static void test_server_wolfSSL_new(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA)
WOLFSSL_CTX *ctx;
WOLFSSL_CTX *ctx_nocert;
WOLFSSL *ssl;
AssertNotNull(ctx_nocert = wolfSSL_CTX_new(wolfSSLv23_server_method()));
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCert, SSL_FILETYPE_PEM));
AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKey, SSL_FILETYPE_PEM));
/* invalid context */
AssertNull(ssl = wolfSSL_new(NULL));
AssertNull(ssl = wolfSSL_new(ctx_nocert));
/* success */
AssertNotNull(ssl = wolfSSL_new(ctx));
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
wolfSSL_CTX_free(ctx_nocert);
#endif
}
static void test_client_wolfSSL_new(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA)
WOLFSSL_CTX *ctx;
WOLFSSL_CTX *ctx_nocert;
WOLFSSL *ssl;
AssertNotNull(ctx_nocert = wolfSSL_CTX_new(wolfSSLv23_client_method()));
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
AssertTrue(wolfSSL_CTX_load_verify_locations(ctx, caCert, 0));
/* invalid context */
AssertNull(ssl = wolfSSL_new(NULL));
/* success */
AssertNotNull(ssl = wolfSSL_new(ctx_nocert));
wolfSSL_free(ssl);
/* success */
AssertNotNull(ssl = wolfSSL_new(ctx));
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
wolfSSL_CTX_free(ctx_nocert);
#endif
}
static void test_wolfSSL_CTX_new(WOLFSSL_METHOD *method)
{
WOLFSSL_CTX *ctx;
AssertNull(ctx = wolfSSL_CTX_new(NULL));
AssertNotNull(method);
AssertNotNull(ctx = wolfSSL_CTX_new(method));
wolfSSL_CTX_free(ctx);
}
static void prvInitialiseWolfSSL( void )
{
int32_t iReturn;
#ifdef DEBUG_WOLFSSL
{
wolfSSL_Debugging_ON();
}
#endif
/* Initialise wolfSSL. This must be done before any other wolfSSL functions
are called. */
wolfSSL_Init();
/* Attempt to create a context that uses the TLS 1.2 server protocol. */
xWolfSSL_ServerContext = wolfSSL_CTX_new( wolfTLSv1_2_server_method() );
if( xWolfSSL_ServerContext != NULL )
{
/* Load the CA certificate. Real applications should ensure that
wolfSSL_CTX_load_verify_locations() returns SSL_SUCCESS before
proceeding. */
iReturn = wolfSSL_CTX_load_verify_locations( xWolfSSL_ServerContext, "ca-cert.pem", 0 );
configASSERT( iReturn == SSL_SUCCESS );
iReturn = wolfSSL_CTX_use_certificate_file( xWolfSSL_ServerContext, "server-cert.pem", SSL_FILETYPE_PEM );
configASSERT( iReturn == SSL_SUCCESS );
iReturn = wolfSSL_CTX_use_PrivateKey_file( xWolfSSL_ServerContext, "server-key.pem", SSL_FILETYPE_PEM );
configASSERT( iReturn == SSL_SUCCESS );
}
}
static void* client_thread(void* args)
{
/* set up client */
WOLFSSL_CTX* cli_ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());
if (cli_ctx == NULL) err_sys("bad client ctx new");
int ret = wolfSSL_CTX_load_verify_locations(cli_ctx, cacert, NULL);
if (ret != SSL_SUCCESS) err_sys("bad ca load");
wolfSSL_SetIOSend(cli_ctx, ClientSend);
wolfSSL_SetIORecv(cli_ctx, ClientRecv);
WOLFSSL* cli_ssl = wolfSSL_new(cli_ctx);
if (cli_ctx == NULL) err_sys("bad client new");
ret = wolfSSL_connect(cli_ssl);
if (ret != SSL_SUCCESS) err_sys("bad client tls connect");
printf("wolfSSL client success!\n");
ret = wolfSSL_write(cli_ssl, "hello memory wolfSSL!", 21);
/* clean up */
wolfSSL_free(cli_ssl);
wolfSSL_CTX_free(cli_ctx);
return NULL;
}
static void test_wolfSSL_CTX_use_PrivateKey_file(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
WOLFSSL_CTX *ctx;
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
/* invalid context */
AssertFalse(wolfSSL_CTX_use_PrivateKey_file(NULL, svrKey,
SSL_FILETYPE_PEM));
/* invalid key file */
AssertFalse(wolfSSL_CTX_use_PrivateKey_file(ctx, bogusFile,
SSL_FILETYPE_PEM));
/* invalid key type */
AssertFalse(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKey, 9999));
/* success */
#ifdef NO_RSA
/* rsa needed */
AssertFalse(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKey, SSL_FILETYPE_PEM));
#else
/* success */
AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKey, SSL_FILETYPE_PEM));
#endif
wolfSSL_CTX_free(ctx);
#endif
}
static void test_wolfSSL_UseSupportedCurve(void)
{
#ifdef HAVE_SUPPORTED_CURVES
WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
WOLFSSL *ssl = wolfSSL_new(ctx);
AssertNotNull(ctx);
AssertNotNull(ssl);
#ifndef NO_WOLFSSL_CLIENT
/* error cases */
AssertIntNE(SSL_SUCCESS,
wolfSSL_CTX_UseSupportedCurve(NULL, WOLFSSL_ECC_SECP256R1));
AssertIntNE(SSL_SUCCESS, wolfSSL_CTX_UseSupportedCurve(ctx, 0));
AssertIntNE(SSL_SUCCESS,
wolfSSL_UseSupportedCurve(NULL, WOLFSSL_ECC_SECP256R1));
AssertIntNE(SSL_SUCCESS, wolfSSL_UseSupportedCurve(ssl, 0));
/* success case */
AssertIntEQ(SSL_SUCCESS,
wolfSSL_CTX_UseSupportedCurve(ctx, WOLFSSL_ECC_SECP256R1));
AssertIntEQ(SSL_SUCCESS,
wolfSSL_UseSupportedCurve(ssl, WOLFSSL_ECC_SECP256R1));
#endif
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
#endif
}
static void test_wolfSSL_UseMaxFragment(void)
{
#ifdef HAVE_MAX_FRAGMENT
WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
WOLFSSL *ssl = wolfSSL_new(ctx);
AssertNotNull(ctx);
AssertNotNull(ssl);
/* error cases */
AssertIntNE(SSL_SUCCESS, wolfSSL_CTX_UseMaxFragment(NULL, WOLFSSL_MFL_2_9));
AssertIntNE(SSL_SUCCESS, wolfSSL_UseMaxFragment( NULL, WOLFSSL_MFL_2_9));
AssertIntNE(SSL_SUCCESS, wolfSSL_CTX_UseMaxFragment(ctx, 0));
AssertIntNE(SSL_SUCCESS, wolfSSL_CTX_UseMaxFragment(ctx, 6));
AssertIntNE(SSL_SUCCESS, wolfSSL_UseMaxFragment(ssl, 0));
AssertIntNE(SSL_SUCCESS, wolfSSL_UseMaxFragment(ssl, 6));
/* success case */
AssertIntEQ(SSL_SUCCESS, wolfSSL_CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_9));
AssertIntEQ(SSL_SUCCESS, wolfSSL_CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_10));
AssertIntEQ(SSL_SUCCESS, wolfSSL_CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_11));
AssertIntEQ(SSL_SUCCESS, wolfSSL_CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_12));
AssertIntEQ(SSL_SUCCESS, wolfSSL_CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_13));
AssertIntEQ(SSL_SUCCESS, wolfSSL_UseMaxFragment( ssl, WOLFSSL_MFL_2_9));
AssertIntEQ(SSL_SUCCESS, wolfSSL_UseMaxFragment( ssl, WOLFSSL_MFL_2_10));
AssertIntEQ(SSL_SUCCESS, wolfSSL_UseMaxFragment( ssl, WOLFSSL_MFL_2_11));
AssertIntEQ(SSL_SUCCESS, wolfSSL_UseMaxFragment( ssl, WOLFSSL_MFL_2_12));
AssertIntEQ(SSL_SUCCESS, wolfSSL_UseMaxFragment( ssl, WOLFSSL_MFL_2_13));
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
#endif
}
/* Use this callback to setup TLS certificates and verify callbacks */
static int mqttclient_tls_cb(MqttClient* client)
{
int rc = SSL_FAILURE;
(void)client; /* Supress un-used argument */
client->tls.ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());
if (client->tls.ctx) {
wolfSSL_CTX_set_verify(client->tls.ctx, SSL_VERIFY_PEER, mqttclient_tls_verify_cb);
if (mTlsFile) {
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
/* Load CA certificate file */
rc = wolfSSL_CTX_load_verify_locations(client->tls.ctx, mTlsFile, 0);
#else
rc = SSL_SUCCESS;
#endif
}
else {
rc = SSL_SUCCESS;
}
}
PRINTF("MQTT TLS Setup (%d)", rc);
return rc;
}
bool NET_PRES_EncProviderStreamClientInit0(NET_PRES_TransportObject * transObject)
{
const uint8_t * caCertsPtr;
int32_t caCertsLen;
if (!NET_PRES_CertStoreGetCACerts(&caCertsPtr, &caCertsLen, 0))
{
return false;
}
if (_net_pres_wolfsslUsers == 0)
{
wolfSSL_Init();
_net_pres_wolfsslUsers++;
}
net_pres_wolfSSLInfoStreamClient0.transObject = transObject;
net_pres_wolfSSLInfoStreamClient0.context = wolfSSL_CTX_new(wolfSSLv23_client_method());
if (net_pres_wolfSSLInfoStreamClient0.context == 0)
{
return false;
}
wolfSSL_SetIORecv(net_pres_wolfSSLInfoStreamClient0.context, (CallbackIORecv)&NET_PRES_EncGlue_StreamClientReceiveCb0);
wolfSSL_SetIOSend(net_pres_wolfSSLInfoStreamClient0.context, (CallbackIOSend)&NET_PRES_EncGlue_StreamClientSendCb0);
if (wolfSSL_CTX_load_verify_buffer(net_pres_wolfSSLInfoStreamClient0.context, caCertsPtr, caCertsLen, SSL_FILETYPE_ASN1) != SSL_SUCCESS)
{
// Couldn't load the certificates
//SYS_CONSOLE_MESSAGE("Something went wrong loading the certificates\r\n");
wolfSSL_CTX_free(net_pres_wolfSSLInfoStreamClient0.context);
return false;
}
// Turn off verification, because SNTP is usually blocked by a firewall
wolfSSL_CTX_set_verify(net_pres_wolfSSLInfoStreamClient0.context, SSL_VERIFY_NONE, 0);
net_pres_wolfSSLInfoStreamClient0.isInited = true;
return true;
}
/* Use this callback to setup TLS certificates and verify callbacks */
static int mqtt_aws_tls_cb(MqttClient* client)
{
int rc = SSL_FAILURE;
client->tls.ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());
if (client->tls.ctx) {
wolfSSL_CTX_set_verify(client->tls.ctx, SSL_VERIFY_PEER, mqtt_aws_tls_verify_cb);
/* Load CA certificate buffer */
rc = wolfSSL_CTX_load_verify_buffer(client->tls.ctx,
(const byte*)root_ca, (long)XSTRLEN(root_ca), SSL_FILETYPE_PEM);
/* Load Client Cert */
if (rc == SSL_SUCCESS)
rc = wolfSSL_CTX_use_certificate_buffer(client->tls.ctx,
(const byte*)device_cert, (long)XSTRLEN(device_cert), SSL_FILETYPE_PEM);
/* Load Private Key */
if (rc == SSL_SUCCESS)
rc = wolfSSL_CTX_use_PrivateKey_buffer(client->tls.ctx,
(const byte*)device_priv_key, (long)XSTRLEN(device_priv_key), SSL_FILETYPE_PEM);
}
PRINTF("MQTT TLS Setup (%d)", rc);
return rc;
}
static void test_wolfSSL_CTX_load_verify_locations(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
WOLFSSL_CTX *ctx;
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
/* invalid context */
AssertFalse(wolfSSL_CTX_load_verify_locations(NULL, caCert, 0));
/* invalid ca file */
AssertFalse(wolfSSL_CTX_load_verify_locations(ctx, NULL, 0));
AssertFalse(wolfSSL_CTX_load_verify_locations(ctx, bogusFile, 0));
#ifndef WOLFSSL_TIRTOS
/* invalid path */
/* not working... investigate! */
/* AssertFalse(wolfSSL_CTX_load_verify_locations(ctx, caCert, bogusFile)); */
#endif
/* success */
AssertTrue(wolfSSL_CTX_load_verify_locations(ctx, caCert, 0));
wolfSSL_CTX_free(ctx);
#endif
}
void *mod_wolftls_create(http_server_t *server, char *unused, mod_tls_t *modconfig)
{
int ret;
_mod_wolftls_t *mod;
if (!modconfig)
return NULL;
mod = calloc(1, sizeof(*mod));
wolfSSL_Init();
mod->method = wolfTLSv1_2_server_method();
if ( (mod->ctx = wolfSSL_CTX_new(mod->method)) == NULL)
goto wolfftls_out_ctx;
if (modconfig->crtfile)
{
ret = wolfSSL_CTX_use_certificate_file(mod->ctx, modconfig->crtfile, SSL_FILETYPE_PEM);
if (ret != WOLFSSL_SUCCESS)
{
err("wolftls: CTX_use_certificate_file %d %d\n", ret, WOLFSSL_SUCCESS);
goto wolfftls_out_certfile;
}
}
if (modconfig->pemfile)
{
ret = wolfSSL_CTX_use_PrivateKey_file(mod->ctx, modconfig->pemfile, SSL_FILETYPE_PEM);
if (ret != WOLFSSL_SUCCESS)
{
err("wolftls: CTX_use_PrivateKey_file pem %d\n", ret);
goto wolfftls_out_certfile;
}
}
if (modconfig->cachain)
{
ret = wolfSSL_CTX_use_certificate_chain_file(mod->ctx, modconfig->cachain);
if (ret != WOLFSSL_SUCCESS)
{
err("wolftls: CTX_use_certificate_chain_file cachain %d\n", ret);
goto wolfftls_out_certfile;
}
}
httpserver_addmod(server, _mod_wolftls_getctx, _mod_wolftls_freectx, mod, str_wolftls);
return mod;
wolfftls_out_certfile:
wolfSSL_CTX_free(mod->ctx);
wolfftls_out_ctx:
free(mod);
return NULL;
}
int Client(const char* ip, word16 port)
{
int n;
char msg[] = "hello wolfssl";
char reply[MAXSZ];
int msgSz = strlen(msg);
SOCKET_T fd;
WOLFSSL_CTX* ctx;
WOLFSSL* ssl;
if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL)
err_sys("Error in setting client ctx\n");
if (wolfSSL_CTX_load_verify_locations(ctx, caCert, 0) != SSL_SUCCESS)
err_sys("trouble loading client cert");
if (wolfSSL_CTX_use_certificate_file(ctx, cliCert, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("trouble loading client cert");
if (wolfSSL_CTX_use_PrivateKey_file(ctx, cliKey, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("trouble loading client cert");
/*sets the IO callback methods*/
wolfSSL_SetIORecv(ctx, CbIORecv);
wolfSSL_SetIOSend(ctx, CbIOSend);
if ((ssl = wolfSSL_new(ctx)) == NULL)
err_sys("issue when creating ssl");
tcp_connect(&fd, ip, port, 0);
wolfSSL_set_fd(ssl, fd);
if (wolfSSL_connect(ssl) != SSL_SUCCESS)
err_sys("client connect failed");
if (wolfSSL_write(ssl, msg, msgSz) != msgSz)
err_sys("client write failed");
memset(reply, 0, MAXSZ);
if ((n = wolfSSL_read(ssl, reply, MAXSZ - 1)) > 0) {
reply[n] = '\0';
}
else {
printf("client read returned %d\n", n);
return -1;
}
printf("Server sent : %s\n", reply);
wolfSSL_shutdown(ssl);
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
return 0;
}
bool NET_PRES_EncProviderStreamClientInit0(NET_PRES_TransportObject * transObject)
{
const uint8_t * caCertsPtr;
int32_t caCertsLen;
if (!NET_PRES_CertStoreGetCACerts(&caCertsPtr, &caCertsLen, 0))
{
return false;
}
if (_net_pres_wolfsslUsers == 0)
{
wolfSSL_Init();
_net_pres_wolfsslUsers++;
}
net_pres_wolfSSLInfoStreamClient0.transObject = transObject;
net_pres_wolfSSLInfoStreamClient0.context = wolfSSL_CTX_new(wolfSSLv23_client_method());
if (net_pres_wolfSSLInfoStreamClient0.context == 0)
{
return false;
}
wolfSSL_SetIORecv(net_pres_wolfSSLInfoStreamClient0.context, (CallbackIORecv)&NET_PRES_EncGlue_StreamClientReceiveCb0);
wolfSSL_SetIOSend(net_pres_wolfSSLInfoStreamClient0.context, (CallbackIOSend)&NET_PRES_EncGlue_StreamClientSendCb0);
// Turn off verification, because SNTP is usually blocked by a firewall
wolfSSL_CTX_set_verify(net_pres_wolfSSLInfoStreamClient0.context, SSL_VERIFY_NONE, 0);
if (wolfSSL_CTX_load_verify_buffer(net_pres_wolfSSLInfoStreamClient0.context, caCertsPtr, caCertsLen, SSL_FILETYPE_ASN1) != SSL_SUCCESS)
{
// Couldn't load the certificates
wolfSSL_CTX_free(net_pres_wolfSSLInfoStreamClient0.context);
return false;
}
if(wolfSSL_CTX_use_PrivateKey_buffer(net_pres_wolfSSLInfoStreamClient0.context, (unsigned char *)appData.clientKey, strlen((char *)appData.clientKey), SSL_FILETYPE_PEM) != SSL_SUCCESS)
{
// Couldn't load the private key
wolfSSL_CTX_free(net_pres_wolfSSLInfoStreamClient0.context);
return false;
}
// Loading the client cert so that the server can authenticate us (client authentication))
if(wolfSSL_CTX_use_certificate_buffer(net_pres_wolfSSLInfoStreamClient0.context, (unsigned char *)appData.clientCert, strlen((char *)appData.clientCert), SSL_FILETYPE_PEM) != SSL_SUCCESS)
{
// Couldn't load the client certificate
wolfSSL_CTX_free(net_pres_wolfSSLInfoStreamClient0.context);
return false;
}
// Turn off verification, because SNTP is usually blocked by a firewall
wolfSSL_CTX_set_verify(net_pres_wolfSSLInfoStreamClient0.context, SSL_VERIFY_NONE, 0);
net_pres_wolfSSLInfoStreamClient0.isInited = true;
return true;
}
int SuiteTest(void)
{
func_args args;
char argv0[2][80];
char* myArgv[2];
printf(" Begin Cipher Suite Tests\n");
/* setup */
myArgv[0] = argv0[0];
myArgv[1] = argv0[1];
args.argv = myArgv;
strcpy(argv0[0], "SuiteTest");
(void)test_harness;
cipherSuiteCtx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());
if (cipherSuiteCtx == NULL) {
printf("can't get cipher suite ctx\n");
exit(EXIT_FAILURE);
}
/* default case */
args.argc = 1;
printf("starting default cipher suite tests\n");
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
exit(EXIT_FAILURE);
}
/* any extra cases will need another argument */
args.argc = 2;
#ifdef WOLFSSL_DTLS
/* add dtls extra suites */
strcpy(argv0[1], "tests/test-dtls.conf");
printf("starting dtls extra cipher suite tests\n");
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
exit(EXIT_FAILURE);
}
#endif
printf(" End Cipher Suite Tests\n");
wolfSSL_CTX_free(cipherSuiteCtx);
wolfSSL_Cleanup();
return args.return_code;
}
int main()
{
int sockfd;
WOLFSSL_CTX* ctx;
WOLFSSL* ssl;
WOLFSSL_METHOD* method;
struct sockaddr_in servAddr;
const char message[] = "Hello, World!";
/* create and set up socket */
sockfd = socket(AF_INET, SOCK_STREAM, 0);
memset(&servAddr, 0, sizeof(servAddr));
servAddr.sin_family = AF_INET;
servAddr.sin_port = htons(SERV_PORT);
/* connect to socket */
connect(sockfd, (struct sockaddr *) &servAddr, sizeof(servAddr));
/* initialize wolfssl library */
wolfSSL_Init();
method = wolfTLSv1_2_client_method(); /* use TLS v1.2 */
/* make new ssl context */
if ( (ctx = wolfSSL_CTX_new(method)) == NULL) {
err_sys("wolfSSL_CTX_new error");
}
/* make new wolfSSL struct */
if ( (ssl = wolfSSL_new(ctx)) == NULL) {
err_sys("wolfSSL_new error");
}
/* Add cert to ctx */
if (wolfSSL_CTX_load_verify_locations(ctx, "certs/ca-cert.pem", 0) !=
SSL_SUCCESS) {
err_sys("Error loading certs/ca-cert.pem");
}
/* Connect wolfssl to the socket, server, then send message */
wolfSSL_set_fd(ssl, sockfd);
wolfSSL_connect(ssl);
wolfSSL_write(ssl, message, strlen(message));
/* frees all data before client termination */
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
wolfSSL_Cleanup();
}
/* Initialize the wolfSSL library and create a wolfSSL context.
*
* version The protocol version.
* cert The client certificate for client authentication.
* key The client private key for client authentication.
* verifyCert The CA certificate for server authentication.
* cipherList The list of ciphers, as a string, to negotiate.
* wolfsslCtx The new wolfSSL context object.
* returns EXIT_SUCCESS when a wolfSSL context object is created and
* EXIT_FAILURE otherwise.
*/
static int WolfSSLCtx_Init(int version, char* cert, char* key, char* verifyCert,
char* cipherList, WOLFSSL_CTX** wolfsslCtx)
{
WOLFSSL_CTX* ctx;
wolfSSL_method_func method = NULL;
method = SSL_GetMethod(version);
if (method == NULL)
return(EXIT_FAILURE);
/* Create and initialize WOLFSSL_CTX structure */
if ((ctx = wolfSSL_CTX_new(method(NULL))) == NULL) {
fprintf(stderr, "wolfSSL_CTX_new error.\n");
return(EXIT_FAILURE);
}
#ifdef WOLFSSL_ASYNC_CRYPT
if (wolfAsync_DevOpen(&devId) != 0) {
fprintf(stderr, "Async device open failed\nRunning without async\n");
}
wolfSSL_CTX_UseAsync(ctx, devId);
#endif
if (cipherList) {
if (wolfSSL_CTX_set_cipher_list(ctx, cipherList) != SSL_SUCCESS)
err_sys("client can't set cipher list 1");
}
/* load CA certificates into wolfSSL_CTX. which will verify the server */
if (wolfSSL_CTX_load_verify_locations(ctx, verifyCert, 0) != SSL_SUCCESS) {
printf("Error loading %s. Please check the file.\n", verifyCert);
return EXIT_FAILURE;
}
if (wolfSSL_CTX_use_certificate_chain_file(ctx, cert) != SSL_SUCCESS) {
printf("Error loading %s. Please check the file.\n", cert);
return EXIT_FAILURE;
}
if (wolfSSL_CTX_use_PrivateKey_file(ctx, key, SSL_FILETYPE_PEM)
!= SSL_SUCCESS) {
printf("Error loading %s. Please check the file.\n", key);
return EXIT_FAILURE;
}
*wolfsslCtx = ctx;
return EXIT_SUCCESS;
}
WolfSSLConnection::WolfSSLConnection()
{
wolfSSL_Init();
WOLFSSL_METHOD* method = wolfTLSv1_2_client_method();
if(method != NULL)
{
sslContext = wolfSSL_CTX_new(method);
}
else
{
sslContext = NULL;
}
isConnected = false;
}
static void test_wolfSSL_UseTruncatedHMAC(void)
{
#ifdef HAVE_TRUNCATED_HMAC
WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
WOLFSSL *ssl = wolfSSL_new(ctx);
AssertNotNull(ctx);
AssertNotNull(ssl);
/* error cases */
AssertIntNE(SSL_SUCCESS, wolfSSL_CTX_UseTruncatedHMAC(NULL));
AssertIntNE(SSL_SUCCESS, wolfSSL_UseTruncatedHMAC(NULL));
/* success case */
AssertIntEQ(SSL_SUCCESS, wolfSSL_CTX_UseTruncatedHMAC(ctx));
AssertIntEQ(SSL_SUCCESS, wolfSSL_UseTruncatedHMAC(ssl));
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
#endif
}
/*
* applies TLS 1.2 security layer to data being sent.
*/
int Security(int sock)
{
WOLFSSL_CTX* ctx;
WOLFSSL* ssl; /* create WOLFSSL object */
int ret = 0;
wolfSSL_Init(); /* initialize wolfSSL */
/* create and initiLize WOLFSSL_CTX structure */
if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL) {
printf("SSL_CTX_new error.\n");
return EXIT_FAILURE;
}
/* set callback for action when CA's are added */
wolfSSL_CTX_SetCACb(ctx, CaCb);
/* load CA certificates into wolfSSL_CTX. which will verify the server */
if (wolfSSL_CTX_load_verify_locations(ctx, cert, 0) != SSL_SUCCESS) {
printf("Error loading %s. Please check the file.\n", cert);
return EXIT_FAILURE;
}
if ((ssl = wolfSSL_new(ctx)) == NULL) {
printf("wolfSSL_new error.\n");
return EXIT_FAILURE;
}
wolfSSL_set_fd(ssl, sock);
ret = wolfSSL_connect(ssl);
if (ret == SSL_SUCCESS) {
ret = ClientGreet(sock, ssl);
}
/* frees all data before client termination */
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
wolfSSL_Cleanup();
return ret;
}
int main()
{
/* set up server */
WOLFSSL_CTX* srv_ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method());
if (srv_ctx == NULL) err_sys("bad server ctx new");
int ret = wolfSSL_CTX_use_PrivateKey_file(srv_ctx, key, SSL_FILETYPE_PEM);
if (ret != SSL_SUCCESS) err_sys("bad server key file load");
ret = wolfSSL_CTX_use_certificate_file(srv_ctx, cert, SSL_FILETYPE_PEM);
if (ret != SSL_SUCCESS) err_sys("bad server cert file load");
wolfSSL_SetIOSend(srv_ctx, ServerSend);
wolfSSL_SetIORecv(srv_ctx, ServerRecv);
WOLFSSL* srv_ssl = wolfSSL_new(srv_ctx);
if (srv_ctx == NULL) err_sys("bad server new");
/* start client thread */
pthread_t tid;
pthread_create(&tid, 0, client_thread, NULL);
/* accept tls connection without tcp sockets */
ret = wolfSSL_accept(srv_ssl);
if (ret != SSL_SUCCESS) err_sys("bad server tls accept");
printf("wolfSSL accept success!\n");
/* read msg post handshake from client */
unsigned char buf[80];
memset(buf, 0, sizeof(buf));
ret = wolfSSL_read(srv_ssl, buf, sizeof(buf)-1);
printf("client msg = %s\n", buf);
/* clean up */
wolfSSL_free(srv_ssl);
wolfSSL_CTX_free(srv_ctx);
return 0;
}
int main()
{
int sd = socket(PF_INET, SOCK_STREAM, IPPROTO_SCTP);
if (sd < 0)
err_sys("sctp socket error");
struct sockaddr_in sa;
memset(&sa, 0, sizeof(sa));
sa.sin_family = AF_INET;
sa.sin_addr.s_addr = htonl(INADDR_ANY);
sa.sin_port = htons(12345);
int ret = bind(sd, (struct sockaddr*)&sa, sizeof(sa));
if (ret < 0)
err_sys("sctp bind error");
listen(sd, 3);
int client_sd = accept(sd, NULL, NULL);
if (client_sd < 0)
err_sys("sctp accept error");
const char* response = "well hello to you";
char buffer[80];
WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfDTLSv1_2_server_method());
if (ctx == NULL)
err_sys("ctx new dtls server failed");
ret = wolfSSL_CTX_dtls_set_sctp(ctx);
if (ret != SSL_SUCCESS)
err_sys("set sctp mode failed");
ret = wolfSSL_CTX_use_PrivateKey_file(ctx, key, SSL_FILETYPE_PEM);
if (ret != SSL_SUCCESS)
err_sys("use private key error");
ret = wolfSSL_CTX_use_certificate_file(ctx, cert, SSL_FILETYPE_PEM);
if (ret != SSL_SUCCESS)
err_sys("use cert error");
WOLFSSL* ssl = wolfSSL_new(ctx);
if (ssl == NULL)
err_sys("ssl new dtls server failed");
wolfSSL_set_fd(ssl, client_sd);
ret = wolfSSL_accept(ssl);
if (ret != SSL_SUCCESS)
err_sys("ssl accept failed");
printf("TLS version is %s\n", wolfSSL_get_version(ssl));
printf("Cipher Suite is %s\n",
wolfSSL_CIPHER_get_name(wolfSSL_get_current_cipher(ssl)));
int got = wolfSSL_read(ssl, buffer, sizeof(buffer));
if (got > 0) {
buffer[got] = 0;
printf("client said: %s\n", buffer);
}
wolfSSL_write(ssl, response, (int)strlen(response));
unsigned char bigBuf[4096];
wolfSSL_read(ssl, bigBuf, sizeof(bigBuf));
wolfSSL_write(ssl, bigBuf, sizeof(bigBuf));
wolfSSL_shutdown(ssl);
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
close(sd);
return 0;
}
int main(int argc, char **argv)
{
int ret, sockfd;
WOLFSSL* ssl;
WOLFSSL_CTX* ctx;
struct sockaddr_in servaddr;;
/* must include an ip address of this will flag */
if (argc != 2) {
printf("Usage: tcpClient <IPaddress>\n");
return 1;
}
wolfSSL_Init(); /* initialize wolfSSL */
/* create and initialize WOLFSSL_CTX structure */
if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL) {
fprintf(stderr, "SSL_CTX_new error.\n");
return 1;
}
/* create a stream socket using tcp,internet protocal IPv4,
* full-duplex stream */
sockfd = socket(AF_INET, SOCK_STREAM, 0);
/* places n zero-valued bytes in the address servaddr */
memset(&servaddr, 0, sizeof(servaddr));
servaddr.sin_family = AF_INET;
servaddr.sin_port = htons(SERV_PORT);
/* converts IPv4 addresses from text to binary form */
ret = inet_pton(AF_INET, argv[1], &servaddr.sin_addr);
if (ret != 1) {
printf("inet_pton error\n");
return 1;
}
/* set up pre shared keys */
wolfSSL_CTX_set_psk_client_callback(ctx, My_Psk_Client_Cb);
/* attempts to make a connection on a socket */
ret = connect(sockfd, (struct sockaddr *) &servaddr, sizeof(servaddr));
if (ret != 0) {
printf("Connection Error\n");
return 1;
}
/* creat wolfssl object after each tcp connct */
if ( (ssl = wolfSSL_new(ctx)) == NULL) {
fprintf(stderr, "wolfSSL_new error.\n");
return 1;
}
/* associate the file descriptor with the session */
ret = wolfSSL_set_fd(ssl, sockfd);
if (ret != SSL_SUCCESS){
return 1;
}
/* takes inputting string and outputs it to the server */
ret = SendReceive(ssl);
if(ret != 0){
return 1;
}
/* cleanup */
wolfSSL_free(ssl);
/* when completely done using SSL/TLS, free the
* wolfssl_ctx object */
wolfSSL_CTX_free(ctx);
wolfSSL_Cleanup();
/* exit client */
return ret;
}
int MqttSocket_Connect(MqttClient *client, const char* host, word16 port,
int timeout_ms, int use_tls, MqttTlsCb cb)
{
int rc;
/* Validate arguments */
if (client == NULL || client->net == NULL ||
client->net->connect == NULL) {
return MQTT_CODE_ERROR_BAD_ARG;
}
/* Validate port */
if (port == 0) {
port = (use_tls) ? MQTT_SECURE_PORT : MQTT_DEFAULT_PORT;
}
/* Connect to host */
rc = client->net->connect(client->net->context, host, port, timeout_ms);
if (rc != 0) {
return rc;
}
client->flags |= MQTT_CLIENT_FLAG_IS_CONNECTED;
#ifdef ENABLE_MQTT_TLS
if (use_tls) {
/* Setup the WolfSSL library */
wolfSSL_Init();
/* Issue callback to allow setup of the wolfSSL_CTX and cert
verification settings */
rc = SSL_SUCCESS;
if (cb) {
rc = cb(client);
}
if (rc == SSL_SUCCESS) {
/* Create and initialize the WOLFSSL_CTX structure */
if (client->tls.ctx == NULL) {
/* Use defaults */
client->tls.ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());
if (client->tls.ctx) {
wolfSSL_CTX_set_verify(client->tls.ctx, SSL_VERIFY_NONE, 0);
}
}
if (client->tls.ctx) {
/* Seutp the async IO callbacks */
wolfSSL_SetIORecv(client->tls.ctx,
MqttSocket_TlsSocketReceive);
wolfSSL_SetIOSend(client->tls.ctx,
MqttSocket_TlsSocketSend);
client->tls.ssl = wolfSSL_new(client->tls.ctx);
if (client->tls.ssl) {
wolfSSL_SetIOReadCtx(client->tls.ssl, (void *)client);
wolfSSL_SetIOWriteCtx(client->tls.ssl, (void *)client);
rc = wolfSSL_connect(client->tls.ssl);
if (rc == SSL_SUCCESS) {
client->flags |= MQTT_CLIENT_FLAG_IS_TLS;
rc = MQTT_CODE_SUCCESS;
}
}
else {
#ifndef WOLFMQTT_NO_STDIO
printf("MqttSocket_TlsConnect: wolfSSL_new error!\n");
#endif
rc = -1;
}
}
else {
#ifndef WOLFMQTT_NO_STDIO
printf("MqttSocket_TlsConnect: wolfSSL_CTX_new error!\n");
#endif
rc = -1;
}
}
else {
#ifndef WOLFMQTT_NO_STDIO
printf("MqttSocket_TlsConnect: TLS callback error!\n");
#endif
rc = -1;
}
/* Handle error case */
if (rc) {
#ifndef WOLFMQTT_NO_STDIO
const char* errstr = NULL;
int errnum = 0;
if (client->tls.ssl) {
errnum = wolfSSL_get_error(client->tls.ssl, 0);
errstr = wolfSSL_ERR_reason_error_string(errnum);
}
printf("MqttSocket_TlsConnect Error %d: Num %d, %s\n",
rc, errnum, errstr);
#endif
/* Make sure we cleanup on error */
MqttSocket_Disconnect(client);
rc = MQTT_CODE_ERROR_TLS_CONNECT;
}
}
#else
(void)cb;
#endif /* ENABLE_MQTT_TLS */
#ifdef WOLFMQTT_DEBUG_SOCKET
printf("MqttSocket_Connect: Rc=%d\n", rc);
#endif
/* Check for error */
if (rc < 0) {
rc = MQTT_CODE_ERROR_NETWORK;
}
return rc;
}
THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
{
SOCKET_T sockfd = 0;
WOLFSSL_METHOD* method = 0;
WOLFSSL_CTX* ctx = 0;
WOLFSSL* ssl = 0;
WOLFSSL* sslResume = 0;
WOLFSSL_SESSION* session = 0;
char resumeMsg[] = "resuming wolfssl!";
int resumeSz = sizeof(resumeMsg);
char msg[32] = "hello wolfssl!"; /* GET may make bigger */
char reply[80];
int input;
int msgSz = (int)strlen(msg);
word16 port = yasslPort;
char* host = (char*)yasslIP;
const char* domain = "www.yassl.com";
int ch;
int version = CLIENT_INVALID_VERSION;
int usePsk = 0;
int useAnon = 0;
int sendGET = 0;
int benchmark = 0;
int doDTLS = 0;
int matchName = 0;
int doPeerCheck = 1;
int nonBlocking = 0;
int resumeSession = 0;
int scr = 0; /* allow secure renegotiation */
int forceScr = 0; /* force client initiaed scr */
int trackMemory = 0;
int useClientCert = 1;
int fewerPackets = 0;
int atomicUser = 0;
int pkCallbacks = 0;
int overrideDateErrors = 0;
char* cipherList = NULL;
const char* verifyCert = caCert;
const char* ourCert = cliCert;
const char* ourKey = cliKey;
#ifdef HAVE_SNI
char* sniHostName = NULL;
#endif
#ifdef HAVE_MAX_FRAGMENT
byte maxFragment = 0;
#endif
#ifdef HAVE_TRUNCATED_HMAC
byte truncatedHMAC = 0;
#endif
#ifdef HAVE_OCSP
int useOcsp = 0;
char* ocspUrl = NULL;
#endif
int argc = ((func_args*)args)->argc;
char** argv = ((func_args*)args)->argv;
((func_args*)args)->return_code = -1; /* error state */
#ifdef NO_RSA
verifyCert = (char*)eccCert;
ourCert = (char*)cliEccCert;
ourKey = (char*)cliEccKey;
#endif
(void)resumeSz;
(void)session;
(void)sslResume;
(void)trackMemory;
(void)atomicUser;
(void)pkCallbacks;
(void)scr;
(void)forceScr;
StackTrap();
while ((ch = mygetopt(argc, argv,
"?gdDusmNrRitfxUPh:p:v:l:A:c:k:b:zS:L:ToO:a")) != -1) {
switch (ch) {
case '?' :
Usage();
exit(EXIT_SUCCESS);
case 'g' :
sendGET = 1;
break;
case 'd' :
doPeerCheck = 0;
break;
case 'D' :
overrideDateErrors = 1;
break;
case 'u' :
doDTLS = 1;
break;
case 's' :
usePsk = 1;
break;
case 't' :
#ifdef USE_WOLFSSL_MEMORY
trackMemory = 1;
#endif
break;
case 'm' :
matchName = 1;
break;
case 'x' :
useClientCert = 0;
break;
case 'f' :
fewerPackets = 1;
break;
case 'U' :
#ifdef ATOMIC_USER
atomicUser = 1;
#endif
break;
case 'P' :
#ifdef HAVE_PK_CALLBACKS
pkCallbacks = 1;
#endif
break;
case 'h' :
host = myoptarg;
domain = myoptarg;
break;
case 'p' :
port = (word16)atoi(myoptarg);
#if !defined(NO_MAIN_DRIVER) || defined(USE_WINDOWS_API)
if (port == 0)
err_sys("port number cannot be 0");
#endif
break;
case 'v' :
version = atoi(myoptarg);
if (version < 0 || version > 3) {
Usage();
exit(MY_EX_USAGE);
}
break;
case 'l' :
cipherList = myoptarg;
break;
case 'A' :
verifyCert = myoptarg;
break;
case 'c' :
ourCert = myoptarg;
break;
case 'k' :
ourKey = myoptarg;
break;
case 'b' :
benchmark = atoi(myoptarg);
if (benchmark < 0 || benchmark > 1000000) {
Usage();
exit(MY_EX_USAGE);
}
break;
case 'N' :
nonBlocking = 1;
break;
case 'r' :
resumeSession = 1;
break;
case 'R' :
#ifdef HAVE_SECURE_RENEGOTIATION
scr = 1;
#endif
break;
case 'i' :
#ifdef HAVE_SECURE_RENEGOTIATION
scr = 1;
forceScr = 1;
#endif
break;
case 'z' :
#ifndef WOLFSSL_LEANPSK
wolfSSL_GetObjectSize();
#endif
break;
case 'S' :
#ifdef HAVE_SNI
sniHostName = myoptarg;
#endif
break;
case 'L' :
#ifdef HAVE_MAX_FRAGMENT
maxFragment = atoi(myoptarg);
if (maxFragment < WOLFSSL_MFL_2_9 ||
maxFragment > WOLFSSL_MFL_2_13) {
Usage();
exit(MY_EX_USAGE);
}
#endif
break;
case 'T' :
#ifdef HAVE_TRUNCATED_HMAC
truncatedHMAC = 1;
#endif
break;
case 'o' :
#ifdef HAVE_OCSP
useOcsp = 1;
#endif
break;
case 'O' :
#ifdef HAVE_OCSP
useOcsp = 1;
ocspUrl = myoptarg;
#endif
break;
case 'a' :
#ifdef HAVE_ANON
useAnon = 1;
#endif
break;
default:
Usage();
exit(MY_EX_USAGE);
}
}
myoptind = 0; /* reset for test cases */
/* sort out DTLS versus TLS versions */
if (version == CLIENT_INVALID_VERSION) {
if (doDTLS)
version = CLIENT_DTLS_DEFAULT_VERSION;
else
version = CLIENT_DEFAULT_VERSION;
}
else {
if (doDTLS) {
if (version == 3)
version = -2;
else
version = -1;
}
}
#ifdef USE_WOLFSSL_MEMORY
if (trackMemory)
InitMemoryTracker();
#endif
switch (version) {
#ifndef NO_OLD_TLS
case 0:
method = wolfSSLv3_client_method();
break;
#ifndef NO_TLS
case 1:
method = wolfTLSv1_client_method();
break;
case 2:
method = wolfTLSv1_1_client_method();
break;
#endif /* NO_TLS */
#endif /* NO_OLD_TLS */
#ifndef NO_TLS
case 3:
method = wolfTLSv1_2_client_method();
break;
#endif
#ifdef WOLFSSL_DTLS
case -1:
method = wolfDTLSv1_client_method();
break;
case -2:
method = wolfDTLSv1_2_client_method();
break;
#endif
default:
err_sys("Bad SSL version");
break;
}
if (method == NULL)
err_sys("unable to get method");
ctx = wolfSSL_CTX_new(method);
if (ctx == NULL)
err_sys("unable to get ctx");
if (cipherList)
if (wolfSSL_CTX_set_cipher_list(ctx, cipherList) != SSL_SUCCESS)
err_sys("client can't set cipher list 1");
#ifdef WOLFSSL_LEANPSK
usePsk = 1;
#endif
#if defined(NO_RSA) && !defined(HAVE_ECC)
usePsk = 1;
#endif
if (fewerPackets)
wolfSSL_CTX_set_group_messages(ctx);
if (usePsk) {
#ifndef NO_PSK
wolfSSL_CTX_set_psk_client_callback(ctx, my_psk_client_cb);
if (cipherList == NULL) {
const char *defaultCipherList;
#ifdef HAVE_NULL_CIPHER
defaultCipherList = "PSK-NULL-SHA256";
#else
defaultCipherList = "PSK-AES128-CBC-SHA256";
#endif
if (wolfSSL_CTX_set_cipher_list(ctx,defaultCipherList) !=SSL_SUCCESS)
err_sys("client can't set cipher list 2");
}
#endif
useClientCert = 0;
}
if (useAnon) {
#ifdef HAVE_ANON
if (cipherList == NULL) {
wolfSSL_CTX_allow_anon_cipher(ctx);
if (wolfSSL_CTX_set_cipher_list(ctx,"ADH-AES128-SHA") != SSL_SUCCESS)
err_sys("client can't set cipher list 4");
}
#endif
useClientCert = 0;
}
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
#endif
#if defined(WOLFSSL_SNIFFER) && !defined(HAVE_NTRU) && !defined(HAVE_ECC)
if (cipherList == NULL) {
/* don't use EDH, can't sniff tmp keys */
if (wolfSSL_CTX_set_cipher_list(ctx, "AES256-SHA256") != SSL_SUCCESS) {
err_sys("client can't set cipher list 3");
}
}
#endif
#ifdef HAVE_OCSP
if (useOcsp) {
if (ocspUrl != NULL) {
wolfSSL_CTX_SetOCSP_OverrideURL(ctx, ocspUrl);
wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_NO_NONCE
| WOLFSSL_OCSP_URL_OVERRIDE);
}
else
wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_NO_NONCE);
}
#endif
#ifdef USER_CA_CB
wolfSSL_CTX_SetCACb(ctx, CaCb);
#endif
#ifdef VERIFY_CALLBACK
wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myVerify);
#endif
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
if (useClientCert){
if (wolfSSL_CTX_use_certificate_chain_file(ctx, ourCert) != SSL_SUCCESS)
err_sys("can't load client cert file, check file and run from"
" wolfSSL home dir");
if (wolfSSL_CTX_use_PrivateKey_file(ctx, ourKey, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("can't load client private key file, check file and run "
"from wolfSSL home dir");
}
if (!usePsk && !useAnon) {
if (wolfSSL_CTX_load_verify_locations(ctx, verifyCert, 0) != SSL_SUCCESS)
err_sys("can't load ca file, Please run from wolfSSL home dir");
}
#endif
#if !defined(NO_CERTS)
if (!usePsk && !useAnon && doPeerCheck == 0)
wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
if (!usePsk && !useAnon && overrideDateErrors == 1)
wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myDateCb);
#endif
#ifdef HAVE_CAVIUM
wolfSSL_CTX_UseCavium(ctx, CAVIUM_DEV_ID);
#endif
#ifdef HAVE_SNI
if (sniHostName)
if (wolfSSL_CTX_UseSNI(ctx, 0, sniHostName, XSTRLEN(sniHostName))
!= SSL_SUCCESS)
err_sys("UseSNI failed");
#endif
#ifdef HAVE_MAX_FRAGMENT
if (maxFragment)
if (wolfSSL_CTX_UseMaxFragment(ctx, maxFragment) != SSL_SUCCESS)
err_sys("UseMaxFragment failed");
#endif
#ifdef HAVE_TRUNCATED_HMAC
if (truncatedHMAC)
if (wolfSSL_CTX_UseTruncatedHMAC(ctx) != SSL_SUCCESS)
err_sys("UseTruncatedHMAC failed");
#endif
#ifdef HAVE_SESSION_TICKET
if (wolfSSL_CTX_UseSessionTicket(ctx) != SSL_SUCCESS)
err_sys("UseSessionTicket failed");
#endif
if (benchmark) {
/* time passed in number of connects give average */
int times = benchmark;
int i = 0;
double start = current_time(), avg;
for (i = 0; i < times; i++) {
tcp_connect(&sockfd, host, port, doDTLS);
ssl = wolfSSL_new(ctx);
wolfSSL_set_fd(ssl, sockfd);
if (wolfSSL_connect(ssl) != SSL_SUCCESS)
err_sys("SSL_connect failed");
wolfSSL_shutdown(ssl);
wolfSSL_free(ssl);
CloseSocket(sockfd);
}
avg = current_time() - start;
avg /= times;
avg *= 1000; /* milliseconds */
printf("wolfSSL_connect avg took: %8.3f milliseconds\n", avg);
wolfSSL_CTX_free(ctx);
((func_args*)args)->return_code = 0;
exit(EXIT_SUCCESS);
}
#if defined(WOLFSSL_MDK_ARM)
wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
#endif
ssl = wolfSSL_new(ctx);
if (ssl == NULL)
err_sys("unable to get SSL object");
#ifdef HAVE_SESSION_TICKET
wolfSSL_set_SessionTicket_cb(ssl, sessionTicketCB, (void*)"initial session");
#endif
if (doDTLS) {
SOCKADDR_IN_T addr;
build_addr(&addr, host, port, 1);
wolfSSL_dtls_set_peer(ssl, &addr, sizeof(addr));
tcp_socket(&sockfd, 1);
}
else {
tcp_connect(&sockfd, host, port, 0);
}
#ifdef HAVE_POLY1305
/* use old poly to connect with google server */
if (!XSTRNCMP(domain, "www.google.com", 14)) {
if (wolfSSL_use_old_poly(ssl, 1) != 0)
err_sys("unable to set to old poly");
}
#endif
wolfSSL_set_fd(ssl, sockfd);
#ifdef HAVE_CRL
if (wolfSSL_EnableCRL(ssl, WOLFSSL_CRL_CHECKALL) != SSL_SUCCESS)
err_sys("can't enable crl check");
if (wolfSSL_LoadCRL(ssl, crlPemDir, SSL_FILETYPE_PEM, 0) != SSL_SUCCESS)
err_sys("can't load crl, check crlfile and date validity");
if (wolfSSL_SetCRL_Cb(ssl, CRL_CallBack) != SSL_SUCCESS)
err_sys("can't set crl callback");
#endif
#ifdef HAVE_SECURE_RENEGOTIATION
if (scr) {
if (wolfSSL_UseSecureRenegotiation(ssl) != SSL_SUCCESS)
err_sys("can't enable secure renegotiation");
}
#endif
#ifdef ATOMIC_USER
if (atomicUser)
SetupAtomicUser(ctx, ssl);
#endif
#ifdef HAVE_PK_CALLBACKS
if (pkCallbacks)
SetupPkCallbacks(ctx, ssl);
#endif
if (matchName && doPeerCheck)
wolfSSL_check_domain_name(ssl, domain);
#ifndef WOLFSSL_CALLBACKS
if (nonBlocking) {
wolfSSL_set_using_nonblock(ssl, 1);
tcp_set_nonblocking(&sockfd);
NonBlockingSSL_Connect(ssl);
}
else if (wolfSSL_connect(ssl) != SSL_SUCCESS) {
/* see note at top of README */
int err = wolfSSL_get_error(ssl, 0);
char buffer[WOLFSSL_MAX_ERROR_SZ];
printf("err = %d, %s\n", err,
wolfSSL_ERR_error_string(err, buffer));
err_sys("SSL_connect failed");
/* if you're getting an error here */
}
#else
timeout.tv_sec = 2;
timeout.tv_usec = 0;
NonBlockingSSL_Connect(ssl); /* will keep retrying on timeout */
#endif
showPeer(ssl);
#ifdef HAVE_SECURE_RENEGOTIATION
if (scr && forceScr) {
if (nonBlocking) {
printf("not doing secure renegotiation on example with"
" nonblocking yet");
} else {
#ifndef NO_SESSION_CACHE
if (resumeSession) {
session = wolfSSL_get_session(ssl);
wolfSSL_set_session(ssl, session);
resumeSession = 0; /* only resume once */
}
#endif
if (wolfSSL_Rehandshake(ssl) != SSL_SUCCESS) {
int err = wolfSSL_get_error(ssl, 0);
char buffer[WOLFSSL_MAX_ERROR_SZ];
printf("err = %d, %s\n", err,
wolfSSL_ERR_error_string(err, buffer));
err_sys("wolfSSL_Rehandshake failed");
}
}
}
#endif /* HAVE_SECURE_RENEGOTIATION */
if (sendGET) {
printf("SSL connect ok, sending GET...\n");
msgSz = 28;
strncpy(msg, "GET /index.html HTTP/1.0\r\n\r\n", msgSz);
msg[msgSz] = '\0';
}
if (wolfSSL_write(ssl, msg, msgSz) != msgSz)
err_sys("SSL_write failed");
input = wolfSSL_read(ssl, reply, sizeof(reply)-1);
if (input > 0) {
reply[input] = 0;
printf("Server response: %s\n", reply);
if (sendGET) { /* get html */
while (1) {
input = wolfSSL_read(ssl, reply, sizeof(reply)-1);
if (input > 0) {
reply[input] = 0;
printf("%s\n", reply);
}
else
break;
}
}
}
else if (input < 0) {
int readErr = wolfSSL_get_error(ssl, 0);
if (readErr != SSL_ERROR_WANT_READ)
err_sys("wolfSSL_read failed");
}
#ifndef NO_SESSION_CACHE
if (resumeSession) {
if (doDTLS) {
strncpy(msg, "break", 6);
msgSz = (int)strlen(msg);
/* try to send session close */
wolfSSL_write(ssl, msg, msgSz);
}
session = wolfSSL_get_session(ssl);
sslResume = wolfSSL_new(ctx);
}
#endif
if (doDTLS == 0) /* don't send alert after "break" command */
wolfSSL_shutdown(ssl); /* echoserver will interpret as new conn */
#ifdef ATOMIC_USER
if (atomicUser)
FreeAtomicUser(ssl);
#endif
wolfSSL_free(ssl);
CloseSocket(sockfd);
#ifndef NO_SESSION_CACHE
if (resumeSession) {
if (doDTLS) {
SOCKADDR_IN_T addr;
#ifdef USE_WINDOWS_API
Sleep(500);
#elif defined(WOLFSSL_TIRTOS)
Task_sleep(1);
#else
sleep(1);
#endif
build_addr(&addr, host, port, 1);
wolfSSL_dtls_set_peer(sslResume, &addr, sizeof(addr));
tcp_socket(&sockfd, 1);
}
else {
tcp_connect(&sockfd, host, port, 0);
}
wolfSSL_set_fd(sslResume, sockfd);
wolfSSL_set_session(sslResume, session);
#ifdef HAVE_SESSION_TICKET
wolfSSL_set_SessionTicket_cb(sslResume, sessionTicketCB,
(void*)"resumed session");
#endif
showPeer(sslResume);
#ifndef WOLFSSL_CALLBACKS
if (nonBlocking) {
wolfSSL_set_using_nonblock(sslResume, 1);
tcp_set_nonblocking(&sockfd);
NonBlockingSSL_Connect(sslResume);
}
else if (wolfSSL_connect(sslResume) != SSL_SUCCESS)
err_sys("SSL resume failed");
#else
timeout.tv_sec = 2;
timeout.tv_usec = 0;
NonBlockingSSL_Connect(ssl); /* will keep retrying on timeout */
#endif
if (wolfSSL_session_reused(sslResume))
printf("reused session id\n");
else
printf("didn't reuse session id!!!\n");
if (wolfSSL_write(sslResume, resumeMsg, resumeSz) != resumeSz)
err_sys("SSL_write failed");
if (nonBlocking) {
/* give server a chance to bounce a message back to client */
#ifdef USE_WINDOWS_API
Sleep(500);
#elif defined(WOLFSSL_TIRTOS)
Task_sleep(1);
#else
sleep(1);
#endif
}
input = wolfSSL_read(sslResume, reply, sizeof(reply)-1);
if (input > 0) {
reply[input] = 0;
printf("Server resume response: %s\n", reply);
}
/* try to send session break */
wolfSSL_write(sslResume, msg, msgSz);
wolfSSL_shutdown(sslResume);
wolfSSL_free(sslResume);
CloseSocket(sockfd);
}
#endif /* NO_SESSION_CACHE */
wolfSSL_CTX_free(ctx);
((func_args*)args)->return_code = 0;
#ifdef USE_WOLFSSL_MEMORY
if (trackMemory)
ShowMemoryTracker();
#endif /* USE_WOLFSSL_MEMORY */
#if !defined(WOLFSSL_TIRTOS)
return 0;
#endif
}
CONCRETE_IO_HANDLE tlsio_wolfssl_create(void* io_create_parameters)
{
TLSIO_CONFIG* tls_io_config = io_create_parameters;
TLS_IO_INSTANCE* result;
if (tls_io_config == NULL)
{
result = NULL;
}
else
{
result = (TLS_IO_INSTANCE*)malloc(sizeof(TLS_IO_INSTANCE));
if (result != NULL)
{
memset(result, 0, sizeof(TLS_IO_INSTANCE));
mallocAndStrcpy_s(&result->hostname, tls_io_config->hostname);
result->port = tls_io_config->port;
result->socket_io_read_bytes = 0;
result->socket_io_read_byte_count = 0;
result->socket_io = NULL;
result->ssl = NULL;
result->ssl_context = NULL;
result->certificate = NULL;
result->on_bytes_received = NULL;
result->on_bytes_received_context = NULL;
result->on_io_open_complete = NULL;
result->on_io_open_complete_context = NULL;
result->on_io_close_complete = NULL;
result->on_io_close_complete_context = NULL;
result->on_io_error = NULL;
result->on_io_error_context = NULL;
result->tlsio_state = TLSIO_STATE_NOT_OPEN;
result->ssl_context = wolfSSL_CTX_new(wolfTLSv1_client_method());
if (result->ssl_context == NULL)
{
free(result);
result = NULL;
}
else
{
const IO_INTERFACE_DESCRIPTION* socket_io_interface = socketio_get_interface_description();
if (socket_io_interface == NULL)
{
wolfSSL_CTX_free(result->ssl_context);
free(result);
result = NULL;
}
else
{
SOCKETIO_CONFIG socketio_config;
socketio_config.hostname = result->hostname;
socketio_config.port = result->port;
socketio_config.accepted_socket = NULL;
result->socket_io = xio_create(socket_io_interface, &socketio_config);
if (result->socket_io == NULL)
{
LogError("Failure connecting to underlying socket_io");
wolfSSL_CTX_free(result->ssl_context);
free(result);
result = NULL;
}
}
}
}
}
return result;
}
int main()
{
/*
* Creates a socket that uses an internet IP address,
* Sets the type to be Stream based (TCP),
* 0 means choose the default protocol.
*/
socklen_t sockfd = socket(AF_INET, SOCK_STREAM, 0);
int ret = 0; /* Return Variable */
int loopExit = 0; /* 0 = False, 1 = True */
/* Server and Client socket address structures */
struct sockaddr_in serverAddr = {0}, clientAddr = {0};
/* Initialize the server address struct to zero */
memset((char *)&serverAddr, 0, sizeof(serverAddr));
/* Fill the server's address family */
serverAddr.sin_family = AF_INET;
serverAddr.sin_addr.s_addr = INADDR_ANY;
serverAddr.sin_port = htons(DEFAULT_PORT);
/* initialize wolfSSL */
wolfSSL_Init();
/* If positive value, the socket is valid */
if (sockfd == -1) {
printf("ERROR: failed to create the socket\n");
return EXIT_FAILURE;
}
/* Create and initialize WOLFSSL_CTX structure */
if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method())) == NULL) {
fprintf(stderr, "wolfSSL_CTX_new error.\n");
return EXIT_FAILURE;
}
/* Load server certificate into WOLFSSL_CTX */
if (wolfSSL_CTX_use_certificate_file(ctx, "../certs/server-cert.pem",
SSL_FILETYPE_PEM) != SSL_SUCCESS) {
fprintf(stderr, "Error loading certs/server-cert.pem, please check"
"the file.\n");
return EXIT_FAILURE;
}
/* Load server key into WOLFSSL_CTX */
if (wolfSSL_CTX_use_PrivateKey_file(ctx, "../certs/server-key.pem",
SSL_FILETYPE_PEM) != SSL_SUCCESS) {
fprintf(stderr, "Error loading certs/server-key.pem, please check"
"the file.\n");
return EXIT_FAILURE;
}
/* Attach the server socket to our port */
if (bind(sockfd, (struct sockaddr *)&serverAddr, sizeof(serverAddr))
< 0) {
printf("ERROR: failed to bind\n");
return EXIT_FAILURE;
}
printf("Waiting for a connection...\n");
/* Continuously accept connects while not currently in an active connection
or told to quit */
while (loopExit == 0) {
/* Listen for a new connection, allow 5 pending connections */
ret = listen(sockfd, 5);
if (ret == 0) {
/* Accept client connections and read from them */
loopExit = AcceptAndRead(sockfd, clientAddr);
}
}
wolfSSL_CTX_free(ctx); /* Free WOLFSSL_CTX */
wolfSSL_Cleanup(); /* Free wolfSSL */
return EXIT_SUCCESS;
}
int main (int argc, char** argv)
{
/* standard variables used in a dtls client*/
int sockfd = 0;
int err1;
int readErr;
struct sockaddr_in servAddr;
const char* host = argv[1];
WOLFSSL* ssl = 0;
WOLFSSL_CTX* ctx = 0;
WOLFSSL* sslResume = 0;
WOLFSSL_SESSION* session = 0;
char* srTest = "testing session resume";
char cert_array[] = "../certs/ca-cert.pem";
char buffer[80];
char* certs = cert_array;
/* variables used in a dtls client for session reuse*/
int recvlen;
char sendLine[MAXLINE];
char recvLine[MAXLINE - 1];
if (argc != 2) {
printf("usage: udpcli <IP address>\n");
return 1;
}
wolfSSL_Init();
/* Un-comment the following line to enable debugging */
/* wolfSSL_Debugging_ON(); */
if ( (ctx = wolfSSL_CTX_new(wolfDTLSv1_2_client_method())) == NULL) {
fprintf(stderr, "wolfSSL_CTX_new error.\n");
return 1;
}
if (wolfSSL_CTX_load_verify_locations(ctx, certs, 0) != SSL_SUCCESS) {
fprintf(stderr, "Error loading %s, please check the file.\n", certs);
return 1;
}
ssl = wolfSSL_new(ctx);
if (ssl == NULL) {
printf("unable to get ssl object");
return 1;
}
memset(&servAddr, 0, sizeof(servAddr));
servAddr.sin_family = AF_INET;
servAddr.sin_port = htons(SERV_PORT);
if ( (inet_pton(AF_INET, host, &servAddr.sin_addr)) < 1) {
printf("Error and/or invalid IP address");
return 1;
}
wolfSSL_dtls_set_peer(ssl, &servAddr, sizeof(servAddr));
if ( (sockfd = socket(AF_INET, SOCK_DGRAM, 0)) < 0) {
printf("cannot create a socket.");
return 1;
}
wolfSSL_set_fd(ssl, sockfd);
if (wolfSSL_connect(ssl) != SSL_SUCCESS) {
err1 = wolfSSL_get_error(ssl, 0);
memset(buffer, 0, 80);
printf("err = %d, %s\n", err1, wolfSSL_ERR_error_string(err1, buffer));
printf("SSL_connect failed");
return 1;
}
/*****************************************************************************/
/* Code for sending datagram to server */
/* Loop while the user gives input or until an EOF is read */
while( fgets(sendLine, MAXLINE, stdin) != NULL ) {
/* Attempt to send sendLine to the server */
if ( ( wolfSSL_write(ssl, sendLine, strlen(sendLine))) !=
strlen(sendLine) ) {
printf("Error: wolfSSL_write failed.\n");
}
/* Attempt to read a message from server and store it in recvLine */
recvlen = wolfSSL_read(ssl, recvLine, sizeof(recvLine) - 1);
/* Error checking wolfSSL_read */
if (recvlen < 0) {
readErr = wolfSSL_get_error(ssl, 0);
if (readErr != SSL_ERROR_WANT_READ) {
printf("Error: wolfSSL_read failed.\n");
}
}
recvLine[recvlen] = '\0';
fputs(recvLine, stdout);
}
/* */
/*****************************************************************************/
/* Keep track of the old session information */
wolfSSL_write(ssl, srTest, sizeof(srTest));
session = wolfSSL_get_session(ssl);
sslResume = wolfSSL_new(ctx);
/* Cleanup the memory used by the old session & ssl object */
wolfSSL_shutdown(ssl);
wolfSSL_free(ssl);
close(sockfd);
/* Perform setup with new variables/old session information */
memset(&servAddr, 0, sizeof(servAddr));
servAddr.sin_family = AF_INET;
servAddr.sin_port = htons(SERV_PORT);
if ( (inet_pton(AF_INET, host, &servAddr.sin_addr)) < 1) {
printf("Error and/or invalid IP address");
return 1;
}
wolfSSL_dtls_set_peer(sslResume, &servAddr, sizeof(servAddr));
if ( (sockfd = socket(AF_INET, SOCK_DGRAM, 0)) < 0) {
printf("cannot create a socket.");
return 1;
}
wolfSSL_set_fd(sslResume, sockfd);
/* New method call - specifies to the WOLFSSL object to use the *
* given WOLFSSL_SESSION object */
wolfSSL_set_session(sslResume, session);
wolfSSL_set_fd(sslResume, sockfd);
if (wolfSSL_connect(sslResume) != SSL_SUCCESS) {
err1 = wolfSSL_get_error(sslResume, 0);
memset(buffer, 0, 80);
printf("err = %d, %s\n", err1, wolfSSL_ERR_error_string(err1, buffer));
printf("SSL_connect failed on session reuse\n");
return 1;
}
if (wolfSSL_session_reused(sslResume)) {
printf("reused session id\n");
}
else {
printf("didn't reuse session id!!!\n");
}
/*****************************************************************************/
/* Code for sending datagram to server */
/* Clear out variables for reuse */
recvlen = 0;
memset(sendLine, 0, MAXLINE);
memset(recvLine, 0, MAXLINE - 1);
/* Loop while the user gives input or until an EOF is read */
while( fgets(sendLine, MAXLINE, stdin) != NULL ) {
/* Attempt to send sendLine to the server */
if ( ( wolfSSL_write(ssl, sendLine, strlen(sendLine))) !=
strlen(sendLine) ) {
printf("Error: wolfSSL_write failed.\n");
}
/* Attempt to read a message from server and store it in recvLine */
recvlen = wolfSSL_read(ssl, recvLine, sizeof(recvLine) - 1);
/* Error checking wolfSSL_read */
if (recvlen < 0) {
readErr = wolfSSL_get_error(ssl, 0);
if (readErr != SSL_ERROR_WANT_READ) {
printf("Error: wolfSSL_read failed.\n");
}
}
recvLine[recvlen] = '\0';
fputs(recvLine, stdout);
}
/* */
/*****************************************************************************/
wolfSSL_write(sslResume, srTest, sizeof(srTest));
/* Cleanup memory used for storing the session information */
wolfSSL_shutdown(sslResume);
wolfSSL_free(sslResume);
close(sockfd);
wolfSSL_CTX_free(ctx);
wolfSSL_Cleanup();
return 0;
}
static void test_wolfSSL_UseSNI_params(void)
{
WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
WOLFSSL *ssl = wolfSSL_new(ctx);
AssertNotNull(ctx);
AssertNotNull(ssl);
/* invalid [ctx|ssl] */
AssertIntNE(SSL_SUCCESS, wolfSSL_CTX_UseSNI(NULL, 0, "ctx", 3));
AssertIntNE(SSL_SUCCESS, wolfSSL_UseSNI( NULL, 0, "ssl", 3));
/* invalid type */
AssertIntNE(SSL_SUCCESS, wolfSSL_CTX_UseSNI(ctx, -1, "ctx", 3));
AssertIntNE(SSL_SUCCESS, wolfSSL_UseSNI( ssl, -1, "ssl", 3));
/* invalid data */
AssertIntNE(SSL_SUCCESS, wolfSSL_CTX_UseSNI(ctx, 0, NULL, 3));
AssertIntNE(SSL_SUCCESS, wolfSSL_UseSNI( ssl, 0, NULL, 3));
/* success case */
AssertIntEQ(SSL_SUCCESS, wolfSSL_CTX_UseSNI(ctx, 0, "ctx", 3));
AssertIntEQ(SSL_SUCCESS, wolfSSL_UseSNI( ssl, 0, "ssl", 3));
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
}
