)
err_sys("can't load crl, check crlfile and date validity");
if (CyaSSL_SetCRL_Cb(ssl, CRL_CallBack) != SSL_SUCCESS)
err_sys("can't set crl callback");
#endif
#ifdef ATOMIC_USER
if (atomicUser)
SetupAtomicUser(ctx, ssl);
#endif
#ifdef HAVE_PK_CALLBACKS
if (pkCallbacks)
SetupPkCallbacks(ctx, ssl);
#endif
if (matchName && doPeerCheck)
CyaSSL_check_domain_name(ssl, domain);
#ifndef CYASSL_CALLBACKS
if (nonBlocking) {
CyaSSL_set_using_nonblock(ssl, 1);
tcp_set_nonblocking(&sockfd);
NonBlockingSSL_Connect(ssl);
}
else if (CyaSSL_connect(ssl) != SSL_SUCCESS) {
/* see note at top of README */
int err = CyaSSL_get_error(ssl, 0);
char buffer[CYASSL_MAX_ERROR_SZ];
printf("err = %d, %s\n", err,
CyaSSL_ERR_error_string(err, buffer));
err_sys("SSL_connect failed");
/* if you're getting an error here */
}
#else
timeout.tv_sec = 2;
timeout.tv_usec = 0;
NonBlockingSSL_Connect(ssl); /* will keep retrying on timeout */
#endif
showPeer(ssl);
if (sendGET) {
printf("SSL connect ok, sending GET...\n");
msgSz = 28;
strncpy(msg, "GET /index.html HTTP/1.0\r\n\r\n", msgSz);
msg[msgSz] = '\0';
}
if (CyaSSL_write(ssl, msg, msgSz) != msgSz)
err_sys("SSL_write failed");
input = CyaSSL_read(ssl, reply, sizeof(reply)-1);
if (input > 0) {
reply[input] = 0;
printf("Server response: %s\n", reply);
if (sendGET) { /* get html */
while (1) {
input = CyaSSL_read(ssl, reply, sizeof(reply)-1);
if (input > 0) {
reply[input] = 0;
printf("%s\n", reply);
}
else
break;
}
}
}
else if (input < 0) {
int readErr = CyaSSL_get_error(ssl, 0);
if (readErr != SSL_ERROR_WANT_READ)
err_sys("CyaSSL_read failed");
}
#ifndef NO_SESSION_CACHE
if (resumeSession) {
if (doDTLS) {
strncpy(msg, "break", 6);
msgSz = (int)strlen(msg);
/* try to send session close */
CyaSSL_write(ssl, msg, msgSz);
}
session = CyaSSL_get_session(ssl);
sslResume = CyaSSL_new(ctx);
}
#endif
if (doDTLS == 0) /* don't send alert after "break" command */
CyaSSL_shutdown(ssl); /* echoserver will interpret as new conn */
#ifdef ATOMIC_USER
if (atomicUser)
FreeAtomicUser(ssl);
#endif
CyaSSL_free(ssl);
CloseSocket(sockfd);
#ifndef NO_SESSION_CACHE
if (resumeSession) {
if (doDTLS) {
SOCKADDR_IN_T addr;
#ifdef USE_WINDOWS_API
Sleep(500);
#else
sleep(1);
#endif
build_addr(&addr, host, port, 1);
CyaSSL_dtls_set_peer(sslResume, &addr, sizeof(addr));
tcp_socket(&sockfd, 1);
}
else {
tcp_connect(&sockfd, host, port, 0);
}
CyaSSL_set_fd(sslResume, sockfd);
CyaSSL_set_session(sslResume, session);
showPeer(sslResume);
#ifndef CYASSL_CALLBACKS
if (nonBlocking) {
CyaSSL_set_using_nonblock(sslResume, 1);
tcp_set_nonblocking(&sockfd);
NonBlockingSSL_Connect(sslResume);
}
else if (CyaSSL_connect(sslResume) != SSL_SUCCESS)
err_sys("SSL resume failed");
#else
timeout.tv_sec = 2;
timeout.tv_usec = 0;
NonBlockingSSL_Connect(ssl); /* will keep retrying on timeout */
#endif
if (CyaSSL_session_reused(sslResume))
printf("reused session id\n");
else
printf("didn't reuse session id!!!\n");
if (CyaSSL_write(sslResume, resumeMsg, resumeSz) != resumeSz)
err_sys("SSL_write failed");
if (nonBlocking) {
/* give server a chance to bounce a message back to client */
#ifdef USE_WINDOWS_API
Sleep(500);
#else
sleep(1);
#endif
}
input = CyaSSL_read(sslResume, reply, sizeof(reply)-1);
if (input > 0) {
reply[input] = 0;
printf("Server resume response: %s\n", reply);
}
/* try to send session break */
CyaSSL_write(sslResume, msg, msgSz);
CyaSSL_shutdown(sslResume);
CyaSSL_free(sslResume);
CloseSocket(sockfd);
}
#endif /* NO_SESSION_CACHE */
CyaSSL_CTX_free(ctx);
((func_args*)args)->return_code = 0;
#ifdef USE_CYASSL_MEMORY
if (trackMemory)
ShowMemoryTracker();
#endif /* USE_CYASSL_MEMORY */
return 0;
}
THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
{
SOCKET_T sockfd = 0;
CYASSL_METHOD* method = 0;
CYASSL_CTX* ctx = 0;
int ret = 0;
int doDTLS = 0;
int doPSK = 0;
int outCreated = 0;
int shutDown = 0;
int useAnyAddr = 0;
word16 port;
int argc = ((func_args*)args)->argc;
char** argv = ((func_args*)args)->argv;
#ifdef ECHO_OUT
FILE* fout = stdout;
if (argc >= 2) {
fout = fopen(argv[1], "w");
outCreated = 1;
}
if (!fout) err_sys("can't open output file");
#endif
(void)outCreated;
(void)argc;
(void)argv;
((func_args*)args)->return_code = -1; /* error state */
#ifdef CYASSL_DTLS
doDTLS = 1;
#endif
#ifdef CYASSL_LEANPSK
doPSK = 1;
#endif
#if defined(NO_RSA) && !defined(HAVE_ECC)
doPSK = 1;
#endif
#if defined(NO_MAIN_DRIVER) && !defined(CYASSL_SNIFFER) && \
!defined(WOLFSSL_MDK_SHELL) && !defined(CYASSL_TIRTOS) && \
!defined(USE_WINDOWS_API)
/* Let tcp_listen assign port */
port = 0;
#else
/* Use default port */
port = wolfSSLPort;
#endif
#if defined(USE_ANY_ADDR)
useAnyAddr = 1;
#endif
#ifdef CYASSL_TIRTOS
fdOpenSession(Task_self());
#endif
tcp_listen(&sockfd, &port, useAnyAddr, doDTLS, 0);
#if defined(CYASSL_DTLS)
method = CyaDTLSv1_2_server_method();
#elif !defined(NO_TLS)
method = CyaSSLv23_server_method();
#elif defined(WOLFSSL_ALLOW_SSLV3)
method = CyaSSLv3_server_method();
#else
#error "no valid server method built in"
#endif
ctx = CyaSSL_CTX_new(method);
/* CyaSSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF); */
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
CyaSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
#endif
#if defined(HAVE_SESSION_TICKET) && defined(HAVE_CHACHA) && \
defined(HAVE_POLY1305)
if (TicketInit() != 0)
err_sys("unable to setup Session Ticket Key context");
wolfSSL_CTX_set_TicketEncCb(ctx, myTicketEncCb);
#endif
#ifndef NO_FILESYSTEM
if (doPSK == 0) {
#if defined(HAVE_NTRU) && defined(WOLFSSL_STATIC_RSA)
/* ntru */
if (CyaSSL_CTX_use_certificate_file(ctx, ntruCertFile, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("can't load ntru cert file, "
"Please run from wolfSSL home dir");
if (CyaSSL_CTX_use_NTRUPrivateKey_file(ctx, ntruKeyFile)
!= SSL_SUCCESS)
err_sys("can't load ntru key file, "
"Please run from wolfSSL home dir");
#elif defined(HAVE_ECC) && !defined(CYASSL_SNIFFER)
/* ecc */
if (CyaSSL_CTX_use_certificate_file(ctx, eccCertFile, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("can't load server cert file, "
"Please run from wolfSSL home dir");
if (CyaSSL_CTX_use_PrivateKey_file(ctx, eccKeyFile, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("can't load server key file, "
"Please run from wolfSSL home dir");
#elif defined(NO_CERTS)
/* do nothing, just don't load cert files */
#else
/* normal */
if (CyaSSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("can't load server cert file, "
"Please run from wolfSSL home dir");
if (CyaSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("can't load server key file, "
"Please run from wolfSSL home dir");
#endif
} /* doPSK */
#elif !defined(NO_CERTS)
if (!doPSK) {
load_buffer(ctx, svrCertFile, WOLFSSL_CERT);
load_buffer(ctx, svrKeyFile, WOLFSSL_KEY);
}
#endif
#if defined(CYASSL_SNIFFER)
/* don't use EDH, can't sniff tmp keys */
CyaSSL_CTX_set_cipher_list(ctx, "AES256-SHA");
#endif
if (doPSK) {
#ifndef NO_PSK
const char *defaultCipherList;
CyaSSL_CTX_set_psk_server_callback(ctx, my_psk_server_cb);
CyaSSL_CTX_use_psk_identity_hint(ctx, "cyassl server");
#ifdef HAVE_NULL_CIPHER
defaultCipherList = "PSK-NULL-SHA256";
#elif defined(HAVE_AESGCM) && !defined(NO_DH)
defaultCipherList = "DHE-PSK-AES128-GCM-SHA256";
#else
defaultCipherList = "PSK-AES128-CBC-SHA256";
#endif
if (CyaSSL_CTX_set_cipher_list(ctx, defaultCipherList) != SSL_SUCCESS)
err_sys("server can't set cipher list 2");
#endif
}
#ifdef WOLFSSL_ASYNC_CRYPT
ret = wolfAsync_DevOpen(&devId);
if (ret != 0) {
err_sys("Async device open failed");
}
wolfSSL_CTX_UseAsync(ctx, devId);
#endif /* WOLFSSL_ASYNC_CRYPT */
SignalReady(args, port);
while (!shutDown) {
CYASSL* ssl = NULL;
CYASSL* write_ssl = NULL; /* may have separate w/ HAVE_WRITE_DUP */
char command[SVR_COMMAND_SIZE+1];
int echoSz = 0;
int clientfd;
int firstRead = 1;
int gotFirstG = 0;
int err = 0;
SOCKADDR_IN_T client;
socklen_t client_len = sizeof(client);
#ifndef CYASSL_DTLS
clientfd = accept(sockfd, (struct sockaddr*)&client,
(ACCEPT_THIRD_T)&client_len);
#else
clientfd = sockfd;
{
/* For DTLS, peek at the next datagram so we can get the client's
* address and set it into the ssl object later to generate the
* cookie. */
int n;
byte b[1500];
n = (int)recvfrom(clientfd, (char*)b, sizeof(b), MSG_PEEK,
(struct sockaddr*)&client, &client_len);
if (n <= 0)
err_sys("recvfrom failed");
}
#endif
if (WOLFSSL_SOCKET_IS_INVALID(clientfd)) err_sys("tcp accept failed");
ssl = CyaSSL_new(ctx);
if (ssl == NULL) err_sys("SSL_new failed");
CyaSSL_set_fd(ssl, clientfd);
#ifdef CYASSL_DTLS
wolfSSL_dtls_set_peer(ssl, &client, client_len);
#endif
#if !defined(NO_FILESYSTEM) && !defined(NO_DH) && !defined(NO_ASN)
CyaSSL_SetTmpDH_file(ssl, dhParamFile, SSL_FILETYPE_PEM);
#elif !defined(NO_DH)
SetDH(ssl); /* will repick suites with DHE, higher than PSK */
#endif
do {
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) { break; } else if (ret == 0) { continue; }
}
#endif
err = 0; /* Reset error */
ret = CyaSSL_accept(ssl);
if (ret != SSL_SUCCESS) {
err = CyaSSL_get_error(ssl, 0);
}
} while (ret != SSL_SUCCESS && err == WC_PENDING_E);
if (ret != SSL_SUCCESS) {
char buffer[CYASSL_MAX_ERROR_SZ];
err = CyaSSL_get_error(ssl, 0);
printf("error = %d, %s\n", err, CyaSSL_ERR_error_string(err, buffer));
printf("SSL_accept failed\n");
CyaSSL_free(ssl);
CloseSocket(clientfd);
continue;
}
#if defined(PEER_INFO)
showPeer(ssl);
#endif
#ifdef HAVE_WRITE_DUP
write_ssl = wolfSSL_write_dup(ssl);
if (write_ssl == NULL) {
printf("wolfSSL_write_dup failed\n");
CyaSSL_free(ssl);
CloseSocket(clientfd);
continue;
}
#else
write_ssl = ssl;
#endif
while ( (echoSz = CyaSSL_read(ssl, command, sizeof(command)-1)) > 0) {
if (firstRead == 1) {
firstRead = 0; /* browser may send 1 byte 'G' to start */
if (echoSz == 1 && command[0] == 'G') {
gotFirstG = 1;
continue;
}
}
else if (gotFirstG == 1 && strncmp(command, "ET /", 4) == 0) {
strncpy(command, "GET", 4);
/* fall through to normal GET */
}
if ( strncmp(command, "quit", 4) == 0) {
printf("client sent quit command: shutting down!\n");
shutDown = 1;
break;
}
if ( strncmp(command, "break", 5) == 0) {
printf("client sent break command: closing session!\n");
break;
}
#ifdef PRINT_SESSION_STATS
if ( strncmp(command, "printstats", 10) == 0) {
CyaSSL_PrintSessionStats();
break;
}
#endif
if ( strncmp(command, "GET", 3) == 0) {
char type[] = "HTTP/1.0 200 ok\r\nContent-type:"
" text/html\r\n\r\n";
char header[] = "<html><body BGCOLOR=\"#ffffff\">\n<pre>\n";
char body[] = "greetings from wolfSSL\n";
char footer[] = "</body></html>\r\n\r\n";
strncpy(command, type, sizeof(type));
echoSz = sizeof(type) - 1;
strncpy(&command[echoSz], header, sizeof(header));
echoSz += (int)sizeof(header) - 1;
strncpy(&command[echoSz], body, sizeof(body));
echoSz += (int)sizeof(body) - 1;
strncpy(&command[echoSz], footer, sizeof(footer));
echoSz += (int)sizeof(footer);
if (CyaSSL_write(write_ssl, command, echoSz) != echoSz)
err_sys("SSL_write failed");
break;
}
command[echoSz] = 0;
#ifdef ECHO_OUT
fputs(command, fout);
#endif
if (CyaSSL_write(write_ssl, command, echoSz) != echoSz)
err_sys("SSL_write failed");
}
#ifndef CYASSL_DTLS
CyaSSL_shutdown(ssl);
#endif
#ifdef HAVE_WRITE_DUP
CyaSSL_free(write_ssl);
#endif
CyaSSL_free(ssl);
CloseSocket(clientfd);
#ifdef CYASSL_DTLS
tcp_listen(&sockfd, &port, useAnyAddr, doDTLS, 0);
SignalReady(args, port);
#endif
}
CloseSocket(sockfd);
CyaSSL_CTX_free(ctx);
#ifdef ECHO_OUT
if (outCreated)
fclose(fout);
#endif
((func_args*)args)->return_code = 0;
#if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \
&& defined(HAVE_THREAD_LS)
ecc_fp_free(); /* free per thread cache */
#endif
#ifdef CYASSL_TIRTOS
fdCloseSession(Task_self());
#endif
#if defined(HAVE_SESSION_TICKET) && defined(HAVE_CHACHA) && \
defined(HAVE_POLY1305)
TicketCleanup();
#endif
#ifdef WOLFSSL_ASYNC_CRYPT
wolfAsync_DevClose(&devId);
#endif
#ifndef CYASSL_TIRTOS
return 0;
#endif
}
/**
* Perform an HTTPS request, caller frees both request and response,
* NULL returned on error.
* @param sockfd Socket to use, already connected
* @param req Request to send, fully formatted.
* @param hostname Hostname to use in https request. Caller frees.
* @return char Response as a string
*/
char *
https_get(const int sockfd, const char *req, const char *hostname)
{
ssize_t numbytes;
int done, nfds;
fd_set readfds;
struct timeval timeout;
unsigned long sslerr;
char sslerrmsg[CYASSL_MAX_ERROR_SZ];
size_t reqlen = strlen(req);
char readbuf[MAX_BUF];
char *retval;
pstr_t *response = pstr_new();
CYASSL *ssl = NULL;
CYASSL_CTX *ctx = NULL;
s_config *config;
config = config_get_config();
ctx = get_cyassl_ctx(hostname);
if (NULL == ctx) {
debug(LOG_ERR, "Could not get CyaSSL Context!");
goto error;
}
if (sockfd == -1) {
/* Could not connect to server */
debug(LOG_ERR, "Could not open socket to server!");
goto error;
}
/* Create CYASSL object */
if ((ssl = CyaSSL_new(ctx)) == NULL) {
debug(LOG_ERR, "Could not create CyaSSL context.");
goto error;
}
if (config->ssl_verify) {
// Turn on domain name check
// Loading of CA certificates and verification of remote host name
// go hand in hand - one is useless without the other.
CyaSSL_check_domain_name(ssl, hostname);
}
CyaSSL_set_fd(ssl, sockfd);
debug(LOG_DEBUG, "Sending HTTPS request to auth server: [%s]\n", req);
numbytes = CyaSSL_send(ssl, req, (int)reqlen, 0);
if (numbytes <= 0) {
sslerr = (unsigned long)CyaSSL_get_error(ssl, numbytes);
CyaSSL_ERR_error_string(sslerr, sslerrmsg);
debug(LOG_ERR, "CyaSSL_send failed: %s", sslerrmsg);
goto error;
} else if ((size_t) numbytes != reqlen) {
debug(LOG_ERR, "CyaSSL_send failed: only %d bytes out of %d bytes sent!", numbytes, reqlen);
goto error;
}
debug(LOG_DEBUG, "Reading response");
done = 0;
do {
FD_ZERO(&readfds);
FD_SET(sockfd, &readfds);
timeout.tv_sec = 30; /* XXX magic... 30 second is as good a timeout as any */
timeout.tv_usec = 0;
nfds = sockfd + 1;
nfds = select(nfds, &readfds, NULL, NULL, &timeout);
if (nfds > 0) {
/** We don't have to use FD_ISSET() because there
* was only one fd. */
memset(readbuf, 0, MAX_BUF);
numbytes = CyaSSL_read(ssl, readbuf, MAX_BUF - 1);
if (numbytes < 0) {
sslerr = (unsigned long)CyaSSL_get_error(ssl, numbytes);
CyaSSL_ERR_error_string(sslerr, sslerrmsg);
debug(LOG_ERR, "An error occurred while reading from server: %s", sslerrmsg);
goto error;
} else if (numbytes == 0) {
/* CyaSSL_read returns 0 on a clean shutdown or if the peer closed the
connection. We can't distinguish between these cases right now. */
done = 1;
} else {
readbuf[numbytes] = '\0';
pstr_cat(response, readbuf);
debug(LOG_DEBUG, "Read %d bytes", numbytes);
}
} else if (nfds == 0) {
debug(LOG_ERR, "Timed out reading data via select() from auth server");
goto error;
} else if (nfds < 0) {
debug(LOG_ERR, "Error reading data via select() from auth server: %s", strerror(errno));
goto error;
}
} while (!done);
close(sockfd);
CyaSSL_free(ssl);
retval = pstr_to_string(response);
debug(LOG_DEBUG, "HTTPS Response from Server: [%s]", retval);
return retval;
error:
if (ssl) {
CyaSSL_free(ssl);
}
if (sockfd >= 0) {
close(sockfd);
}
retval = pstr_to_string(response);
free(retval);
return NULL;
}
/*
* ======== tcpHandler ========
* Creates new Task to handle new TCP connections.
*/
Void tcpHandler(UArg arg0, UArg arg1) {
int sockfd;
int ret;
struct sockaddr_in servAddr;
Error_Block eb;
bool flag = true;
bool internal_flag = true;
int nbytes;
char *buffer;
char msg[] = "Hello from TM4C1294XL Connected Launchpad";
CYASSL* ssl = (CYASSL *) arg0;
fdOpenSession(TaskSelf());
CyaSSL_Init();
CYASSL_CTX* ctx = NULL;
ctx = CyaSSL_CTX_new(CyaTLSv1_2_client_method());
if (ctx == 0) {
System_printf("tcpHandler: CyaSSL_CTX_new error.\n");
exitApp(ctx);
}
if (CyaSSL_CTX_load_verify_buffer(ctx, ca_cert_der_2048,
sizeof(ca_cert_der_2048) / sizeof(char), SSL_FILETYPE_ASN1)
!= SSL_SUCCESS) {
System_printf("tcpHandler: Error loading ca_cert_der_2048"
" please check the cyassl/certs_test.h file.\n");
exitApp(ctx);
}
if (CyaSSL_CTX_use_certificate_buffer(ctx, client_cert_der_2048,
sizeof(client_cert_der_2048) / sizeof(char), SSL_FILETYPE_ASN1)
!= SSL_SUCCESS) {
System_printf("tcpHandler: Error loading client_cert_der_2048,"
" please check the cyassl/certs_test.h file.\n");
exitApp(ctx);
}
if (CyaSSL_CTX_use_PrivateKey_buffer(ctx, client_key_der_2048,
sizeof(client_key_der_2048) / sizeof(char), SSL_FILETYPE_ASN1)
!= SSL_SUCCESS) {
System_printf("tcpHandler: Error loading client_key_der_2048,"
" please check the cyassl/certs_test.h file.\n");
exitApp(ctx);
}
/* Init the Error_Block */
Error_init(&eb);
do {
sockfd = socket(AF_INET, SOCK_STREAM, 0);
if (sockfd < 0) {
System_printf("tcpHandler: socket failed\n");
Task_sleep(2000);
continue;
}
memset((char *) &servAddr, 0, sizeof(servAddr));
servAddr.sin_family = AF_INET;
servAddr.sin_port = htons(TCPPORT);
inet_aton(IP_ADDR, &servAddr.sin_addr);
ret = connect(sockfd, (struct sockaddr *) &servAddr, sizeof(servAddr));
if (ret < 0) {
fdClose((SOCKET) sockfd);
Task_sleep(2000);
continue;
}
} while (ret != 0);
if ((ssl = CyaSSL_new(ctx)) == NULL) {
System_printf("tcpHandler: CyaSSL_new error.\n");
exitApp(ctx);
}
CyaSSL_set_fd(ssl, sockfd);
ret = CyaSSL_connect(ssl);
/* Delete "TOP_LINE" and "END_LINE" for debugging. */
/* TOP_LINE
System_printf("looked for: %d.\n", SSL_SUCCESS);
System_printf("return was: %d.\n", ret);
int err;
char err_buffer[80];
err = CyaSSL_get_error(ssl, 0);
System_printf("CyaSSL error: %d\n", err);
System_printf("CyaSSL error string: %s\n", CyaSSL_ERR_error_string(err, err_buffer));
END_LINE */
if (ret == SSL_SUCCESS) {
sockfd = CyaSSL_get_fd(ssl);
/* Get a buffer to receive incoming packets. Use the default heap. */
buffer = Memory_alloc(NULL, TCPPACKETSIZE, 0, &eb);
if (buffer == NULL) {
System_printf("tcpWorker: failed to alloc memory\n");
exitApp(ctx);
}
/* Say hello to the server */
while (flag) {
if (CyaSSL_write(ssl, msg, strlen(msg)) != strlen(msg)) {
ret = CyaSSL_get_error(ssl, 0);
System_printf("Write error: %i.\n", ret);
}
while (internal_flag) {
nbytes = CyaSSL_read(ssl, (char *) buffer, TCPPACKETSIZE);
if (nbytes > 0) {
internal_flag = false;
}
}
/* success */
System_printf("Heard: \"%s\".\n", buffer);
CyaSSL_free(ssl);
fdClose((SOCKET) sockfd);
flag = false;
}
/* Free the buffer back to the heap */
Memory_free(NULL, buffer, TCPPACKETSIZE);
/*
* Since deleteTerminatedTasks is set in the cfg file,
* the Task will be deleted when the idle task runs.
*/
exitApp(ctx);
} else {
CyaSSL_free(ssl);
fdClose((SOCKET) sockfd);
System_printf("CyaSSL_connect failed.\n");
fdCloseSession(TaskSelf());
exitApp(ctx);
}
}
