/* * Pulled in from examples/server/server.c * Function to handle nonblocking. Loops until tcp_select notifies that it's * ready for action. */ int NonBlockingSSL(WOLFSSL* ssl) { int ret; int error; int select_ret; int sockfd = wolfSSL_get_fd(ssl); ret = wolfSSL_accept(ssl); error = wolfSSL_get_error(ssl, 0); while (ret != SSL_SUCCESS && (error == SSL_ERROR_WANT_READ || error == SSL_ERROR_WANT_WRITE)) { int currTimeout = 1; /* print out for user notification */ if (error == SSL_ERROR_WANT_READ) printf("... server would read block\n"); else printf("... server would write block\n"); select_ret = tcp_select(sockfd, currTimeout); /* if tcp_select signals ready try to accept otherwise continue loop*/ if ((select_ret == TEST_RECV_READY) || (select_ret == TEST_ERROR_READY)) { ret = wolfSSL_accept(ssl); error = wolfSSL_get_error(ssl, 0); } else if (select_ret == TEST_TIMEOUT) { error = SSL_ERROR_WANT_READ; } else { error = SSL_FATAL_ERROR; } } /* faliure to accept */ if (ret != SSL_SUCCESS) { printf("Fatal error : SSL_accept failed\n"); ret = SSL_FATAL_ERROR; } return ret; }
/* Server accepting a client using TLS */ static int wolfssl_server_accept(WOLFSSL* server_ssl) { int ret = 0; if (wolfSSL_accept(server_ssl) != WOLFSSL_SUCCESS) { if (wolfSSL_want_read(server_ssl)) { printf("Server waiting for server\n"); } else if (wolfSSL_want_write(server_ssl)) { printf("Server waiting for buffer\n"); } else ret = -1; } return ret; }
int main() { /* set up server */ WOLFSSL_CTX* srv_ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method()); if (srv_ctx == NULL) err_sys("bad server ctx new"); int ret = wolfSSL_CTX_use_PrivateKey_file(srv_ctx, key, SSL_FILETYPE_PEM); if (ret != SSL_SUCCESS) err_sys("bad server key file load"); ret = wolfSSL_CTX_use_certificate_file(srv_ctx, cert, SSL_FILETYPE_PEM); if (ret != SSL_SUCCESS) err_sys("bad server cert file load"); wolfSSL_SetIOSend(srv_ctx, ServerSend); wolfSSL_SetIORecv(srv_ctx, ServerRecv); WOLFSSL* srv_ssl = wolfSSL_new(srv_ctx); if (srv_ctx == NULL) err_sys("bad server new"); /* start client thread */ pthread_t tid; pthread_create(&tid, 0, client_thread, NULL); /* accept tls connection without tcp sockets */ ret = wolfSSL_accept(srv_ssl); if (ret != SSL_SUCCESS) err_sys("bad server tls accept"); printf("wolfSSL accept success!\n"); /* read msg post handshake from client */ unsigned char buf[80]; memset(buf, 0, sizeof(buf)); ret = wolfSSL_read(srv_ssl, buf, sizeof(buf)-1); printf("client msg = %s\n", buf); /* clean up */ wolfSSL_free(srv_ssl); wolfSSL_CTX_free(srv_ctx); return 0; }
/* Accept/negotiate a secure connection. * * ssl The wolfSSL object. * acceptTime The amount of time spent accepting a client. * resumeTime The amount of time spent resuming a connection with a client. * returns 0 on failure, 1 on success, 2 on want read and 3 on want write. */ static int SSL_Accept(WOLFSSL* ssl, double* acceptTime, double* resumeTime) { int ret; int error; double start, diff; /* Accept the connection. */ start = current_time(1); ret = wolfSSL_accept(ssl); diff = current_time(0) - start; pthread_mutex_lock(&sslConnMutex); if (!wolfSSL_session_reused(ssl)) *acceptTime += diff; else *resumeTime += diff; pthread_mutex_unlock(&sslConnMutex); if (ret == 0) { fprintf(stderr, "The client has closed the connection - accept!\n"); return 0; } if (ret == SSL_SUCCESS) return 1; error = wolfSSL_get_error(ssl, 0); if (error == SSL_ERROR_WANT_READ) return 2; if (error == SSL_ERROR_WANT_WRITE) return 3; if (error == WC_PENDING_E) return 4; /* Cannot do anything about other errors. */ fprintf(stderr, "wolfSSL_accept error = %d\n", error); return 0; }
int main() { int sd = socket(PF_INET, SOCK_STREAM, IPPROTO_SCTP); if (sd < 0) err_sys("sctp socket error"); struct sockaddr_in sa; memset(&sa, 0, sizeof(sa)); sa.sin_family = AF_INET; sa.sin_addr.s_addr = htonl(INADDR_ANY); sa.sin_port = htons(12345); int ret = bind(sd, (struct sockaddr*)&sa, sizeof(sa)); if (ret < 0) err_sys("sctp bind error"); listen(sd, 3); int client_sd = accept(sd, NULL, NULL); if (client_sd < 0) err_sys("sctp accept error"); const char* response = "well hello to you"; char buffer[80]; WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfDTLSv1_2_server_method()); if (ctx == NULL) err_sys("ctx new dtls server failed"); ret = wolfSSL_CTX_dtls_set_sctp(ctx); if (ret != SSL_SUCCESS) err_sys("set sctp mode failed"); ret = wolfSSL_CTX_use_PrivateKey_file(ctx, key, SSL_FILETYPE_PEM); if (ret != SSL_SUCCESS) err_sys("use private key error"); ret = wolfSSL_CTX_use_certificate_file(ctx, cert, SSL_FILETYPE_PEM); if (ret != SSL_SUCCESS) err_sys("use cert error"); WOLFSSL* ssl = wolfSSL_new(ctx); if (ssl == NULL) err_sys("ssl new dtls server failed"); wolfSSL_set_fd(ssl, client_sd); ret = wolfSSL_accept(ssl); if (ret != SSL_SUCCESS) err_sys("ssl accept failed"); printf("TLS version is %s\n", wolfSSL_get_version(ssl)); printf("Cipher Suite is %s\n", wolfSSL_CIPHER_get_name(wolfSSL_get_current_cipher(ssl))); int got = wolfSSL_read(ssl, buffer, sizeof(buffer)); if (got > 0) { buffer[got] = 0; printf("client said: %s\n", buffer); } wolfSSL_write(ssl, response, (int)strlen(response)); unsigned char bigBuf[4096]; wolfSSL_read(ssl, bigBuf, sizeof(bigBuf)); wolfSSL_write(ssl, bigBuf, sizeof(bigBuf)); wolfSSL_shutdown(ssl); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); close(sd); return 0; }
static THREAD_RETURN WOLFSSL_THREAD run_wolfssl_server(void* args) { callback_functions* callbacks = ((func_args*)args)->callbacks; WOLFSSL_CTX* ctx = wolfSSL_CTX_new(callbacks->method()); WOLFSSL* ssl = NULL; SOCKET_T sfd = 0; SOCKET_T cfd = 0; word16 port = wolfSSLPort; char msg[] = "I hear you fa shizzle!"; int len = (int) XSTRLEN(msg); char input[1024]; int idx; #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif ((func_args*)args)->return_code = TEST_FAIL; #if defined(NO_MAIN_DRIVER) && !defined(USE_WINDOWS_API) && \ !defined(WOLFSSL_SNIFFER) && !defined(WOLFSSL_MDK_SHELL) && \ !defined(WOLFSSL_TIRTOS) port = 0; #endif wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0); #ifdef OPENSSL_EXTRA wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); #endif AssertIntEQ(SSL_SUCCESS, wolfSSL_CTX_load_verify_locations(ctx, cliCert, 0)); AssertIntEQ(SSL_SUCCESS, wolfSSL_CTX_use_certificate_file(ctx, svrCert, SSL_FILETYPE_PEM)); AssertIntEQ(SSL_SUCCESS, wolfSSL_CTX_use_PrivateKey_file(ctx, svrKey, SSL_FILETYPE_PEM)); if (callbacks->ctx_ready) callbacks->ctx_ready(ctx); ssl = wolfSSL_new(ctx); tcp_accept(&sfd, &cfd, (func_args*)args, port, 0, 0, 0); CloseSocket(sfd); wolfSSL_set_fd(ssl, cfd); #ifdef NO_PSK #if !defined(NO_FILESYSTEM) && !defined(NO_DH) wolfSSL_SetTmpDH_file(ssl, dhParam, SSL_FILETYPE_PEM); #elif !defined(NO_DH) SetDH(ssl); /* will repick suites with DHE, higher priority than PSK */ #endif #endif if (callbacks->ssl_ready) callbacks->ssl_ready(ssl); /* AssertIntEQ(SSL_SUCCESS, wolfSSL_accept(ssl)); */ if (wolfSSL_accept(ssl) != SSL_SUCCESS) { int err = wolfSSL_get_error(ssl, 0); char buffer[WOLFSSL_MAX_ERROR_SZ]; printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buffer)); } else { if (0 < (idx = wolfSSL_read(ssl, input, sizeof(input)-1))) { input[idx] = 0; printf("Client message: %s\n", input); } AssertIntEQ(len, wolfSSL_write(ssl, msg, len)); #ifdef WOLFSSL_TIRTOS Task_yield(); #endif wolfSSL_shutdown(ssl); } if (callbacks->on_result) callbacks->on_result(ssl); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); CloseSocket(cfd); ((func_args*)args)->return_code = TEST_SUCCESS; #ifdef WOLFSSL_TIRTOS fdCloseSession(Task_self()); #endif #if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \ && defined(HAVE_THREAD_LS) wc_ecc_fp_free(); /* free per thread cache */ #endif #ifndef WOLFSSL_TIRTOS return 0; #endif }
static THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args) { SOCKET_T sockfd = 0; SOCKET_T clientfd = 0; word16 port = wolfSSLPort; WOLFSSL_METHOD* method = 0; WOLFSSL_CTX* ctx = 0; WOLFSSL* ssl = 0; char msg[] = "I hear you fa shizzle!"; char input[1024]; int idx; #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif ((func_args*)args)->return_code = TEST_FAIL; method = wolfSSLv23_server_method(); ctx = wolfSSL_CTX_new(method); #if defined(NO_MAIN_DRIVER) && !defined(USE_WINDOWS_API) && \ !defined(WOLFSSL_SNIFFER) && !defined(WOLFSSL_MDK_SHELL) && \ !defined(WOLFSSL_TIRTOS) port = 0; #endif wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0); #ifdef OPENSSL_EXTRA wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); #endif if (wolfSSL_CTX_load_verify_locations(ctx, cliCert, 0) != SSL_SUCCESS) { /*err_sys("can't load ca file, Please run from wolfSSL home dir");*/ goto done; } if (wolfSSL_CTX_use_certificate_file(ctx, svrCert, SSL_FILETYPE_PEM) != SSL_SUCCESS) { /*err_sys("can't load server cert chain file, " "Please run from wolfSSL home dir");*/ goto done; } if (wolfSSL_CTX_use_PrivateKey_file(ctx, svrKey, SSL_FILETYPE_PEM) != SSL_SUCCESS) { /*err_sys("can't load server key file, " "Please run from wolfSSL home dir");*/ goto done; } ssl = wolfSSL_new(ctx); tcp_accept(&sockfd, &clientfd, (func_args*)args, port, 0, 0, 0); CloseSocket(sockfd); wolfSSL_set_fd(ssl, clientfd); #ifdef NO_PSK #if !defined(NO_FILESYSTEM) && !defined(NO_DH) wolfSSL_SetTmpDH_file(ssl, dhParam, SSL_FILETYPE_PEM); #elif !defined(NO_DH) SetDH(ssl); /* will repick suites with DHE, higher priority than PSK */ #endif #endif if (wolfSSL_accept(ssl) != SSL_SUCCESS) { int err = wolfSSL_get_error(ssl, 0); char buffer[WOLFSSL_MAX_ERROR_SZ]; printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buffer)); /*err_sys("SSL_accept failed");*/ goto done; } idx = wolfSSL_read(ssl, input, sizeof(input)-1); if (idx > 0) { input[idx] = 0; printf("Client message: %s\n", input); } if (wolfSSL_write(ssl, msg, sizeof(msg)) != sizeof(msg)) { /*err_sys("SSL_write failed");*/ #ifdef WOLFSSL_TIRTOS return; #else return 0; #endif } #ifdef WOLFSSL_TIRTOS Task_yield(); #endif done: wolfSSL_shutdown(ssl); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); CloseSocket(clientfd); ((func_args*)args)->return_code = TEST_SUCCESS; #ifdef WOLFSSL_TIRTOS fdCloseSession(Task_self()); #endif #if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \ && defined(HAVE_THREAD_LS) wc_ecc_fp_free(); /* free per thread cache */ #endif #ifndef WOLFSSL_TIRTOS return 0; #endif }
int main(int argc, char** argv) { /* cont short for "continue?", Loc short for "location" */ int cont = 0; char caCertLoc[] = "../certs/ca-cert.pem"; char servCertLoc[] = "../certs/server-cert.pem"; char servKeyLoc[] = "../certs/server-key.pem"; WOLFSSL_CTX* ctx; /* Variables for awaiting datagram */ int on = 1; int res = 1; int connfd = 0; int recvLen = 0; /* length of message */ int listenfd = 0; /* Initialize our socket */ WOLFSSL* ssl = NULL; socklen_t cliLen; socklen_t len = sizeof(int); unsigned char b[MSGLEN]; /* watch for incoming messages */ char buff[MSGLEN]; /* the incoming message */ char ack[] = "I hear you fashizzle!\n"; /* Code for handling signals */ struct sigaction act, oact; act.sa_handler = sig_handler; sigemptyset(&act.sa_mask); act.sa_flags = 0; sigaction(SIGINT, &act, &oact); /* "./config --enable-debug" and uncomment next line for debugging */ /* wolfSSL_Debugging_ON(); */ /* Initialize wolfSSL */ wolfSSL_Init(); /* Set ctx to DTLS 1.2 */ if ((ctx = wolfSSL_CTX_new(wolfDTLSv1_2_server_method())) == NULL) { printf("wolfSSL_CTX_new error.\n"); return 1; } /* Load CA certificates */ if (wolfSSL_CTX_load_verify_locations(ctx,caCertLoc,0) != SSL_SUCCESS) { printf("Error loading %s, please check the file.\n", caCertLoc); return 1; } /* Load server certificates */ if (wolfSSL_CTX_use_certificate_file(ctx, servCertLoc, SSL_FILETYPE_PEM) != SSL_SUCCESS) { printf("Error loading %s, please check the file.\n", servCertLoc); return 1; } /* Load server Keys */ if (wolfSSL_CTX_use_PrivateKey_file(ctx, servKeyLoc, SSL_FILETYPE_PEM) != SSL_SUCCESS) { printf("Error loading %s, please check the file.\n", servKeyLoc); return 1; } /* Await Datagram */ while (cleanup != 1) { /* Create a UDP/IP socket */ if ((listenfd = socket(AF_INET6, SOCK_DGRAM, 0)) < 0 ) { printf("Cannot create socket.\n"); cleanup = 1; } printf("Socket allocated\n"); /* clear servAddr each loop */ memset((char *)&servAddr, 0, sizeof(servAddr)); /* host-to-network-long conversion (htonl) */ /* host-to-network-short conversion (htons) */ servAddr.sin6_family = AF_INET6; servAddr.sin6_port = htons(SERV_PORT); /* Eliminate socket already in use error */ res = setsockopt(listenfd, SOL_SOCKET, SO_REUSEADDR, &on, len); if (res < 0) { printf("Setsockopt SO_REUSEADDR failed.\n"); cleanup = 1; cont = 1; } /*Bind Socket*/ if (bind(listenfd, (struct sockaddr*)&servAddr, sizeof(servAddr)) < 0) { printf("Bind failed.\n"); cleanup = 1; cont = 1; } printf("Awaiting client connection on port %d\n", SERV_PORT); cliLen = sizeof(cliaddr); connfd = (int)recvfrom(listenfd, (char *)&b, sizeof(b), MSG_PEEK, (struct sockaddr*)&cliaddr, &cliLen); if (connfd < 0) { printf("No clients in que, enter idle state\n"); continue; } else if (connfd > 0) { if (connect(listenfd, (const struct sockaddr *)&cliaddr, sizeof(cliaddr)) != 0) { printf("Udp connect failed.\n"); cleanup = 1; cont = 1; } } else { printf("Recvfrom failed.\n"); cleanup = 1; cont = 1; } printf("Connected!\n"); /* Create the WOLFSSL Object */ if ((ssl = wolfSSL_new(ctx)) == NULL) { printf("wolfSSL_new error.\n"); cleanup = 1; cont = 1; } /* set the session ssl to client connection port */ wolfSSL_set_fd(ssl, listenfd); if (wolfSSL_accept(ssl) != SSL_SUCCESS) { int e = wolfSSL_get_error(ssl, 0); printf("error = %d, %s\n", e, wolfSSL_ERR_reason_error_string(e)); printf("SSL_accept failed.\n"); continue; } if ((recvLen = wolfSSL_read(ssl, buff, sizeof(buff)-1)) > 0) { printf("heard %d bytes\n", recvLen); buff[recvLen] = 0; printf("I heard this: \"%s\"\n", buff); } else if (recvLen < 0) { int readErr = wolfSSL_get_error(ssl, 0); if(readErr != SSL_ERROR_WANT_READ) { printf("SSL_read failed.\n"); cleanup = 1; cont = 1; } } if (wolfSSL_write(ssl, ack, sizeof(ack)) < 0) { printf("wolfSSL_write fail.\n"); cleanup = 1; cont = 1; } else { printf("Sending reply.\n"); } printf("reply sent \"%s\"\n", ack); wolfSSL_set_fd(ssl, 0); wolfSSL_shutdown(ssl); wolfSSL_free(ssl); printf("Client left cont to idle state\n"); cont = 0; } /* With the "continue" keywords, it is possible for the loop to exit * * without changing the value of cont */ if (cleanup == 1) { cont = 1; } if (cont == 1) { wolfSSL_CTX_free(ctx); wolfSSL_Cleanup(); } return 0; }