/* Use this callback to setup TLS certificates and verify callbacks */ static int mqtt_aws_tls_cb(MqttClient* client) { int rc = SSL_FAILURE; client->tls.ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()); if (client->tls.ctx) { wolfSSL_CTX_set_verify(client->tls.ctx, SSL_VERIFY_PEER, mqtt_aws_tls_verify_cb); /* Load CA certificate buffer */ rc = wolfSSL_CTX_load_verify_buffer(client->tls.ctx, (const byte*)root_ca, (long)XSTRLEN(root_ca), SSL_FILETYPE_PEM); /* Load Client Cert */ if (rc == SSL_SUCCESS) rc = wolfSSL_CTX_use_certificate_buffer(client->tls.ctx, (const byte*)device_cert, (long)XSTRLEN(device_cert), SSL_FILETYPE_PEM); /* Load Private Key */ if (rc == SSL_SUCCESS) rc = wolfSSL_CTX_use_PrivateKey_buffer(client->tls.ctx, (const byte*)device_priv_key, (long)XSTRLEN(device_priv_key), SSL_FILETYPE_PEM); } PRINTF("MQTT TLS Setup (%d)", rc); return rc; }
static int build_http_request(const char* domainName, const char* path, int ocspReqSz, byte* buf, int bufSize) { word32 domainNameLen, pathLen, ocspReqSzStrLen, completeLen; char ocspReqSzStr[6]; domainNameLen = (word32)XSTRLEN(domainName); pathLen = (word32)XSTRLEN(path); ocspReqSzStrLen = Word16ToString(ocspReqSzStr, (word16)ocspReqSz); completeLen = domainNameLen + pathLen + ocspReqSzStrLen + 84; if (completeLen > (word32)bufSize) return 0; XSTRNCPY((char*)buf, "POST ", 5); buf += 5; XSTRNCPY((char*)buf, path, pathLen); buf += pathLen; XSTRNCPY((char*)buf, " HTTP/1.1\r\nHost: ", 17); buf += 17; XSTRNCPY((char*)buf, domainName, domainNameLen); buf += domainNameLen; XSTRNCPY((char*)buf, "\r\nContent-Length: ", 18); buf += 18; XSTRNCPY((char*)buf, ocspReqSzStr, ocspReqSzStrLen); buf += ocspReqSzStrLen; XSTRNCPY((char*)buf, "\r\nContent-Type: application/ocsp-request\r\n\r\n", 44); return completeLen; }
int wolfCLU_checkForArg(char* searchTerm, int length, int argc, char** argv) { int i; int ret = 0; int argFound = 0; for (i = 0; i < argc; i++) { if (argv[i] == NULL) { ret = 0; break; /* stop checking if no more args*/ } else if (XSTRNCMP(searchTerm, "-help", length) == 0 && XSTRNCMP(argv[i], "-help", XSTRLEN(argv[i])) == 0) { return 1; } else if (XSTRNCMP(argv[i], searchTerm, length) == 0 && XSTRNCMP(argv[i], searchTerm, XSTRLEN(argv[i])) == 0) { ret = i; if (argFound == 1) { printf("ERROR: argument found twice: \"%s\"\n", searchTerm); return USER_INPUT_ERROR; } argFound = 1; } } return ret; }
int md5_test(void) { Md5 md5; byte hash[MD5_DIGEST_SIZE]; testVector a, b, c, d, e; testVector test_md5[5]; int times = sizeof(test_md5) / sizeof(testVector), i; a.input = "abc"; a.output = "\x90\x01\x50\x98\x3c\xd2\x4f\xb0\xd6\x96\x3f\x7d\x28\xe1\x7f" "\x72"; a.inLen = XSTRLEN(a.input); a.outLen = XSTRLEN(a.output); b.input = "message digest"; b.output = "\xf9\x6b\x69\x7d\x7c\xb7\x93\x8d\x52\x5a\x2f\x31\xaa\xf1\x61" "\xd0"; b.inLen = XSTRLEN(b.input); b.outLen = XSTRLEN(b.output); c.input = "abcdefghijklmnopqrstuvwxyz"; c.output = "\xc3\xfc\xd3\xd7\x61\x92\xe4\x00\x7d\xfb\x49\x6c\xca\x67\xe1" "\x3b"; c.inLen = XSTRLEN(c.input); c.outLen = XSTRLEN(c.output); d.input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz012345" "6789"; d.output = "\xd1\x74\xab\x98\xd2\x77\xd9\xf5\xa5\x61\x1c\x2c\x9f\x41\x9d" "\x9f"; d.inLen = XSTRLEN(d.input); d.outLen = XSTRLEN(d.output); e.input = "1234567890123456789012345678901234567890123456789012345678" "9012345678901234567890"; e.output = "\x57\xed\xf4\xa2\x2b\xe3\xc9\x55\xac\x49\xda\x2e\x21\x07\xb6" "\x7a"; e.inLen = XSTRLEN(e.input); e.outLen = XSTRLEN(e.output); test_md5[0] = a; test_md5[1] = b; test_md5[2] = c; test_md5[3] = d; test_md5[4] = e; wc_InitMd5(&md5); for (i = 0; i < times; ++i) { wc_Md5Update(&md5, (byte*)test_md5[i].input, (word32)test_md5[i].inLen); wc_Md5Final(&md5, hash); if (XMEMCMP(hash, test_md5[i].output, MD5_DIGEST_SIZE) != 0) return -5 - i; } return 0; }
/* Send application data. */ static int wolfssl_send(WOLFSSL* ssl, const char* msg) { int ret; printf("%s", msg); ret = wolfSSL_write(ssl, msg, XSTRLEN(msg)); if (ret < XSTRLEN(msg)) ret = -1; else ret = 0; return ret; }
int sha512_test(void) { Sha512 sha; byte hash[SHA512_DIGEST_SIZE]; testVector a, b; testVector test_sha[2]; int times = sizeof(test_sha) / sizeof(struct testVector), i; int ret; a.input = "abc"; a.output = "\xdd\xaf\x35\xa1\x93\x61\x7a\xba\xcc\x41\x73\x49\xae\x20\x41" "\x31\x12\xe6\xfa\x4e\x89\xa9\x7e\xa2\x0a\x9e\xee\xe6\x4b\x55" "\xd3\x9a\x21\x92\x99\x2a\x27\x4f\xc1\xa8\x36\xba\x3c\x23\xa3" "\xfe\xeb\xbd\x45\x4d\x44\x23\x64\x3c\xe8\x0e\x2a\x9a\xc9\x4f" "\xa5\x4c\xa4\x9f"; a.inLen = XSTRLEN(a.input); a.outLen = XSTRLEN(a.output); b.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi" "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"; b.output = "\x8e\x95\x9b\x75\xda\xe3\x13\xda\x8c\xf4\xf7\x28\x14\xfc\x14" "\x3f\x8f\x77\x79\xc6\xeb\x9f\x7f\xa1\x72\x99\xae\xad\xb6\x88" "\x90\x18\x50\x1d\x28\x9e\x49\x00\xf7\xe4\x33\x1b\x99\xde\xc4" "\xb5\x43\x3a\xc7\xd3\x29\xee\xb6\xdd\x26\x54\x5e\x96\xe5\x5b" "\x87\x4b\xe9\x09"; b.inLen = XSTRLEN(b.input); b.outLen = XSTRLEN(b.output); test_sha[0] = a; test_sha[1] = b; ret = wc_InitSha512(&sha); if (ret != 0) return ret; for (i = 0; i < times; ++i) { ret = wc_Sha512Update(&sha, (byte*)test_sha[i].input,(word32)test_sha[i].inLen); if (ret != 0) return ret; ret = wc_Sha512Final(&sha, hash); if (ret != 0) return ret; if (XMEMCMP(hash, test_sha[i].output, SHA512_DIGEST_SIZE) != 0) return -10 - i; } return 0; }
int sha384_test() { Sha384 sha; byte hash[SHA384_DIGEST_SIZE]; testVector a, b; testVector test_sha[2]; int times = sizeof(test_sha) / sizeof(struct testVector), i; int ret; a.input = "abc"; a.output = "\xcb\x00\x75\x3f\x45\xa3\x5e\x8b\xb5\xa0\x3d\x69\x9a\xc6\x50" "\x07\x27\x2c\x32\xab\x0e\xde\xd1\x63\x1a\x8b\x60\x5a\x43\xff" "\x5b\xed\x80\x86\x07\x2b\xa1\xe7\xcc\x23\x58\xba\xec\xa1\x34" "\xc8\x25\xa7"; a.inLen = XSTRLEN(a.input); a.outLen = XSTRLEN(a.output); b.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi" "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"; b.output = "\x09\x33\x0c\x33\xf7\x11\x47\xe8\x3d\x19\x2f\xc7\x82\xcd\x1b" "\x47\x53\x11\x1b\x17\x3b\x3b\x05\xd2\x2f\xa0\x80\x86\xe3\xb0" "\xf7\x12\xfc\xc7\xc7\x1a\x55\x7e\x2d\xb9\x66\xc3\xe9\xfa\x91" "\x74\x60\x39"; b.inLen = XSTRLEN(b.input); b.outLen = XSTRLEN(b.output); test_sha[0] = a; test_sha[1] = b; ret = wc_InitSha384(&sha); if (ret != 0) return ret; for (i = 0; i < times; ++i) { ret = wc_Sha384Update(&sha, (byte*)test_sha[i].input,(word32)test_sha[i].inLen); if (ret != 0) return ret; ret = wc_Sha384Final(&sha, hash); if (ret != 0) return ret; if (XMEMCMP(hash, test_sha[i].output, SHA384_DIGEST_SIZE) != 0) return -10 - i; } return 0; }
int sha_test(void) { Sha sha; byte hash[SHA_DIGEST_SIZE]; testVector a, b, c, d; testVector test_sha[4]; int ret = 0; int times = sizeof(test_sha) / sizeof(struct testVector), i; a.input = "abc"; a.output = "\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E\x25\x71\x78\x50\xC2" "\x6C\x9C\xD0\xD8\x9D"; a.inLen = XSTRLEN(a.input); a.outLen = XSTRLEN(a.output); b.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"; b.output = "\x84\x98\x3E\x44\x1C\x3B\xD2\x6E\xBA\xAE\x4A\xA1\xF9\x51\x29" "\xE5\xE5\x46\x70\xF1"; b.inLen = XSTRLEN(b.input); b.outLen = XSTRLEN(b.output); c.input = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" "aaaaaa"; c.output = "\x00\x98\xBA\x82\x4B\x5C\x16\x42\x7B\xD7\xA1\x12\x2A\x5A\x44" "\x2A\x25\xEC\x64\x4D"; c.inLen = XSTRLEN(c.input); c.outLen = XSTRLEN(c.output); d.input = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" "aaaaaaaaaa"; d.output = "\xAD\x5B\x3F\xDB\xCB\x52\x67\x78\xC2\x83\x9D\x2F\x15\x1E\xA7" "\x53\x99\x5E\x26\xA0"; d.inLen = XSTRLEN(d.input); d.outLen = XSTRLEN(d.output); test_sha[0] = a; test_sha[1] = b; test_sha[2] = c; test_sha[3] = d; ret = wc_InitSha(&sha); if (ret != 0) return ret; for (i = 0; i < times; ++i) { wc_ShaUpdate(&sha, (byte*)test_sha[i].input, (word32)test_sha[i].inLen); wc_ShaFinal(&sha, hash); if (XMEMCMP(hash, test_sha[i].output, SHA_DIGEST_SIZE) != 0) return -10 - i; } return 0; }
int sha256_test(void) { Sha256 sha; byte hash[SHA256_DIGEST_SIZE]; testVector a, b; testVector test_sha[2]; int ret; int times = sizeof(test_sha) / sizeof(struct testVector), i; a.input = "abc"; a.output = "\xBA\x78\x16\xBF\x8F\x01\xCF\xEA\x41\x41\x40\xDE\x5D\xAE\x22" "\x23\xB0\x03\x61\xA3\x96\x17\x7A\x9C\xB4\x10\xFF\x61\xF2\x00" "\x15\xAD"; a.inLen = XSTRLEN(a.input); a.outLen = XSTRLEN(a.output); b.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"; b.output = "\x24\x8D\x6A\x61\xD2\x06\x38\xB8\xE5\xC0\x26\x93\x0C\x3E\x60" "\x39\xA3\x3C\xE4\x59\x64\xFF\x21\x67\xF6\xEC\xED\xD4\x19\xDB" "\x06\xC1"; b.inLen = XSTRLEN(b.input); b.outLen = XSTRLEN(b.output); test_sha[0] = a; test_sha[1] = b; ret = wc_InitSha256(&sha); if (ret != 0) return ret; for (i = 0; i < times; ++i) { ret = wc_Sha256Update(&sha, (byte*)test_sha[i].input,(word32)test_sha[i].inLen); if (ret != 0) return ret; ret = wc_Sha256Final(&sha, hash); if (ret != 0) return ret; if (XMEMCMP(hash, test_sha[i].output, SHA256_DIGEST_SIZE) != 0) return -10 - i; } return 0; }
static void use_SNI_at_ctx(CYASSL_CTX* ctx) { byte type = CYASSL_SNI_HOST_NAME; char name[] = "www.yassl.com"; AssertIntEQ(SSL_SUCCESS, CyaSSL_CTX_UseSNI(ctx, type, (void *) name, XSTRLEN(name))); }
static void use_SNI_at_ssl(WOLFSSL* ssl) { byte type = WOLFSSL_SNI_HOST_NAME; char name[] = "www.yassl.com"; AssertIntEQ(SSL_SUCCESS, wolfSSL_UseSNI(ssl, type, (void *) name, XSTRLEN(name))); }
static void different_SNI_at_ssl(CYASSL* ssl) { byte type = CYASSL_SNI_HOST_NAME; char name[] = "ww2.yassl.com"; AssertIntEQ(SSL_SUCCESS, CyaSSL_UseSNI(ssl, type, (void *) name, XSTRLEN(name))); }
int sha224_test(void) { Sha224 sha; byte hash[SHA224_DIGEST_SIZE]; testVector a, b; testVector test_sha[2]; int ret; int times = sizeof(test_sha) / sizeof(struct testVector), i; a.input = "abc"; a.output = "\x23\x09\x7d\x22\x34\x05\xd8\x22\x86\x42\xa4\x77\xbd\xa2\x55" "\xb3\x2a\xad\xbc\xe4\xbd\xa0\xb3\xf7\xe3\x6c\x9d\xa7"; a.inLen = XSTRLEN(a.input); a.outLen = SHA224_DIGEST_SIZE; b.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"; b.output = "\x75\x38\x8b\x16\x51\x27\x76\xcc\x5d\xba\x5d\xa1\xfd\x89\x01" "\x50\xb0\xc6\x45\x5c\xb4\xf5\x8b\x19\x52\x52\x25\x25"; b.inLen = XSTRLEN(b.input); b.outLen = SHA224_DIGEST_SIZE; test_sha[0] = a; test_sha[1] = b; ret = wc_InitSha224(&sha); if (ret != 0) return -4005; for (i = 0; i < times; ++i) { ret = wc_Sha224Update(&sha, (byte*)test_sha[i].input,(word32)test_sha[i].inLen); if (ret != 0) return ret; ret = wc_Sha224Final(&sha, hash); if (ret != 0) return ret; if (XMEMCMP(hash, test_sha[i].output, SHA224_DIGEST_SIZE) != 0) return -10 - i; } return 0; }
int ripemd_test(void) { RipeMd ripemd; byte hash[RIPEMD_DIGEST_SIZE]; testVector a, b, c, d; testVector test_ripemd[4]; int times = sizeof(test_ripemd) / sizeof(struct testVector), i; a.input = "abc"; a.output = "\x8e\xb2\x08\xf7\xe0\x5d\x98\x7a\x9b\x04\x4a\x8e\x98\xc6" "\xb0\x87\xf1\x5a\x0b\xfc"; a.inLen = XSTRLEN(a.input); a.outLen = XSTRLEN(a.output); b.input = "message digest"; b.output = "\x5d\x06\x89\xef\x49\xd2\xfa\xe5\x72\xb8\x81\xb1\x23\xa8" "\x5f\xfa\x21\x59\x5f\x36"; b.inLen = XSTRLEN(b.input); b.outLen = XSTRLEN(b.output); c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"; c.output = "\x12\xa0\x53\x38\x4a\x9c\x0c\x88\xe4\x05\xa0\x6c\x27\xdc" "\xf4\x9a\xda\x62\xeb\x2b"; c.inLen = XSTRLEN(c.input); c.outLen = XSTRLEN(c.output); d.input = "12345678901234567890123456789012345678901234567890123456" "789012345678901234567890"; d.output = "\x9b\x75\x2e\x45\x57\x3d\x4b\x39\xf4\xdb\xd3\x32\x3c\xab" "\x82\xbf\x63\x32\x6b\xfb"; d.inLen = XSTRLEN(d.input); d.outLen = XSTRLEN(d.output); test_ripemd[0] = a; test_ripemd[1] = b; test_ripemd[2] = c; test_ripemd[3] = d; wc_InitRipeMd(&ripemd); for (i = 0; i < times; ++i) { wc_RipeMdUpdate(&ripemd, (byte*)test_ripemd[i].input, (word32)test_ripemd[i].inLen); wc_RipeMdFinal(&ripemd, hash); if (XMEMCMP(hash, test_ripemd[i].output, RIPEMD_DIGEST_SIZE) != 0) return -10 - i; } return 0; }
int CyaSSL_OCSP_set_override_url(CYASSL_OCSP* ocsp, const char* url) { if (ocsp != NULL) { int urlSz = (int)XSTRLEN(url); decode_url(url, urlSz, ocsp->overrideName, ocsp->overridePath, &ocsp->overridePort); return 1; } return 0; }
int CyaSSL_OCSP_set_override_url(CYASSL_OCSP* ocsp, const char* url) { if (ocsp != NULL) { int urlSz = (int)XSTRLEN(url); if (urlSz < (int)sizeof(ocsp->overrideUrl)) { XSTRNCPY(ocsp->overrideUrl, url, urlSz); return 1; } } return 0; }
static void verify_SNI_real_matching(WOLFSSL* ssl) { byte type = WOLFSSL_SNI_HOST_NAME; char* request = NULL; char name[] = "www.yassl.com"; word16 length = XSTRLEN(name); AssertIntEQ(WOLFSSL_SNI_REAL_MATCH, wolfSSL_SNI_Status(ssl, type)); AssertIntEQ(length, wolfSSL_SNI_GetRequest(ssl, type, (void**) &request)); AssertNotNull(request); AssertStrEQ(name, request); }
static void verify_SNI_fake_matching(CYASSL* ssl) { byte type = CYASSL_SNI_HOST_NAME; char* request = NULL; char name[] = "ww2.yassl.com"; word16 length = XSTRLEN(name); AssertIntEQ(CYASSL_SNI_FAKE_MATCH, CyaSSL_SNI_Status(ssl, type)); AssertIntEQ(length, CyaSSL_SNI_GetRequest(ssl, type, (void**) &request)); AssertNotNull(request); AssertStrEQ(name, request); }
/* get the peer information in human readable form (ip, port, family) * default function assumes BSD sockets * can be overriden with wolfSSL_CTX_SetIOGetPeer */ int EmbedGetPeer(WOLFSSL* ssl, char* ip, int* ipSz, unsigned short* port, int* fam) { SOCKADDR_S peer; word32 peerSz; int ret; if (ssl == NULL || ip == NULL || ipSz == NULL || port == NULL || fam == NULL) { return BAD_FUNC_ARG; } /* get peer information stored in ssl struct */ peerSz = sizeof(SOCKADDR_S); if ((ret = wolfSSL_dtls_get_peer(ssl, (void*)&peer, &peerSz)) != SSL_SUCCESS) { return ret; } /* extract family, ip, and port */ *fam = ((SOCKADDR_S*)&peer)->ss_family; switch (*fam) { case WOLFSSL_IP4: if (XINET_NTOP(*fam, &(((SOCKADDR_IN*)&peer)->sin_addr), ip, *ipSz) == NULL) { WOLFSSL_MSG("XINET_NTOP error"); return SOCKET_ERROR_E; } *port = XNTOHS(((SOCKADDR_IN*)&peer)->sin_port); break; case WOLFSSL_IP6: if (XINET_NTOP(*fam, &(((SOCKADDR_IN6*)&peer)->sin6_addr), ip, *ipSz) == NULL) { WOLFSSL_MSG("XINET_NTOP error"); return SOCKET_ERROR_E; } *port = XNTOHS(((SOCKADDR_IN6*)&peer)->sin6_port); break; default: WOLFSSL_MSG("Unknown family type"); return SOCKET_ERROR_E; } ip[*ipSz - 1] = '\0'; /* make sure has terminator */ *ipSz = (word16)XSTRLEN(ip); return SSL_SUCCESS; }
static int mqtt_message_cb(MqttClient *client, MqttMessage *msg, byte msg_new, byte msg_done) { byte buf[PRINT_BUFFER_SIZE+1]; word32 len; MQTTCtx* mqttCtx = (MQTTCtx*)client->ctx; (void)mqttCtx; if (msg_new) { /* Determine min size to dump */ len = msg->topic_name_len; if (len > PRINT_BUFFER_SIZE) { len = PRINT_BUFFER_SIZE; } XMEMCPY(buf, msg->topic_name, len); buf[len] = '\0'; /* Make sure its null terminated */ /* Print incoming message */ PRINTF("MQTT Message: Topic %s, Qos %d, Len %u", buf, msg->qos, msg->total_len); /* for test mode: check if TEST_MESSAGE was received */ if (mqttCtx->test_mode) { if (XSTRLEN(TEST_MESSAGE) == msg->buffer_len && XSTRNCMP(TEST_MESSAGE, (char*)msg->buffer, msg->buffer_len) == 0) { mStopRead = 1; } } } /* Print message payload */ len = msg->buffer_len; if (len > PRINT_BUFFER_SIZE) { len = PRINT_BUFFER_SIZE; } XMEMCPY(buf, msg->buffer, len); buf[len] = '\0'; /* Make sure its null terminated */ PRINTF("Payload (%d - %d): %s", msg->buffer_pos, msg->buffer_pos + len, buf); if (msg_done) { PRINTF("MQTT Message: Done"); } /* Return negative to terminate publish processing */ return MQTT_CODE_SUCCESS; }
static int fwfile_save(const char* filePath, byte* fileBuf, int fileLen) { #if !defined(NO_FILESYSTEM) int ret = 0; FILE* file = NULL; /* Check arguments */ if (filePath == NULL || XSTRLEN(filePath) == 0 || fileLen == 0 || fileBuf == NULL) { return EXIT_FAILURE; } /* Open file */ file = fopen(filePath, "wb"); if (file == NULL) { PRINTF("File %s write error!", filePath); ret = EXIT_FAILURE; goto exit; } /* Save file */ ret = (int)fwrite(fileBuf, 1, fileLen, file); if (ret != fileLen) { PRINTF("Error reading file! %d", ret); ret = EXIT_FAILURE; goto exit; } PRINTF("Saved %d bytes to %s", fileLen, filePath); exit: if (file) { fclose(file); } return ret; #else (void)filePath; (void)fileBuf; PRINTF("Firmware File Save: Len=%d (No Filesystem)", fileLen); return fileLen; #endif }
THREAD_RETURN CYASSL_THREAD client_test(void* args) { SOCKET_T sockfd = 0; CYASSL_METHOD* method = 0; CYASSL_CTX* ctx = 0; CYASSL* ssl = 0; CYASSL* sslResume = 0; CYASSL_SESSION* session = 0; char resumeMsg[] = "resuming cyassl!"; int resumeSz = sizeof(resumeMsg); char msg[32] = "hello cyassl!"; /* GET may make bigger */ char reply[80]; int input; int msgSz = (int)strlen(msg); int port = yasslPort; char* host = (char*)yasslIP; char* domain = (char*)"www.yassl.com"; int ch; int version = CLIENT_INVALID_VERSION; int usePsk = 0; int sendGET = 0; int benchmark = 0; int doDTLS = 0; int matchName = 0; int doPeerCheck = 1; int nonBlocking = 0; int resumeSession = 0; int trackMemory = 0; int useClientCert = 1; int fewerPackets = 0; int atomicUser = 0; int pkCallbacks = 0; char* cipherList = NULL; char* verifyCert = (char*)caCert; char* ourCert = (char*)cliCert; char* ourKey = (char*)cliKey; #ifdef HAVE_SNI char* sniHostName = NULL; #endif #ifdef HAVE_MAX_FRAGMENT byte maxFragment = 0; #endif #ifdef HAVE_TRUNCATED_HMAC byte truncatedHMAC = 0; #endif #ifdef HAVE_OCSP int useOcsp = 0; char* ocspUrl = NULL; #endif int argc = ((func_args*)args)->argc; char** argv = ((func_args*)args)->argv; ((func_args*)args)->return_code = -1; /* error state */ #ifdef NO_RSA verifyCert = (char*)eccCert; ourCert = (char*)cliEccCert; ourKey = (char*)cliEccKey; #endif (void)resumeSz; (void)session; (void)sslResume; (void)trackMemory; (void)atomicUser; (void)pkCallbacks; StackTrap(); while ((ch = mygetopt(argc, argv, "?gdusmNrtfxUPh:p:v:l:A:c:k:b:zS:L:ToO:")) != -1) { switch (ch) { case '?' : Usage(); exit(EXIT_SUCCESS); case 'g' : sendGET = 1; break; case 'd' : doPeerCheck = 0; break; case 'u' : doDTLS = 1; break; case 's' : usePsk = 1; break; case 't' : #ifdef USE_CYASSL_MEMORY trackMemory = 1; #endif break; case 'm' : matchName = 1; break; case 'x' : useClientCert = 0; break; case 'f' : fewerPackets = 1; break; case 'U' : #ifdef ATOMIC_USER atomicUser = 1; #endif break; case 'P' : #ifdef HAVE_PK_CALLBACKS pkCallbacks = 1; #endif break; case 'h' : host = myoptarg; domain = myoptarg; break; case 'p' : port = atoi(myoptarg); #if !defined(NO_MAIN_DRIVER) || defined(USE_WINDOWS_API) if (port == 0) err_sys("port number cannot be 0"); #endif break; case 'v' : version = atoi(myoptarg); if (version < 0 || version > 3) { Usage(); exit(MY_EX_USAGE); } break; case 'l' : cipherList = myoptarg; break; case 'A' : verifyCert = myoptarg; break; case 'c' : ourCert = myoptarg; break; case 'k' : ourKey = myoptarg; break; case 'b' : benchmark = atoi(myoptarg); if (benchmark < 0 || benchmark > 1000000) { Usage(); exit(MY_EX_USAGE); } break; case 'N' : nonBlocking = 1; break; case 'r' : resumeSession = 1; break; case 'z' : #ifndef CYASSL_LEANPSK CyaSSL_GetObjectSize(); #endif break; case 'S' : #ifdef HAVE_SNI sniHostName = myoptarg; #endif break; case 'L' : #ifdef HAVE_MAX_FRAGMENT maxFragment = atoi(myoptarg); if (maxFragment < CYASSL_MFL_2_9 || maxFragment > CYASSL_MFL_2_13) { Usage(); exit(MY_EX_USAGE); } #endif break; case 'T' : #ifdef HAVE_TRUNCATED_HMAC truncatedHMAC = 1; #endif break; case 'o' : #ifdef HAVE_OCSP useOcsp = 1; #endif break; case 'O' : #ifdef HAVE_OCSP useOcsp = 1; ocspUrl = myoptarg; #endif break; default: Usage(); exit(MY_EX_USAGE); } } myoptind = 0; /* reset for test cases */ /* sort out DTLS versus TLS versions */ if (version == CLIENT_INVALID_VERSION) { if (doDTLS) version = CLIENT_DTLS_DEFAULT_VERSION; else version = CLIENT_DEFAULT_VERSION; } else { if (doDTLS) { if (version == 3) version = -2; else version = -1; } } #ifdef USE_CYASSL_MEMORY if (trackMemory) InitMemoryTracker(); #endif switch (version) { #ifndef NO_OLD_TLS case 0: method = CyaSSLv3_client_method(); break; #ifndef NO_TLS case 1: method = CyaTLSv1_client_method(); break; case 2: method = CyaTLSv1_1_client_method(); break; #endif /* NO_TLS */ #endif /* NO_OLD_TLS */ #ifndef NO_TLS case 3: method = CyaTLSv1_2_client_method(); break; #endif #ifdef CYASSL_DTLS case -1: method = CyaDTLSv1_client_method(); break; case -2: method = CyaDTLSv1_2_client_method(); break; #endif default: err_sys("Bad SSL version"); break; } if (method == NULL) err_sys("unable to get method"); ctx = CyaSSL_CTX_new(method); if (ctx == NULL) err_sys("unable to get ctx"); if (cipherList) if (CyaSSL_CTX_set_cipher_list(ctx, cipherList) != SSL_SUCCESS) err_sys("client can't set cipher list 1"); #ifdef CYASSL_LEANPSK usePsk = 1; #endif #if defined(NO_RSA) && !defined(HAVE_ECC) usePsk = 1; #endif if (fewerPackets) CyaSSL_CTX_set_group_messages(ctx); if (usePsk) { #ifndef NO_PSK CyaSSL_CTX_set_psk_client_callback(ctx, my_psk_client_cb); if (cipherList == NULL) { const char *defaultCipherList; #ifdef HAVE_NULL_CIPHER defaultCipherList = "PSK-NULL-SHA256"; #else defaultCipherList = "PSK-AES128-CBC-SHA256"; #endif if (CyaSSL_CTX_set_cipher_list(ctx,defaultCipherList) !=SSL_SUCCESS) err_sys("client can't set cipher list 2"); } #endif useClientCert = 0; } #ifdef OPENSSL_EXTRA CyaSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); #endif #if defined(CYASSL_SNIFFER) && !defined(HAVE_NTRU) && !defined(HAVE_ECC) if (cipherList == NULL) { /* don't use EDH, can't sniff tmp keys */ if (CyaSSL_CTX_set_cipher_list(ctx, "AES256-SHA256") != SSL_SUCCESS) { err_sys("client can't set cipher list 3"); } } #endif #ifdef HAVE_OCSP if (useOcsp) { if (ocspUrl != NULL) { CyaSSL_CTX_SetOCSP_OverrideURL(ctx, ocspUrl); CyaSSL_CTX_EnableOCSP(ctx, CYASSL_OCSP_NO_NONCE | CYASSL_OCSP_URL_OVERRIDE); } else CyaSSL_CTX_EnableOCSP(ctx, CYASSL_OCSP_NO_NONCE); } #endif #ifdef USER_CA_CB CyaSSL_CTX_SetCACb(ctx, CaCb); #endif #ifdef VERIFY_CALLBACK CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myVerify); #endif #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) if (useClientCert){ if (CyaSSL_CTX_use_certificate_chain_file(ctx, ourCert) != SSL_SUCCESS) err_sys("can't load client cert file, check file and run from" " CyaSSL home dir"); if (CyaSSL_CTX_use_PrivateKey_file(ctx, ourKey, SSL_FILETYPE_PEM) != SSL_SUCCESS) err_sys("can't load client private key file, check file and run " "from CyaSSL home dir"); } if (!usePsk) { if (CyaSSL_CTX_load_verify_locations(ctx, verifyCert, 0) != SSL_SUCCESS) err_sys("can't load ca file, Please run from CyaSSL home dir"); } #endif #if !defined(NO_CERTS) if (!usePsk && doPeerCheck == 0) CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); #endif #ifdef HAVE_CAVIUM CyaSSL_CTX_UseCavium(ctx, CAVIUM_DEV_ID); #endif #ifdef HAVE_SNI if (sniHostName) if (CyaSSL_CTX_UseSNI(ctx, 0, sniHostName, XSTRLEN(sniHostName)) != SSL_SUCCESS) err_sys("UseSNI failed"); #endif #ifdef HAVE_MAX_FRAGMENT if (maxFragment) if (CyaSSL_CTX_UseMaxFragment(ctx, maxFragment) != SSL_SUCCESS) err_sys("UseMaxFragment failed"); #endif #ifdef HAVE_TRUNCATED_HMAC if (truncatedHMAC) if (CyaSSL_CTX_UseTruncatedHMAC(ctx) != SSL_SUCCESS) err_sys("UseTruncatedHMAC failed"); #endif if (benchmark) { /* time passed in number of connects give average */ int times = benchmark; int i = 0; double start = current_time(), avg; for (i = 0; i < times; i++) { tcp_connect(&sockfd, host, port, doDTLS); ssl = CyaSSL_new(ctx); CyaSSL_set_fd(ssl, sockfd); if (CyaSSL_connect(ssl) != SSL_SUCCESS) err_sys("SSL_connect failed"); CyaSSL_shutdown(ssl); CyaSSL_free(ssl); CloseSocket(sockfd); } avg = current_time() - start; avg /= times; avg *= 1000; /* milliseconds */ printf("CyaSSL_connect avg took: %8.3f milliseconds\n", avg); CyaSSL_CTX_free(ctx); ((func_args*)args)->return_code = 0; exit(EXIT_SUCCESS); } #if defined(CYASSL_MDK_ARM) CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); #endif ssl = CyaSSL_new(ctx); if (ssl == NULL) err_sys("unable to get SSL object"); if (doDTLS) { SOCKADDR_IN_T addr; build_addr(&addr, host, port, 1); CyaSSL_dtls_set_peer(ssl, &addr, sizeof(addr)); tcp_socket(&sockfd, 1); } else { tcp_connect(&sockfd, host, port, 0); } CyaSSL_set_fd(ssl, sockfd); #ifdef HAVE_CRL if (CyaSSL_EnableCRL(ssl, CYASSL_CRL_CHECKALL) != SSL_SUCCESS) err_sys("can't enable crl check"); if (CyaSSL_LoadCRL(ssl, crlPemDir, SSL_FILETYPE_PEM, 0) != SSL_SUCCESS) err_sys("can't load crl, check crlfile and date validity"); if (CyaSSL_SetCRL_Cb(ssl, CRL_CallBack) != SSL_SUCCESS) err_sys("can't set crl callback"); #endif #ifdef ATOMIC_USER if (atomicUser) SetupAtomicUser(ctx, ssl); #endif #ifdef HAVE_PK_CALLBACKS if (pkCallbacks) SetupPkCallbacks(ctx, ssl); #endif if (matchName && doPeerCheck) CyaSSL_check_domain_name(ssl, domain); #ifndef CYASSL_CALLBACKS if (nonBlocking) { CyaSSL_set_using_nonblock(ssl, 1); tcp_set_nonblocking(&sockfd); NonBlockingSSL_Connect(ssl); } else if (CyaSSL_connect(ssl) != SSL_SUCCESS) { /* see note at top of README */ int err = CyaSSL_get_error(ssl, 0); char buffer[CYASSL_MAX_ERROR_SZ]; printf("err = %d, %s\n", err, CyaSSL_ERR_error_string(err, buffer)); err_sys("SSL_connect failed"); /* if you're getting an error here */ } #else timeout.tv_sec = 2; timeout.tv_usec = 0; NonBlockingSSL_Connect(ssl); /* will keep retrying on timeout */ #endif showPeer(ssl); if (sendGET) { printf("SSL connect ok, sending GET...\n"); msgSz = 28; strncpy(msg, "GET /index.html HTTP/1.0\r\n\r\n", msgSz); msg[msgSz] = '\0'; } if (CyaSSL_write(ssl, msg, msgSz) != msgSz) err_sys("SSL_write failed"); input = CyaSSL_read(ssl, reply, sizeof(reply)-1); if (input > 0) { reply[input] = 0; printf("Server response: %s\n", reply); if (sendGET) { /* get html */ while (1) { input = CyaSSL_read(ssl, reply, sizeof(reply)-1); if (input > 0) { reply[input] = 0; printf("%s\n", reply); } else break; } } } else if (input < 0) { int readErr = CyaSSL_get_error(ssl, 0); if (readErr != SSL_ERROR_WANT_READ) err_sys("CyaSSL_read failed"); } #ifndef NO_SESSION_CACHE if (resumeSession) { if (doDTLS) { strncpy(msg, "break", 6); msgSz = (int)strlen(msg); /* try to send session close */ CyaSSL_write(ssl, msg, msgSz); } session = CyaSSL_get_session(ssl); sslResume = CyaSSL_new(ctx); } #endif if (doDTLS == 0) /* don't send alert after "break" command */ CyaSSL_shutdown(ssl); /* echoserver will interpret as new conn */ #ifdef ATOMIC_USER if (atomicUser) FreeAtomicUser(ssl); #endif CyaSSL_free(ssl); CloseSocket(sockfd); #ifndef NO_SESSION_CACHE if (resumeSession) { if (doDTLS) { SOCKADDR_IN_T addr; #ifdef USE_WINDOWS_API Sleep(500); #else sleep(1); #endif build_addr(&addr, host, port, 1); CyaSSL_dtls_set_peer(sslResume, &addr, sizeof(addr)); tcp_socket(&sockfd, 1); } else { tcp_connect(&sockfd, host, port, 0); } CyaSSL_set_fd(sslResume, sockfd); CyaSSL_set_session(sslResume, session); showPeer(sslResume); #ifndef CYASSL_CALLBACKS if (nonBlocking) { CyaSSL_set_using_nonblock(sslResume, 1); tcp_set_nonblocking(&sockfd); NonBlockingSSL_Connect(sslResume); } else if (CyaSSL_connect(sslResume) != SSL_SUCCESS) err_sys("SSL resume failed"); #else timeout.tv_sec = 2; timeout.tv_usec = 0; NonBlockingSSL_Connect(ssl); /* will keep retrying on timeout */ #endif if (CyaSSL_session_reused(sslResume)) printf("reused session id\n"); else printf("didn't reuse session id!!!\n"); if (CyaSSL_write(sslResume, resumeMsg, resumeSz) != resumeSz) err_sys("SSL_write failed"); if (nonBlocking) { /* give server a chance to bounce a message back to client */ #ifdef USE_WINDOWS_API Sleep(500); #else sleep(1); #endif } input = CyaSSL_read(sslResume, reply, sizeof(reply)-1); if (input > 0) { reply[input] = 0; printf("Server resume response: %s\n", reply); } /* try to send session break */ CyaSSL_write(sslResume, msg, msgSz); CyaSSL_shutdown(sslResume); CyaSSL_free(sslResume); CloseSocket(sockfd); } #endif /* NO_SESSION_CACHE */ CyaSSL_CTX_free(ctx); ((func_args*)args)->return_code = 0; #ifdef USE_CYASSL_MEMORY if (trackMemory) ShowMemoryTracker(); #endif /* USE_CYASSL_MEMORY */ return 0; }
int main(int argc, char** argv) { int ret = 0, option = 0, long_index = 0; int i; if (argc == 1) { printf("Main Help.\n"); wolfCLU_help(); } /* flexibility: allow users to input any CAPS or lower case, * we will do all processing on lower case only. */ for (i = 0; i < argc; i++) { convert_to_lower(argv[i], (int) XSTRLEN(argv[i])); } while ((option = getopt_long_only(argc, argv,"", long_options, &long_index )) != -1) { switch (option) { /* Encrypt */ case ENCRYPT: ret = wolfCLU_setup(argc, argv, 'e'); break; /* Decrypt */ case DECRYPT: ret = wolfCLU_setup(argc, argv, 'd');; break; /* Benchmark */ case BENCHMARK:ret = wolfCLU_benchSetup(argc, argv); break; /* Hash */ case HASH: ret = wolfCLU_hashSetup(argc, argv); break; /* x509 Certificate processing */ case X509: ret = wolfCLU_certSetup(argc, argv); break; /* x509 Certificate request */ case REQUEST: ret = wolfCLU_requestSetup(argc, argv); break; /* Ignore the following arguments for now. Will be handled by their respective * setups IE Crypto setup, Benchmark setup, or Hash Setup */ /* File passed in by user */ case INFILE: break; /* Output file */ case OUTFILE: break; /* Password */ case PASSWORD: break; /* Key if used must be in hex */ case KEY: break; /* IV if used must be in hex */ case IV: break; /* Opt to benchmark all available algorithms */ case ALL: break; /* size for hash to output */ case SIZE: break; /* Time to benchmark for 1-10 seconds optional default: 3s */ case TIME: break; /* Verify results, used with -iv and -key */ case VERIFY: break; /* Certificate Stuff*/ case INFORM: break; case OUTFORM: break; case NOOUT: break; case TEXT_OUT: break; case SILENT: break; case HELP1: if (argc == 2) { printf("Main help menu:\n"); wolfCLU_help(); return 0; } break; case HELP2: if (argc == 2) { printf("Main help menu:\n"); wolfCLU_help(); return 0; } break; /* which version of clu am I using */ case VERBOSE: wolfCLU_verboseHelp(); return 0; /*End of ignored arguments */ case 'v': wolfCLU_version(); return 0; default: printf("Main help default.\n"); wolfCLU_help(); return 0; } } if (ret != 0) printf("Error returned: %d.\n", ret); return ret; }
int mqttclient_test(MQTTCtx *mqttCtx) { int rc = MQTT_CODE_SUCCESS, i; switch (mqttCtx->stat) { case WMQ_BEGIN: { PRINTF("MQTT Client: QoS %d, Use TLS %d", mqttCtx->qos, mqttCtx->use_tls); } case WMQ_NET_INIT: { mqttCtx->stat = WMQ_NET_INIT; /* Initialize Network */ rc = MqttClientNet_Init(&mqttCtx->net); if (rc == MQTT_CODE_CONTINUE) { return rc; } PRINTF("MQTT Net Init: %s (%d)", MqttClient_ReturnCodeToString(rc), rc); if (rc != MQTT_CODE_SUCCESS) { goto exit; } /* setup tx/rx buffers */ mqttCtx->tx_buf = (byte*)WOLFMQTT_MALLOC(MAX_BUFFER_SIZE); mqttCtx->rx_buf = (byte*)WOLFMQTT_MALLOC(MAX_BUFFER_SIZE); } case WMQ_INIT: { mqttCtx->stat = WMQ_INIT; /* Initialize MqttClient structure */ rc = MqttClient_Init(&mqttCtx->client, &mqttCtx->net, mqtt_message_cb, mqttCtx->tx_buf, MAX_BUFFER_SIZE, mqttCtx->rx_buf, MAX_BUFFER_SIZE, mqttCtx->cmd_timeout_ms); if (rc == MQTT_CODE_CONTINUE) { return rc; } PRINTF("MQTT Init: %s (%d)", MqttClient_ReturnCodeToString(rc), rc); if (rc != MQTT_CODE_SUCCESS) { goto exit; } mqttCtx->client.ctx = mqttCtx; } case WMQ_TCP_CONN: { mqttCtx->stat = WMQ_TCP_CONN; /* Connect to broker */ rc = MqttClient_NetConnect(&mqttCtx->client, mqttCtx->host, mqttCtx->port, DEFAULT_CON_TIMEOUT_MS, mqttCtx->use_tls, mqtt_tls_cb); if (rc == MQTT_CODE_CONTINUE) { return rc; } PRINTF("MQTT Socket Connect: %s (%d)", MqttClient_ReturnCodeToString(rc), rc); if (rc != MQTT_CODE_SUCCESS) { goto exit; } } case WMQ_MQTT_CONN: { mqttCtx->stat = WMQ_MQTT_CONN; XMEMSET(&mqttCtx->connect, 0, sizeof(MqttConnect)); mqttCtx->connect.keep_alive_sec = mqttCtx->keep_alive_sec; mqttCtx->connect.clean_session = mqttCtx->clean_session; mqttCtx->connect.client_id = mqttCtx->client_id; /* Last will and testament sent by broker to subscribers of topic when broker connection is lost */ XMEMSET(&mqttCtx->lwt_msg, 0, sizeof(mqttCtx->lwt_msg)); mqttCtx->connect.lwt_msg = &mqttCtx->lwt_msg; mqttCtx->connect.enable_lwt = mqttCtx->enable_lwt; if (mqttCtx->enable_lwt) { /* Send client id in LWT payload */ mqttCtx->lwt_msg.qos = mqttCtx->qos; mqttCtx->lwt_msg.retain = 0; mqttCtx->lwt_msg.topic_name = WOLFMQTT_TOPIC_NAME"lwttopic"; mqttCtx->lwt_msg.buffer = (byte*)mqttCtx->client_id; mqttCtx->lwt_msg.total_len = (word16)XSTRLEN(mqttCtx->client_id); } /* Optional authentication */ mqttCtx->connect.username = mqttCtx->username; mqttCtx->connect.password = mqttCtx->password; /* Send Connect and wait for Connect Ack */ rc = MqttClient_Connect(&mqttCtx->client, &mqttCtx->connect); if (rc == MQTT_CODE_CONTINUE) { return rc; } PRINTF("MQTT Connect: %s (%d)", MqttClient_ReturnCodeToString(rc), rc); if (rc != MQTT_CODE_SUCCESS) { goto disconn; } /* Validate Connect Ack info */ PRINTF("MQTT Connect Ack: Return Code %u, Session Present %d", mqttCtx->connect.ack.return_code, (mqttCtx->connect.ack.flags & MQTT_CONNECT_ACK_FLAG_SESSION_PRESENT) ? 1 : 0 ); /* Build list of topics */ mqttCtx->topics[0].topic_filter = mqttCtx->topic_name; mqttCtx->topics[0].qos = mqttCtx->qos; /* Subscribe Topic */ XMEMSET(&mqttCtx->subscribe, 0, sizeof(MqttSubscribe)); mqttCtx->subscribe.packet_id = mqtt_get_packetid(); mqttCtx->subscribe.topic_count = sizeof(mqttCtx->topics)/sizeof(MqttTopic); mqttCtx->subscribe.topics = mqttCtx->topics; } case WMQ_SUB: { mqttCtx->stat = WMQ_SUB; rc = MqttClient_Subscribe(&mqttCtx->client, &mqttCtx->subscribe); if (rc == MQTT_CODE_CONTINUE) { return rc; } PRINTF("MQTT Subscribe: %s (%d)", MqttClient_ReturnCodeToString(rc), rc); if (rc != MQTT_CODE_SUCCESS) { goto disconn; } /* show subscribe results */ for (i = 0; i < mqttCtx->subscribe.topic_count; i++) { mqttCtx->topic = &mqttCtx->subscribe.topics[i]; PRINTF(" Topic %s, Qos %u, Return Code %u", mqttCtx->topic->topic_filter, mqttCtx->topic->qos, mqttCtx->topic->return_code); } /* Publish Topic */ XMEMSET(&mqttCtx->publish, 0, sizeof(MqttPublish)); mqttCtx->publish.retain = 0; mqttCtx->publish.qos = mqttCtx->qos; mqttCtx->publish.duplicate = 0; mqttCtx->publish.topic_name = mqttCtx->topic_name; mqttCtx->publish.packet_id = mqtt_get_packetid(); mqttCtx->publish.buffer = (byte*)TEST_MESSAGE; mqttCtx->publish.total_len = (word16)XSTRLEN(TEST_MESSAGE); } case WMQ_PUB: { mqttCtx->stat = WMQ_PUB; rc = MqttClient_Publish(&mqttCtx->client, &mqttCtx->publish); if (rc == MQTT_CODE_CONTINUE) { return rc; } PRINTF("MQTT Publish: Topic %s, %s (%d)", mqttCtx->publish.topic_name, MqttClient_ReturnCodeToString(rc), rc); if (rc != MQTT_CODE_SUCCESS) { goto disconn; } /* Read Loop */ PRINTF("MQTT Waiting for message..."); MqttClientNet_CheckForCommand_Enable(&mqttCtx->net); } case WMQ_WAIT_MSG: { mqttCtx->stat = WMQ_WAIT_MSG; do { /* Try and read packet */ rc = MqttClient_WaitMessage(&mqttCtx->client, mqttCtx->cmd_timeout_ms); /* check for test mode */ if (mStopRead) { rc = MQTT_CODE_SUCCESS; break; } /* check return code */ if (rc == MQTT_CODE_CONTINUE) { return rc; } else if (rc == MQTT_CODE_ERROR_TIMEOUT) { /* Check to see if command data (stdin) is available */ rc = MqttClientNet_CheckForCommand(&mqttCtx->net, mqttCtx->rx_buf, MAX_BUFFER_SIZE); if (rc > 0) { /* Publish Topic */ mqttCtx->stat = WMQ_PUB; XMEMSET(&mqttCtx->publish, 0, sizeof(MqttPublish)); mqttCtx->publish.retain = 0; mqttCtx->publish.qos = mqttCtx->qos; mqttCtx->publish.duplicate = 0; mqttCtx->publish.topic_name = mqttCtx->topic_name; mqttCtx->publish.packet_id = mqtt_get_packetid(); mqttCtx->publish.buffer = mqttCtx->rx_buf; mqttCtx->publish.total_len = (word16)rc; rc = MqttClient_Publish(&mqttCtx->client, &mqttCtx->publish); PRINTF("MQTT Publish: Topic %s, %s (%d)", mqttCtx->publish.topic_name, MqttClient_ReturnCodeToString(rc), rc); } /* Keep Alive */ else { rc = MqttClient_Ping(&mqttCtx->client); if (rc == MQTT_CODE_CONTINUE) { return rc; } else if (rc != MQTT_CODE_SUCCESS) { PRINTF("MQTT Ping Keep Alive Error: %s (%d)", MqttClient_ReturnCodeToString(rc), rc); break; } } } else if (rc != MQTT_CODE_SUCCESS) { /* There was an error */ PRINTF("MQTT Message Wait: %s (%d)", MqttClient_ReturnCodeToString(rc), rc); break; } } while (1); /* Check for error */ if (rc != MQTT_CODE_SUCCESS) { goto disconn; } /* Unsubscribe Topics */ XMEMSET(&mqttCtx->unsubscribe, 0, sizeof(MqttUnsubscribe)); mqttCtx->unsubscribe.packet_id = mqtt_get_packetid(); mqttCtx->unsubscribe.topic_count = sizeof(mqttCtx->topics) / sizeof(MqttTopic); mqttCtx->unsubscribe.topics = mqttCtx->topics; } case WMQ_UNSUB: { mqttCtx->stat = WMQ_UNSUB; PRINTF("MQTT Exiting..."); /* Unsubscribe Topics */ rc = MqttClient_Unsubscribe(&mqttCtx->client, &mqttCtx->unsubscribe); if (rc == MQTT_CODE_CONTINUE) { return rc; } PRINTF("MQTT Unsubscribe: %s (%d)", MqttClient_ReturnCodeToString(rc), rc); if (rc != MQTT_CODE_SUCCESS) { goto disconn; } mqttCtx->return_code = rc; } case WMQ_DISCONNECT: { /* Disconnect */ rc = MqttClient_Disconnect(&mqttCtx->client); if (rc == MQTT_CODE_CONTINUE) { return rc; } PRINTF("MQTT Disconnect: %s (%d)", MqttClient_ReturnCodeToString(rc), rc); if (rc != MQTT_CODE_SUCCESS) { goto disconn; } } case WMQ_NET_DISCONNECT: { mqttCtx->stat = WMQ_NET_DISCONNECT; rc = MqttClient_NetDisconnect(&mqttCtx->client); if (rc == MQTT_CODE_CONTINUE) { return rc; } PRINTF("MQTT Socket Disconnect: %s (%d)", MqttClient_ReturnCodeToString(rc), rc); } case WMQ_DONE: { mqttCtx->stat = WMQ_DONE; rc = mqttCtx->return_code; goto exit; } default: rc = MQTT_CODE_ERROR_STAT; goto exit; } /* switch */ disconn: mqttCtx->stat = WMQ_NET_DISCONNECT; mqttCtx->return_code = rc; return MQTT_CODE_CONTINUE; exit: /* Free resources */ if (mqttCtx->tx_buf) WOLFMQTT_FREE(mqttCtx->tx_buf); if (mqttCtx->rx_buf) WOLFMQTT_FREE(mqttCtx->rx_buf); /* Cleanup network */ MqttClientNet_DeInit(&mqttCtx->net); return rc; }
static void test_CyaSSL_UseSNI(void) { #ifdef HAVE_SNI callback_functions client_callbacks = {CyaSSLv23_client_method, 0, 0, 0}; callback_functions server_callbacks = {CyaSSLv23_server_method, 0, 0, 0}; CYASSL_CTX *ctx = CyaSSL_CTX_new(CyaSSLv23_client_method()); CYASSL *ssl = CyaSSL_new(ctx); AssertNotNull(ctx); AssertNotNull(ssl); /* error cases */ AssertIntNE(SSL_SUCCESS, CyaSSL_CTX_UseSNI(NULL, 0, (void *) "ctx", XSTRLEN("ctx"))); AssertIntNE(SSL_SUCCESS, CyaSSL_UseSNI( NULL, 0, (void *) "ssl", XSTRLEN("ssl"))); AssertIntNE(SSL_SUCCESS, CyaSSL_CTX_UseSNI(ctx, -1, (void *) "ctx", XSTRLEN("ctx"))); AssertIntNE(SSL_SUCCESS, CyaSSL_UseSNI( ssl, -1, (void *) "ssl", XSTRLEN("ssl"))); AssertIntNE(SSL_SUCCESS, CyaSSL_CTX_UseSNI(ctx, 0, (void *) NULL, XSTRLEN("ctx"))); AssertIntNE(SSL_SUCCESS, CyaSSL_UseSNI( ssl, 0, (void *) NULL, XSTRLEN("ssl"))); /* success case */ AssertIntEQ(SSL_SUCCESS, CyaSSL_CTX_UseSNI(ctx, 0, (void *) "ctx", XSTRLEN("ctx"))); AssertIntEQ(SSL_SUCCESS, CyaSSL_UseSNI( ssl, 0, (void *) "ssl", XSTRLEN("ssl"))); CyaSSL_free(ssl); CyaSSL_CTX_free(ctx); /* Testing success case at ctx */ client_callbacks.ctx_ready = server_callbacks.ctx_ready = use_SNI_at_ctx; server_callbacks.on_result = verify_SNI_real_matching; test_CyaSSL_client_server(&client_callbacks, &server_callbacks); /* Testing success case at ssl */ client_callbacks.ctx_ready = server_callbacks.ctx_ready = NULL; client_callbacks.ssl_ready = server_callbacks.ssl_ready = use_SNI_at_ssl; test_CyaSSL_client_server(&client_callbacks, &server_callbacks); /* Testing default mismatch behaviour */ client_callbacks.ssl_ready = different_SNI_at_ssl; client_callbacks.on_result = verify_SNI_abort_on_client; server_callbacks.on_result = verify_SNI_abort_on_server; test_CyaSSL_client_server(&client_callbacks, &server_callbacks); client_callbacks.on_result = NULL; /* Testing continue on mismatch */ client_callbacks.ssl_ready = different_SNI_at_ssl; server_callbacks.ssl_ready = use_SNI_WITH_CONTINUE_at_ssl; server_callbacks.on_result = verify_SNI_no_matching; test_CyaSSL_client_server(&client_callbacks, &server_callbacks); /* Testing fake answer on mismatch */ server_callbacks.ssl_ready = use_SNI_WITH_FAKE_ANSWER_at_ssl; server_callbacks.on_result = verify_SNI_fake_matching; test_CyaSSL_client_server(&client_callbacks, &server_callbacks); test_CyaSSL_SNI_GetFromBuffer(); #endif }
/* * hash argument function */ int wolfsslHashSetup(int argc, char** argv) { int ret = 0; /* return variable, counter */ int i = 0; /* loop variable */ char* in; /* input variable */ char* out = NULL; /* output variable */ const char* algs[] = { /* list of acceptable algorithms */ #ifndef NO_MD5 "md5" #endif #ifndef NO_SHA , "sha" #endif #ifndef NO_SHA256 , "sha256" #endif #ifdef WOLFSSL_SHA384 , "sha384" #endif #ifdef WOLFSSL_SHA512 , "sha512" #endif #ifdef HAVE_BLAKE2 , "blake2b" #endif }; char* alg; /* algorithm being used */ int algCheck= 0; /* acceptable algorithm check */ int inCheck = 0; /* input check */ int size = 0; /* message digest size */ #ifdef HAVE_BLAKE2 size = BLAKE_DIGEST_SIZE; #endif /* help checking */ if (argc == 2) { wolfsslHashHelp(); return 0; } for (i = 2; i < argc; i++) { if (strcmp(argv[i], "-help") == 0) { wolfsslHashHelp(); return 0; } } for (i = 0; i < (int) sizeof(algs)/(int) sizeof(algs[0]); i++) { /* checks for acceptable algorithms */ if (strcmp(argv[2], algs[i]) == 0) { alg = argv[2]; algCheck = 1; } } if (algCheck == 0) { printf("Invalid algorithm\n"); return FATAL_ERROR; } for (i = 3; i < argc; i++) { if (strcmp(argv[i], "-i") == 0 && argv[i+1] != NULL) { /* input file/text */ in = malloc(strlen(argv[i+1])+1); XSTRNCPY(in, &argv[i+1][0], XSTRLEN(&argv[i+1][0])); in[strlen(argv[i+1])] = '\0'; inCheck = 1; i++; } else if (strcmp(argv[i], "-o") == 0 && argv[i+1] != NULL) { /* output file */ out = argv[i+1]; i++; } else if (strcmp(argv[i], "-s") == 0 && argv[i+1] != NULL) { /* size of output */ #ifndef HAVE_BLAKE2 printf("Sorry, only to be used with Blake2b enabled\n"); #else size = atoi(argv[i+1]); if (size <= 0 || size > 64) { printf("Invalid size, Must be between 1-64. Using default.\n"); size = BLAKE_DIGEST_SIZE; } #endif i++; } else { printf("Unknown argument %s. Ignoring\n", argv[i]); } } if (inCheck == 0) { printf("Must have input as either a file or standard I/O\n"); return FATAL_ERROR; } /* sets default size of algorithm */ #ifndef NO_MD5 if (strcmp(alg, "md5") == 0) size = MD5_DIGEST_SIZE; #endif #ifndef NO_SHA if (strcmp(alg, "sha") == 0) size = SHA_DIGEST_SIZE; #endif #ifndef NO_SHA256 if (strcmp(alg, "sha256") == 0) size = SHA256_DIGEST_SIZE; #endif #ifdef WOLFSSL_SHA384 if (strcmp(alg, "sha384") == 0) size = SHA384_DIGEST_SIZE; #endif #ifdef WOLFSSL_SHA512 if (strcmp(alg, "sha512") == 0) size = SHA512_DIGEST_SIZE; #endif /* hashing function */ wolfsslHash(in, out, alg, size); free(in); return ret; }
/* create new error node and add it to the queue * buffers are assumed to be of size WOLFSSL_MAX_ERROR_SZ for this internal * function. debug_mutex should be locked before a call to this function. */ int wc_AddErrorNode(int error, int line, char* buf, char* file) { struct wc_error_queue* err; err = (struct wc_error_queue*)XMALLOC( sizeof(struct wc_error_queue), wc_error_heap, DYNAMIC_TYPE_LOG); if (err == NULL) { WOLFSSL_MSG("Unable to create error node for log"); return MEMORY_E; } else { int sz; XMEMSET(err, 0, sizeof(struct wc_error_queue)); err->heap = wc_error_heap; sz = (int)XSTRLEN(buf); if (sz > WOLFSSL_MAX_ERROR_SZ - 1) { sz = WOLFSSL_MAX_ERROR_SZ - 1; } if (sz > 0) { XMEMCPY(err->error, buf, sz); } sz = (int)XSTRLEN(file); if (sz > WOLFSSL_MAX_ERROR_SZ - 1) { sz = WOLFSSL_MAX_ERROR_SZ - 1; } if (sz > 0) { XMEMCPY(err->file, file, sz); } err->value = error; err->line = line; /* make sure is terminated */ err->error[WOLFSSL_MAX_ERROR_SZ - 1] = '\0'; err->file[WOLFSSL_MAX_ERROR_SZ - 1] = '\0'; /* since is queue place new node at last of the list */ if (wc_last_node == NULL) { /* case of first node added to queue */ if (wc_errors != NULL) { /* check for unexpected case before over writing wc_errors */ WOLFSSL_MSG("ERROR in adding new node to logging queue!!\n"); } else { wc_errors = err; wc_last_node = err; } } else { wc_last_node->next = err; err->prev = wc_last_node; wc_last_node = err; } } return 0; }
static void run_cyassl_client(void* args) { callback_functions* callbacks = ((func_args*)args)->callbacks; CYASSL_CTX* ctx = CyaSSL_CTX_new(callbacks->method()); CYASSL* ssl = NULL; SOCKET_T sfd = 0; char msg[] = "hello cyassl server!"; int len = (int) XSTRLEN(msg); char input[1024]; int idx; #ifdef CYASSL_TIRTOS fdOpenSession(Task_self()); #endif ((func_args*)args)->return_code = TEST_FAIL; #ifdef OPENSSL_EXTRA CyaSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); #endif AssertIntEQ(SSL_SUCCESS, CyaSSL_CTX_load_verify_locations(ctx, caCert, 0)); AssertIntEQ(SSL_SUCCESS, CyaSSL_CTX_use_certificate_file(ctx, cliCert, SSL_FILETYPE_PEM)); AssertIntEQ(SSL_SUCCESS, CyaSSL_CTX_use_PrivateKey_file(ctx, cliKey, SSL_FILETYPE_PEM)); if (callbacks->ctx_ready) callbacks->ctx_ready(ctx); tcp_connect(&sfd, yasslIP, ((func_args*)args)->signal->port, 0); ssl = CyaSSL_new(ctx); CyaSSL_set_fd(ssl, sfd); if (callbacks->ssl_ready) callbacks->ssl_ready(ssl); if (CyaSSL_connect(ssl) != SSL_SUCCESS) { int err = CyaSSL_get_error(ssl, 0); char buffer[CYASSL_MAX_ERROR_SZ]; printf("error = %d, %s\n", err, CyaSSL_ERR_error_string(err, buffer)); } else { AssertIntEQ(len, CyaSSL_write(ssl, msg, len)); if (0 < (idx = CyaSSL_read(ssl, input, sizeof(input)-1))) { input[idx] = 0; printf("Server response: %s\n", input); } } if (callbacks->on_result) callbacks->on_result(ssl); CyaSSL_free(ssl); CyaSSL_CTX_free(ctx); CloseSocket(sfd); ((func_args*)args)->return_code = TEST_SUCCESS; #ifdef CYASSL_TIRTOS fdCloseSession(Task_self()); #endif }
static THREAD_RETURN CYASSL_THREAD run_cyassl_server(void* args) { callback_functions* callbacks = ((func_args*)args)->callbacks; CYASSL_CTX* ctx = CyaSSL_CTX_new(callbacks->method()); CYASSL* ssl = NULL; SOCKET_T sfd = 0; SOCKET_T cfd = 0; word16 port = yasslPort; char msg[] = "I hear you fa shizzle!"; int len = (int) XSTRLEN(msg); char input[1024]; int idx; #ifdef CYASSL_TIRTOS fdOpenSession(Task_self()); #endif ((func_args*)args)->return_code = TEST_FAIL; #if defined(NO_MAIN_DRIVER) && !defined(USE_WINDOWS_API) && \ !defined(CYASSL_SNIFFER) && !defined(CYASSL_MDK_SHELL) && \ !defined(CYASSL_TIRTOS) port = 0; #endif CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0); #ifdef OPENSSL_EXTRA CyaSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); #endif AssertIntEQ(SSL_SUCCESS, CyaSSL_CTX_load_verify_locations(ctx, cliCert, 0)); AssertIntEQ(SSL_SUCCESS, CyaSSL_CTX_use_certificate_file(ctx, svrCert, SSL_FILETYPE_PEM)); AssertIntEQ(SSL_SUCCESS, CyaSSL_CTX_use_PrivateKey_file(ctx, svrKey, SSL_FILETYPE_PEM)); if (callbacks->ctx_ready) callbacks->ctx_ready(ctx); ssl = CyaSSL_new(ctx); tcp_accept(&sfd, &cfd, (func_args*)args, port, 0, 0); CloseSocket(sfd); CyaSSL_set_fd(ssl, cfd); #ifdef NO_PSK #if !defined(NO_FILESYSTEM) && !defined(NO_DH) CyaSSL_SetTmpDH_file(ssl, dhParam, SSL_FILETYPE_PEM); #elif !defined(NO_DH) SetDH(ssl); /* will repick suites with DHE, higher priority than PSK */ #endif #endif if (callbacks->ssl_ready) callbacks->ssl_ready(ssl); /* AssertIntEQ(SSL_SUCCESS, CyaSSL_accept(ssl)); */ if (CyaSSL_accept(ssl) != SSL_SUCCESS) { int err = CyaSSL_get_error(ssl, 0); char buffer[CYASSL_MAX_ERROR_SZ]; printf("error = %d, %s\n", err, CyaSSL_ERR_error_string(err, buffer)); } else { if (0 < (idx = CyaSSL_read(ssl, input, sizeof(input)-1))) { input[idx] = 0; printf("Client message: %s\n", input); } AssertIntEQ(len, CyaSSL_write(ssl, msg, len)); #ifdef CYASSL_TIRTOS Task_yield(); #endif CyaSSL_shutdown(ssl); } if (callbacks->on_result) callbacks->on_result(ssl); CyaSSL_free(ssl); CyaSSL_CTX_free(ctx); CloseSocket(cfd); ((func_args*)args)->return_code = TEST_SUCCESS; #ifdef CYASSL_TIRTOS fdCloseSession(Task_self()); #endif #if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \ && defined(HAVE_THREAD_LS) ecc_fp_free(); /* free per thread cache */ #endif #ifndef CYASSL_TIRTOS return 0; #endif }
THREAD_RETURN CYASSL_THREAD server_test(void* args) { SOCKET_T sockfd = 0; SOCKET_T clientfd = 0; SSL_METHOD* method = 0; SSL_CTX* ctx = 0; SSL* ssl = 0; char msg[] = "I hear you fa shizzle!"; char input[80]; int idx; int ch; int version = SERVER_DEFAULT_VERSION; int doCliCertCheck = 1; int useAnyAddr = 0; word16 port = yasslPort; int usePsk = 0; int useAnon = 0; int doDTLS = 0; int useNtruKey = 0; int nonBlocking = 0; int trackMemory = 0; int fewerPackets = 0; int pkCallbacks = 0; int serverReadyFile = 0; char* cipherList = NULL; const char* verifyCert = cliCert; const char* ourCert = svrCert; const char* ourKey = svrKey; int argc = ((func_args*)args)->argc; char** argv = ((func_args*)args)->argv; #ifdef HAVE_SNI char* sniHostName = NULL; #endif #ifdef HAVE_OCSP int useOcsp = 0; char* ocspUrl = NULL; #endif ((func_args*)args)->return_code = -1; /* error state */ #ifdef NO_RSA verifyCert = (char*)cliEccCert; ourCert = (char*)eccCert; ourKey = (char*)eccKey; #endif (void)trackMemory; (void)pkCallbacks; #ifdef CYASSL_TIRTOS fdOpenSession(Task_self()); #endif while ((ch = mygetopt(argc, argv, "?dbstnNufraPp:v:l:A:c:k:S:oO:")) != -1) { switch (ch) { case '?' : Usage(); exit(EXIT_SUCCESS); case 'd' : doCliCertCheck = 0; break; case 'b' : useAnyAddr = 1; break; case 's' : usePsk = 1; break; case 't' : #ifdef USE_CYASSL_MEMORY trackMemory = 1; #endif break; case 'n' : useNtruKey = 1; break; case 'u' : doDTLS = 1; break; case 'f' : fewerPackets = 1; break; case 'r' : serverReadyFile = 1; break; case 'P' : #ifdef HAVE_PK_CALLBACKS pkCallbacks = 1; #endif break; case 'p' : port = (word16)atoi(myoptarg); #if !defined(NO_MAIN_DRIVER) || defined(USE_WINDOWS_API) if (port == 0) err_sys("port number cannot be 0"); #endif break; case 'v' : version = atoi(myoptarg); if (version < 0 || version > 3) { Usage(); exit(MY_EX_USAGE); } break; case 'l' : cipherList = myoptarg; break; case 'A' : verifyCert = myoptarg; break; case 'c' : ourCert = myoptarg; break; case 'k' : ourKey = myoptarg; break; case 'N': nonBlocking = 1; break; case 'S' : #ifdef HAVE_SNI sniHostName = myoptarg; #endif break; case 'o' : #ifdef HAVE_OCSP useOcsp = 1; #endif break; case 'O' : #ifdef HAVE_OCSP useOcsp = 1; ocspUrl = myoptarg; #endif break; case 'a' : #ifdef HAVE_ANON useAnon = 1; #endif break; default: Usage(); exit(MY_EX_USAGE); } } myoptind = 0; /* reset for test cases */ /* sort out DTLS versus TLS versions */ if (version == CLIENT_INVALID_VERSION) { if (doDTLS) version = CLIENT_DTLS_DEFAULT_VERSION; else version = CLIENT_DEFAULT_VERSION; } else { if (doDTLS) { if (version == 3) version = -2; else version = -1; } } #ifdef USE_CYASSL_MEMORY if (trackMemory) InitMemoryTracker(); #endif switch (version) { #ifndef NO_OLD_TLS case 0: method = SSLv3_server_method(); break; #ifndef NO_TLS case 1: method = TLSv1_server_method(); break; case 2: method = TLSv1_1_server_method(); break; #endif #endif #ifndef NO_TLS case 3: method = TLSv1_2_server_method(); break; #endif #ifdef CYASSL_DTLS case -1: method = DTLSv1_server_method(); break; case -2: method = DTLSv1_2_server_method(); break; #endif default: err_sys("Bad SSL version"); } if (method == NULL) err_sys("unable to get method"); ctx = SSL_CTX_new(method); if (ctx == NULL) err_sys("unable to get ctx"); if (cipherList) if (SSL_CTX_set_cipher_list(ctx, cipherList) != SSL_SUCCESS) err_sys("server can't set cipher list 1"); #ifdef CYASSL_LEANPSK usePsk = 1; #endif #if defined(NO_RSA) && !defined(HAVE_ECC) usePsk = 1; #endif if (fewerPackets) CyaSSL_CTX_set_group_messages(ctx); #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) SSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); #endif #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) if (!usePsk && !useAnon) { if (SSL_CTX_use_certificate_file(ctx, ourCert, SSL_FILETYPE_PEM) != SSL_SUCCESS) err_sys("can't load server cert file, check file and run from" " CyaSSL home dir"); } #endif #ifdef HAVE_NTRU if (useNtruKey) { if (CyaSSL_CTX_use_NTRUPrivateKey_file(ctx, ourKey) != SSL_SUCCESS) err_sys("can't load ntru key file, " "Please run from CyaSSL home dir"); } #endif #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) if (!useNtruKey && !usePsk && !useAnon) { if (SSL_CTX_use_PrivateKey_file(ctx, ourKey, SSL_FILETYPE_PEM) != SSL_SUCCESS) err_sys("can't load server private key file, check file and run " "from CyaSSL home dir"); } #endif if (usePsk) { #ifndef NO_PSK SSL_CTX_set_psk_server_callback(ctx, my_psk_server_cb); SSL_CTX_use_psk_identity_hint(ctx, "cyassl server"); if (cipherList == NULL) { const char *defaultCipherList; #ifdef HAVE_NULL_CIPHER defaultCipherList = "PSK-NULL-SHA256"; #else defaultCipherList = "PSK-AES128-CBC-SHA256"; #endif if (SSL_CTX_set_cipher_list(ctx, defaultCipherList) != SSL_SUCCESS) err_sys("server can't set cipher list 2"); } #endif } if (useAnon) { #ifdef HAVE_ANON CyaSSL_CTX_allow_anon_cipher(ctx); if (cipherList == NULL) { if (SSL_CTX_set_cipher_list(ctx, "ADH-AES128-SHA") != SSL_SUCCESS) err_sys("server can't set cipher list 4"); } #endif } #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) /* if not using PSK, verify peer with certs */ if (doCliCertCheck && usePsk == 0 && useAnon == 0) { SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,0); if (SSL_CTX_load_verify_locations(ctx, verifyCert, 0) != SSL_SUCCESS) err_sys("can't load ca file, Please run from CyaSSL home dir"); } #endif #if defined(CYASSL_SNIFFER) && !defined(HAVE_NTRU) && !defined(HAVE_ECC) /* don't use EDH, can't sniff tmp keys */ if (cipherList == NULL) { if (SSL_CTX_set_cipher_list(ctx, "AES256-SHA256") != SSL_SUCCESS) err_sys("server can't set cipher list 3"); } #endif #ifdef HAVE_SNI if (sniHostName) if (CyaSSL_CTX_UseSNI(ctx, CYASSL_SNI_HOST_NAME, sniHostName, XSTRLEN(sniHostName)) != SSL_SUCCESS) err_sys("UseSNI failed"); #endif ssl = SSL_new(ctx); if (ssl == NULL) err_sys("unable to get SSL"); #ifdef HAVE_CRL CyaSSL_EnableCRL(ssl, 0); CyaSSL_LoadCRL(ssl, crlPemDir, SSL_FILETYPE_PEM, CYASSL_CRL_MONITOR | CYASSL_CRL_START_MON); CyaSSL_SetCRL_Cb(ssl, CRL_CallBack); #endif #ifdef HAVE_OCSP if (useOcsp) { if (ocspUrl != NULL) { CyaSSL_CTX_SetOCSP_OverrideURL(ctx, ocspUrl); CyaSSL_CTX_EnableOCSP(ctx, CYASSL_OCSP_NO_NONCE | CYASSL_OCSP_URL_OVERRIDE); } else CyaSSL_CTX_EnableOCSP(ctx, CYASSL_OCSP_NO_NONCE); } #endif #ifdef HAVE_PK_CALLBACKS if (pkCallbacks) SetupPkCallbacks(ctx, ssl); #endif tcp_accept(&sockfd, &clientfd, (func_args*)args, port, useAnyAddr, doDTLS, serverReadyFile); if (!doDTLS) CloseSocket(sockfd); SSL_set_fd(ssl, clientfd); if (usePsk == 0 || useAnon == 1 || cipherList != NULL) { #if !defined(NO_FILESYSTEM) && !defined(NO_DH) CyaSSL_SetTmpDH_file(ssl, dhParam, SSL_FILETYPE_PEM); #elif !defined(NO_DH) SetDH(ssl); /* repick suites with DHE, higher priority than PSK */ #endif } #ifndef CYASSL_CALLBACKS if (nonBlocking) { CyaSSL_set_using_nonblock(ssl, 1); tcp_set_nonblocking(&clientfd); NonBlockingSSL_Accept(ssl); } else if (SSL_accept(ssl) != SSL_SUCCESS) { int err = SSL_get_error(ssl, 0); char buffer[CYASSL_MAX_ERROR_SZ]; printf("error = %d, %s\n", err, ERR_error_string(err, buffer)); err_sys("SSL_accept failed"); } #else NonBlockingSSL_Accept(ssl); #endif showPeer(ssl); idx = SSL_read(ssl, input, sizeof(input)-1); if (idx > 0) { input[idx] = 0; printf("Client message: %s\n", input); } else if (idx < 0) { int readErr = SSL_get_error(ssl, 0); if (readErr != SSL_ERROR_WANT_READ) err_sys("SSL_read failed"); } if (SSL_write(ssl, msg, sizeof(msg)) != sizeof(msg)) err_sys("SSL_write failed"); #if defined(CYASSL_MDK_SHELL) && defined(HAVE_MDK_RTX) os_dly_wait(500) ; #elif defined (CYASSL_TIRTOS) Task_yield(); #endif SSL_shutdown(ssl); SSL_free(ssl); SSL_CTX_free(ctx); CloseSocket(clientfd); ((func_args*)args)->return_code = 0; #if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \ && defined(HAVE_THREAD_LS) ecc_fp_free(); /* free per thread cache */ #endif #ifdef USE_CYASSL_MEMORY if (trackMemory) ShowMemoryTracker(); #endif #ifdef CYASSL_TIRTOS fdCloseSession(Task_self()); #endif #ifndef CYASSL_TIRTOS return 0; #endif }