void
gimple_gen_ic_func_profiler (void)
{
struct cgraph_node * c_node = cgraph_node::get (current_function_decl);
gimple_stmt_iterator gsi;
gcall *stmt1;
gassign *stmt2;
tree tree_uid, cur_func, void0;
if (c_node->only_called_directly_p ())
return;
gimple_init_edge_profiler ();
/* Insert code:
stmt1: __gcov_indirect_call_profiler_v2 (profile_id,
¤t_function_decl)
*/
gsi = gsi_after_labels (split_edge (single_succ_edge (ENTRY_BLOCK_PTR_FOR_FN (cfun))));
cur_func = force_gimple_operand_gsi (&gsi,
build_addr (current_function_decl,
current_function_decl),
true, NULL_TREE,
true, GSI_SAME_STMT);
tree_uid = build_int_cst
(gcov_type_node, cgraph_node::get (current_function_decl)->profile_id);
/* Workaround for binutils bug 14342. Once it is fixed, remove lto path. */
if (flag_lto)
{
tree counter_ptr, ptr_var;
counter_ptr = force_gimple_operand_gsi (&gsi, ic_gcov_type_ptr_var,
true, NULL_TREE, true,
GSI_SAME_STMT);
ptr_var = force_gimple_operand_gsi (&gsi, ic_void_ptr_var,
true, NULL_TREE, true,
GSI_SAME_STMT);
stmt1 = gimple_build_call (tree_indirect_call_profiler_fn, 4,
counter_ptr, tree_uid, cur_func, ptr_var);
}
else
{
stmt1 = gimple_build_call (tree_indirect_call_profiler_fn, 2,
tree_uid, cur_func);
}
gsi_insert_before (&gsi, stmt1, GSI_SAME_STMT);
/* Set __gcov_indirect_call_callee to 0,
so that calls from other modules won't get misattributed
to the last caller of the current callee. */
void0 = build_int_cst (build_pointer_type (void_type_node), 0);
stmt2 = gimple_build_assign (ic_void_ptr_var, void0);
gsi_insert_before (&gsi, stmt2, GSI_SAME_STMT);
}
tree
tree_mem_ref_addr (tree type, tree mem_ref)
{
tree addr;
tree act_elem;
tree step = TMR_STEP (mem_ref), offset = TMR_OFFSET (mem_ref);
tree sym = TMR_SYMBOL (mem_ref), base = TMR_BASE (mem_ref);
tree addr_base = NULL_TREE, addr_off = NULL_TREE;
if (sym)
addr_base = fold_convert (type, build_addr (sym, current_function_decl));
else if (base && POINTER_TYPE_P (TREE_TYPE (base)))
{
addr_base = fold_convert (type, base);
base = NULL_TREE;
}
act_elem = TMR_INDEX (mem_ref);
if (act_elem)
{
if (step)
act_elem = fold_build2 (MULT_EXPR, sizetype, act_elem, step);
addr_off = act_elem;
}
act_elem = base;
if (act_elem)
{
if (addr_off)
addr_off = fold_build2 (PLUS_EXPR, sizetype, addr_off, act_elem);
else
addr_off = act_elem;
}
if (offset && !integer_zerop (offset))
{
if (addr_off)
addr_off = fold_build2 (PLUS_EXPR, sizetype, addr_off, offset);
else
addr_off = offset;
}
if (addr_off)
{
if (addr_base)
addr = fold_build2 (POINTER_PLUS_EXPR, type, addr_base, addr_off);
else
addr = fold_convert (type, addr_off);
}
else if (addr_base)
addr = addr_base;
else
addr = build_int_cst (type, 0);
return addr;
}
void LwipNetInterface::tcpConnect(int* sockfd, const char* ip, word16 port,
int udp) {
SOCKADDR_IN_T addr;
build_addr(&addr, ip, port, udp);
tcpSocket(sockfd, udp);
if (!udp) {
if (connect(*sockfd, (const struct sockaddr* )&addr, sizeof(addr))
!= 0) {
LWIP_ASSERT("tcp connect failed",0);
}
}
}
void
gimple_gen_ic_func_profiler (void)
{
struct cgraph_node * c_node = cgraph_get_node (current_function_decl);
gimple_stmt_iterator gsi;
gimple stmt1, stmt2;
tree tree_uid, cur_func, counter_ptr, ptr_var, void0;
if (cgraph_only_called_directly_p (c_node))
return;
gimple_init_edge_profiler ();
/* Insert code:
stmt1: __gcov_indirect_call_profiler (__gcov_indirect_call_counters,
current_function_funcdef_no,
¤t_function_decl,
__gcov_indirect_call_callee);
*/
gsi = gsi_after_labels (single_succ (ENTRY_BLOCK_PTR));
cur_func = force_gimple_operand_gsi (&gsi,
build_addr (current_function_decl,
current_function_decl),
true, NULL_TREE,
true, GSI_SAME_STMT);
counter_ptr = force_gimple_operand_gsi (&gsi, ic_gcov_type_ptr_var,
true, NULL_TREE, true,
GSI_SAME_STMT);
ptr_var = force_gimple_operand_gsi (&gsi, ic_void_ptr_var,
true, NULL_TREE, true,
GSI_SAME_STMT);
tree_uid = build_int_cst (gcov_type_node, current_function_funcdef_no);
stmt1 = gimple_build_call (tree_indirect_call_profiler_fn, 4,
counter_ptr, tree_uid, cur_func, ptr_var);
gsi_insert_before (&gsi, stmt1, GSI_SAME_STMT);
/* Set __gcov_indirect_call_callee to 0,
so that calls from other modules won't get misattributed
to the last caller of the current callee. */
void0 = build_int_cst (build_pointer_type (void_type_node), 0);
stmt2 = gimple_build_assign (ic_void_ptr_var, void0);
gsi_insert_before (&gsi, stmt2, GSI_SAME_STMT);
}
static void
tree_gen_one_value_profiler (histogram_value value, unsigned tag, unsigned base)
{
tree stmt = value->hvalue.stmt;
block_stmt_iterator bsi = bsi_for_stmt (stmt);
tree ref = tree_coverage_counter_ref (tag, base), ref_ptr;
tree args, call, val;
ref_ptr = force_gimple_operand_bsi (&bsi,
build_addr (ref, current_function_decl),
true, NULL_TREE);
val = prepare_instrumented_value (&bsi, value);
args = tree_cons (NULL_TREE, ref_ptr,
tree_cons (NULL_TREE, val,
NULL_TREE));
call = build_function_call_expr (tree_one_value_profiler_fn, args);
bsi_insert_before (&bsi, call, BSI_SAME_STMT);
}
int new_client_socket_no_ip(char ip[4], uint16_t nport, struct sockaddr_in *addrC,
struct sockaddr_in *addrS) {
int soc = new_socket_tcpip(0, addrC);
if ( soc < 0 ) {
return -1;
}
set_non_blocking(soc);
if ( build_addr(ip, nport, addrS) < 0 ) {
CLOSE_SOCKET(soc);
return -1;
}
TRACE(L_VERBOSE, "client: server connection on %s:%d ...",
inet_ntoa(addrS->sin_addr), ntohs(addrS->sin_port));
connect (soc, (struct sockaddr *) addrS, sizeof(struct sockaddr_in));
return soc;
}
void
gimple_gen_interval_profiler (histogram_value value, unsigned tag, unsigned base)
{
gimple stmt = value->hvalue.stmt;
gimple_stmt_iterator gsi = gsi_for_stmt (stmt);
tree ref = tree_coverage_counter_ref (tag, base), ref_ptr;
gcall *call;
tree val;
tree start = build_int_cst_type (integer_type_node,
value->hdata.intvl.int_start);
tree steps = build_int_cst_type (unsigned_type_node,
value->hdata.intvl.steps);
ref_ptr = force_gimple_operand_gsi (&gsi,
build_addr (ref, current_function_decl),
true, NULL_TREE, true, GSI_SAME_STMT);
val = prepare_instrumented_value (&gsi, value);
call = gimple_build_call (tree_interval_profiler_fn, 4,
ref_ptr, val, start, steps);
gsi_insert_before (&gsi, call, GSI_NEW_STMT);
}
/* Insert a call to the runtime function "__slimer_add_fn" which will add the
* "junk" function created at compile-time to an array at runtime
*/
static void insert_add_fn(gimple stmt, int index)
{
tree fn;
gimple call;
gimple_stmt_iterator gsi;
static tree decl, proto, idx;
if (!decl || !proto)
{
proto = build_function_type_list(void_type_node, ptr_type_node,
integer_type_node, NULL_TREE);
decl = build_fn_decl("__slimer_add_fn", proto);
/* Add this fndecl to our list of things we do not process */
VEC_safe_push(tree, gc, analyized_fns, decl);
}
/* Create a constant value and pointer to the function we are to add */
idx = build_int_cst(integer_type_node, index);
fn = build_addr(VEC_index(tree, fakes, index), NULL_TREE);
call = gimple_build_call(decl, 2, fn, idx);
gsi = gsi_for_stmt(stmt);
gsi_insert_before(&gsi, call, GSI_NEW_STMT);
}
static void
lower_builtin_setjmp (gimple_stmt_iterator *gsi)
{
gimple stmt = gsi_stmt (*gsi);
location_t loc = gimple_location (stmt);
tree cont_label = create_artificial_label (loc);
tree next_label = create_artificial_label (loc);
tree dest, t, arg;
gimple g;
/* NEXT_LABEL is the label __builtin_longjmp will jump to. Its address is
passed to both __builtin_setjmp_setup and __builtin_setjmp_receiver. */
FORCED_LABEL (next_label) = 1;
dest = gimple_call_lhs (stmt);
/* Build '__builtin_setjmp_setup (BUF, NEXT_LABEL)' and insert. */
arg = build_addr (next_label, current_function_decl);
t = builtin_decl_implicit (BUILT_IN_SETJMP_SETUP);
g = gimple_build_call (t, 2, gimple_call_arg (stmt, 0), arg);
gimple_set_location (g, loc);
gimple_set_block (g, gimple_block (stmt));
gsi_insert_before (gsi, g, GSI_SAME_STMT);
/* Build 'DEST = 0' and insert. */
if (dest)
{
g = gimple_build_assign (dest, build_zero_cst (TREE_TYPE (dest)));
gimple_set_location (g, loc);
gimple_set_block (g, gimple_block (stmt));
gsi_insert_before (gsi, g, GSI_SAME_STMT);
}
/* Build 'goto CONT_LABEL' and insert. */
g = gimple_build_goto (cont_label);
gsi_insert_before (gsi, g, GSI_SAME_STMT);
/* Build 'NEXT_LABEL:' and insert. */
g = gimple_build_label (next_label);
gsi_insert_before (gsi, g, GSI_SAME_STMT);
/* Build '__builtin_setjmp_receiver (NEXT_LABEL)' and insert. */
arg = build_addr (next_label, current_function_decl);
t = builtin_decl_implicit (BUILT_IN_SETJMP_RECEIVER);
g = gimple_build_call (t, 1, arg);
gimple_set_location (g, loc);
gimple_set_block (g, gimple_block (stmt));
gsi_insert_before (gsi, g, GSI_SAME_STMT);
/* Build 'DEST = 1' and insert. */
if (dest)
{
g = gimple_build_assign (dest, fold_convert_loc (loc, TREE_TYPE (dest),
integer_one_node));
gimple_set_location (g, loc);
gimple_set_block (g, gimple_block (stmt));
gsi_insert_before (gsi, g, GSI_SAME_STMT);
}
/* Build 'CONT_LABEL:' and insert. */
g = gimple_build_label (cont_label);
gsi_insert_before (gsi, g, GSI_SAME_STMT);
/* Remove the call to __builtin_setjmp. */
gsi_remove (gsi, false);
}
static unsigned int
lower_function_body (void)
{
struct lower_data data;
gimple_seq body = gimple_body (current_function_decl);
gimple_seq lowered_body;
gimple_stmt_iterator i;
gimple bind;
tree t;
gimple x;
/* The gimplifier should've left a body of exactly one statement,
namely a GIMPLE_BIND. */
gcc_assert (gimple_seq_first (body) == gimple_seq_last (body)
&& gimple_code (gimple_seq_first_stmt (body)) == GIMPLE_BIND);
memset (&data, 0, sizeof (data));
data.block = DECL_INITIAL (current_function_decl);
BLOCK_SUBBLOCKS (data.block) = NULL_TREE;
BLOCK_CHAIN (data.block) = NULL_TREE;
TREE_ASM_WRITTEN (data.block) = 1;
data.return_statements.create (8);
bind = gimple_seq_first_stmt (body);
lowered_body = NULL;
gimple_seq_add_stmt (&lowered_body, bind);
i = gsi_start (lowered_body);
lower_gimple_bind (&i, &data);
i = gsi_last (lowered_body);
/* If the function falls off the end, we need a null return statement.
If we've already got one in the return_statements vector, we don't
need to do anything special. Otherwise build one by hand. */
if (gimple_seq_may_fallthru (lowered_body)
&& (data.return_statements.is_empty ()
|| gimple_return_retval (data.return_statements.last().stmt) != NULL))
{
x = gimple_build_return (NULL);
gimple_set_location (x, cfun->function_end_locus);
gimple_set_block (x, DECL_INITIAL (current_function_decl));
gsi_insert_after (&i, x, GSI_CONTINUE_LINKING);
}
/* If we lowered any return statements, emit the representative
at the end of the function. */
while (!data.return_statements.is_empty ())
{
return_statements_t t = data.return_statements.pop ();
x = gimple_build_label (t.label);
gsi_insert_after (&i, x, GSI_CONTINUE_LINKING);
gsi_insert_after (&i, t.stmt, GSI_CONTINUE_LINKING);
}
/* If the function calls __builtin_setjmp, we need to emit the computed
goto that will serve as the unique dispatcher for all the receivers. */
if (data.calls_builtin_setjmp)
{
tree disp_label, disp_var, arg;
/* Build 'DISP_LABEL:' and insert. */
disp_label = create_artificial_label (cfun->function_end_locus);
/* This mark will create forward edges from every call site. */
DECL_NONLOCAL (disp_label) = 1;
cfun->has_nonlocal_label = 1;
x = gimple_build_label (disp_label);
gsi_insert_after (&i, x, GSI_CONTINUE_LINKING);
/* Build 'DISP_VAR = __builtin_setjmp_dispatcher (DISP_LABEL);'
and insert. */
disp_var = create_tmp_var (ptr_type_node, "setjmpvar");
arg = build_addr (disp_label, current_function_decl);
t = builtin_decl_implicit (BUILT_IN_SETJMP_DISPATCHER);
x = gimple_build_call (t, 1, arg);
gimple_call_set_lhs (x, disp_var);
/* Build 'goto DISP_VAR;' and insert. */
gsi_insert_after (&i, x, GSI_CONTINUE_LINKING);
x = gimple_build_goto (disp_var);
gsi_insert_after (&i, x, GSI_CONTINUE_LINKING);
}
/* Once the old body has been lowered, replace it with the new
lowered sequence. */
gimple_set_body (current_function_decl, lowered_body);
gcc_assert (data.block == DECL_INITIAL (current_function_decl));
BLOCK_SUBBLOCKS (data.block)
= blocks_nreverse (BLOCK_SUBBLOCKS (data.block));
clear_block_marks (data.block);
data.return_statements.release ();
return 0;
}
THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
{
SOCKET_T sockfd = 0;
WOLFSSL_METHOD* method = 0;
WOLFSSL_CTX* ctx = 0;
WOLFSSL* ssl = 0;
WOLFSSL* sslResume = 0;
WOLFSSL_SESSION* session = 0;
char resumeMsg[] = "resuming wolfssl!";
int resumeSz = sizeof(resumeMsg);
char msg[32] = "hello wolfssl!"; /* GET may make bigger */
char reply[80];
int input;
int msgSz = (int)strlen(msg);
word16 port = wolfSSLPort;
char* host = (char*)wolfSSLIP;
const char* domain = "www.wolfssl.com";
int ch;
int version = CLIENT_INVALID_VERSION;
int usePsk = 0;
int useAnon = 0;
int sendGET = 0;
int benchmark = 0;
int doDTLS = 0;
int matchName = 0;
int doPeerCheck = 1;
int nonBlocking = 0;
int resumeSession = 0;
int wc_shutdown = 0;
int disableCRL = 0;
int externalTest = 0;
int ret;
int scr = 0; /* allow secure renegotiation */
int forceScr = 0; /* force client initiaed scr */
int trackMemory = 0;
int useClientCert = 1;
int fewerPackets = 0;
int atomicUser = 0;
int pkCallbacks = 0;
int overrideDateErrors = 0;
int minDhKeyBits = DEFAULT_MIN_DHKEY_BITS;
char* cipherList = NULL;
const char* verifyCert = caCert;
const char* ourCert = cliCert;
const char* ourKey = cliKey;
#ifdef HAVE_SNI
char* sniHostName = NULL;
#endif
#ifdef HAVE_MAX_FRAGMENT
byte maxFragment = 0;
#endif
#ifdef HAVE_TRUNCATED_HMAC
byte truncatedHMAC = 0;
#endif
#ifdef HAVE_OCSP
int useOcsp = 0;
char* ocspUrl = NULL;
#endif
int argc = ((func_args*)args)->argc;
char** argv = ((func_args*)args)->argv;
((func_args*)args)->return_code = -1; /* error state */
#ifdef NO_RSA
verifyCert = (char*)eccCert;
ourCert = (char*)cliEccCert;
ourKey = (char*)cliEccKey;
#endif
(void)resumeSz;
(void)session;
(void)sslResume;
(void)trackMemory;
(void)atomicUser;
(void)pkCallbacks;
(void)scr;
(void)forceScr;
(void)ourKey;
(void)ourCert;
(void)verifyCert;
(void)useClientCert;
(void)overrideDateErrors;
(void)disableCRL;
(void)minDhKeyBits;
StackTrap();
while ((ch = mygetopt(argc, argv,
"?gdDusmNrwRitfxXUPCh:p:v:l:A:c:k:Z:b:zS:L:ToO:a"))
!= -1) {
switch (ch) {
case '?' :
Usage();
exit(EXIT_SUCCESS);
case 'g' :
sendGET = 1;
break;
case 'd' :
doPeerCheck = 0;
break;
case 'D' :
overrideDateErrors = 1;
break;
case 'C' :
#ifdef HAVE_CRL
disableCRL = 1;
#endif
break;
case 'u' :
doDTLS = 1;
break;
case 's' :
usePsk = 1;
break;
case 't' :
#ifdef USE_WOLFSSL_MEMORY
trackMemory = 1;
#endif
break;
case 'm' :
matchName = 1;
break;
case 'x' :
useClientCert = 0;
break;
case 'X' :
externalTest = 1;
break;
case 'f' :
fewerPackets = 1;
break;
case 'U' :
#ifdef ATOMIC_USER
atomicUser = 1;
#endif
break;
case 'P' :
#ifdef HAVE_PK_CALLBACKS
pkCallbacks = 1;
#endif
break;
case 'h' :
host = myoptarg;
domain = myoptarg;
break;
case 'p' :
port = (word16)atoi(myoptarg);
#if !defined(NO_MAIN_DRIVER) || defined(USE_WINDOWS_API)
if (port == 0)
err_sys("port number cannot be 0");
#endif
break;
case 'v' :
version = atoi(myoptarg);
if (version < 0 || version > 3) {
Usage();
exit(MY_EX_USAGE);
}
break;
case 'l' :
cipherList = myoptarg;
break;
case 'A' :
verifyCert = myoptarg;
break;
case 'c' :
ourCert = myoptarg;
break;
case 'k' :
ourKey = myoptarg;
break;
case 'Z' :
#ifndef NO_DH
minDhKeyBits = atoi(myoptarg);
if (minDhKeyBits <= 0 || minDhKeyBits > 16000) {
Usage();
exit(MY_EX_USAGE);
}
#endif
break;
case 'b' :
benchmark = atoi(myoptarg);
if (benchmark < 0 || benchmark > 1000000) {
Usage();
exit(MY_EX_USAGE);
}
break;
case 'N' :
nonBlocking = 1;
break;
case 'r' :
resumeSession = 1;
break;
case 'w' :
wc_shutdown = 1;
break;
case 'R' :
#ifdef HAVE_SECURE_RENEGOTIATION
scr = 1;
#endif
break;
case 'i' :
#ifdef HAVE_SECURE_RENEGOTIATION
scr = 1;
forceScr = 1;
#endif
break;
case 'z' :
#ifndef WOLFSSL_LEANPSK
wolfSSL_GetObjectSize();
#endif
break;
case 'S' :
#ifdef HAVE_SNI
sniHostName = myoptarg;
#endif
break;
case 'L' :
#ifdef HAVE_MAX_FRAGMENT
maxFragment = atoi(myoptarg);
if (maxFragment < WOLFSSL_MFL_2_9 ||
maxFragment > WOLFSSL_MFL_2_13) {
Usage();
exit(MY_EX_USAGE);
}
#endif
break;
case 'T' :
#ifdef HAVE_TRUNCATED_HMAC
truncatedHMAC = 1;
#endif
break;
case 'o' :
#ifdef HAVE_OCSP
useOcsp = 1;
#endif
break;
case 'O' :
#ifdef HAVE_OCSP
useOcsp = 1;
ocspUrl = myoptarg;
#endif
break;
case 'a' :
#ifdef HAVE_ANON
useAnon = 1;
#endif
break;
default:
Usage();
exit(MY_EX_USAGE);
}
}
myoptind = 0; /* reset for test cases */
if (externalTest) {
/* detect build cases that wouldn't allow test against wolfssl.com */
int done = 0;
(void)done;
#ifdef NO_RSA
done = 1;
#endif
#ifndef NO_PSK
done = 1;
#endif
#ifdef NO_SHA
done = 1; /* external cert chain most likely has SHA */
#endif
if (done) {
printf("external test can't be run in this mode");
((func_args*)args)->return_code = 0;
exit(EXIT_SUCCESS);
}
}
/* sort out DTLS versus TLS versions */
if (version == CLIENT_INVALID_VERSION) {
if (doDTLS)
version = CLIENT_DTLS_DEFAULT_VERSION;
else
version = CLIENT_DEFAULT_VERSION;
}
else {
if (doDTLS) {
if (version == 3)
version = -2;
else
version = -1;
}
}
#ifdef USE_WOLFSSL_MEMORY
if (trackMemory)
InitMemoryTracker();
#endif
switch (version) {
#ifndef NO_OLD_TLS
#ifdef WOLFSSL_ALLOW_SSLV3
case 0:
method = wolfSSLv3_client_method();
break;
#endif
#ifndef NO_TLS
case 1:
method = wolfTLSv1_client_method();
break;
case 2:
method = wolfTLSv1_1_client_method();
break;
#endif /* NO_TLS */
#endif /* NO_OLD_TLS */
#ifndef NO_TLS
case 3:
method = wolfTLSv1_2_client_method();
break;
#endif
#ifdef WOLFSSL_DTLS
#ifndef NO_OLD_TLS
case -1:
method = wolfDTLSv1_client_method();
break;
#endif
case -2:
method = wolfDTLSv1_2_client_method();
break;
#endif
default:
err_sys("Bad SSL version");
break;
}
if (method == NULL)
err_sys("unable to get method");
ctx = wolfSSL_CTX_new(method);
if (ctx == NULL)
err_sys("unable to get ctx");
if (cipherList)
if (wolfSSL_CTX_set_cipher_list(ctx, cipherList) != SSL_SUCCESS)
err_sys("client can't set cipher list 1");
#ifdef WOLFSSL_LEANPSK
usePsk = 1;
#endif
#if defined(NO_RSA) && !defined(HAVE_ECC)
usePsk = 1;
#endif
if (fewerPackets)
wolfSSL_CTX_set_group_messages(ctx);
#ifndef NO_DH
wolfSSL_CTX_SetMinDhKey_Sz(ctx, (word16)minDhKeyBits);
#endif
if (usePsk) {
#ifndef NO_PSK
wolfSSL_CTX_set_psk_client_callback(ctx, my_psk_client_cb);
if (cipherList == NULL) {
const char *defaultCipherList;
#if defined(HAVE_AESGCM) && !defined(NO_DH)
defaultCipherList = "DHE-PSK-AES128-GCM-SHA256";
#elif defined(HAVE_NULL_CIPHER)
defaultCipherList = "PSK-NULL-SHA256";
#else
defaultCipherList = "PSK-AES128-CBC-SHA256";
#endif
if (wolfSSL_CTX_set_cipher_list(ctx,defaultCipherList)
!=SSL_SUCCESS)
err_sys("client can't set cipher list 2");
}
#endif
useClientCert = 0;
}
if (useAnon) {
#ifdef HAVE_ANON
if (cipherList == NULL) {
wolfSSL_CTX_allow_anon_cipher(ctx);
if (wolfSSL_CTX_set_cipher_list(ctx,"ADH-AES128-SHA") != SSL_SUCCESS)
err_sys("client can't set cipher list 4");
}
#endif
useClientCert = 0;
}
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
#endif
#if defined(WOLFSSL_SNIFFER)
if (cipherList == NULL) {
/* don't use EDH, can't sniff tmp keys */
if (wolfSSL_CTX_set_cipher_list(ctx, "AES256-SHA256") != SSL_SUCCESS) {
err_sys("client can't set cipher list 3");
}
}
#endif
#ifdef HAVE_OCSP
if (useOcsp) {
if (ocspUrl != NULL) {
wolfSSL_CTX_SetOCSP_OverrideURL(ctx, ocspUrl);
wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_NO_NONCE
| WOLFSSL_OCSP_URL_OVERRIDE);
}
else
wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_NO_NONCE);
}
#endif
#ifdef USER_CA_CB
wolfSSL_CTX_SetCACb(ctx, CaCb);
#endif
#ifdef VERIFY_CALLBACK
wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myVerify);
#endif
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
if (useClientCert){
if (wolfSSL_CTX_use_certificate_chain_file(ctx, ourCert) != SSL_SUCCESS)
err_sys("can't load client cert file, check file and run from"
" wolfSSL home dir");
if (wolfSSL_CTX_use_PrivateKey_file(ctx, ourKey, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("can't load client private key file, check file and run "
"from wolfSSL home dir");
}
if (!usePsk && !useAnon) {
if (wolfSSL_CTX_load_verify_locations(ctx, verifyCert,0) != SSL_SUCCESS)
err_sys("can't load ca file, Please run from wolfSSL home dir");
#ifdef HAVE_ECC
/* load ecc verify too, echoserver uses it by default w/ ecc */
if (wolfSSL_CTX_load_verify_locations(ctx, eccCert, 0) != SSL_SUCCESS)
err_sys("can't load ecc ca file, Please run from wolfSSL home dir");
#endif /* HAVE_ECC */
}
#endif /* !NO_FILESYSTEM && !NO_CERTS */
#if !defined(NO_CERTS)
if (!usePsk && !useAnon && doPeerCheck == 0)
wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
if (!usePsk && !useAnon && overrideDateErrors == 1)
wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myDateCb);
#endif
#ifdef HAVE_CAVIUM
wolfSSL_CTX_UseCavium(ctx, CAVIUM_DEV_ID);
#endif
#ifdef HAVE_SNI
if (sniHostName)
if (wolfSSL_CTX_UseSNI(ctx, 0, sniHostName, XSTRLEN(sniHostName))
!= SSL_SUCCESS)
err_sys("UseSNI failed");
#endif
#ifdef HAVE_MAX_FRAGMENT
if (maxFragment)
if (wolfSSL_CTX_UseMaxFragment(ctx, maxFragment) != SSL_SUCCESS)
err_sys("UseMaxFragment failed");
#endif
#ifdef HAVE_TRUNCATED_HMAC
if (truncatedHMAC)
if (wolfSSL_CTX_UseTruncatedHMAC(ctx) != SSL_SUCCESS)
err_sys("UseTruncatedHMAC failed");
#endif
#ifdef HAVE_SESSION_TICKET
if (wolfSSL_CTX_UseSessionTicket(ctx) != SSL_SUCCESS)
err_sys("UseSessionTicket failed");
#endif
if (benchmark) {
/* time passed in number of connects give average */
int times = benchmark;
int loops = resumeSession ? 2 : 1;
int i = 0;
WOLFSSL_SESSION* benchSession = NULL;
while (loops--) {
int benchResume = resumeSession && loops == 0;
double start = current_time(), avg;
for (i = 0; i < times; i++) {
tcp_connect(&sockfd, host, port, doDTLS);
ssl = wolfSSL_new(ctx);
if (benchResume)
wolfSSL_set_session(ssl, benchSession);
wolfSSL_set_fd(ssl, sockfd);
if (wolfSSL_connect(ssl) != SSL_SUCCESS)
err_sys("SSL_connect failed");
wolfSSL_shutdown(ssl);
if (i == (times-1) && resumeSession) {
benchSession = wolfSSL_get_session(ssl);
}
wolfSSL_free(ssl);
CloseSocket(sockfd);
}
avg = current_time() - start;
avg /= times;
avg *= 1000; /* milliseconds */
if (benchResume)
printf("wolfSSL_resume avg took: %8.3f milliseconds\n", avg);
else
printf("wolfSSL_connect avg took: %8.3f milliseconds\n", avg);
}
wolfSSL_CTX_free(ctx);
((func_args*)args)->return_code = 0;
exit(EXIT_SUCCESS);
}
#if defined(WOLFSSL_MDK_ARM)
wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
#endif
ssl = wolfSSL_new(ctx);
if (ssl == NULL)
err_sys("unable to get SSL object");
#ifdef HAVE_SESSION_TICKET
wolfSSL_set_SessionTicket_cb(ssl, sessionTicketCB, (void*)"initial session");
#endif
if (doDTLS) {
SOCKADDR_IN_T addr;
build_addr(&addr, host, port, 1);
wolfSSL_dtls_set_peer(ssl, &addr, sizeof(addr));
tcp_socket(&sockfd, 1);
}
else {
tcp_connect(&sockfd, host, port, 0);
}
#ifdef HAVE_POLY1305
/* use old poly to connect with google server */
if (!XSTRNCMP(domain, "www.google.com", 14)) {
if (wolfSSL_use_old_poly(ssl, 1) != 0)
err_sys("unable to set to old poly");
}
#endif
wolfSSL_set_fd(ssl, sockfd);
#ifdef HAVE_CRL
if (disableCRL == 0) {
if (wolfSSL_EnableCRL(ssl, WOLFSSL_CRL_CHECKALL) != SSL_SUCCESS)
err_sys("can't enable crl check");
if (wolfSSL_LoadCRL(ssl, crlPemDir, SSL_FILETYPE_PEM, 0) != SSL_SUCCESS)
err_sys("can't load crl, check crlfile and date validity");
if (wolfSSL_SetCRL_Cb(ssl, CRL_CallBack) != SSL_SUCCESS)
err_sys("can't set crl callback");
}
#endif
#ifdef HAVE_SECURE_RENEGOTIATION
if (scr) {
if (wolfSSL_UseSecureRenegotiation(ssl) != SSL_SUCCESS)
err_sys("can't enable secure renegotiation");
}
#endif
#ifdef ATOMIC_USER
if (atomicUser)
SetupAtomicUser(ctx, ssl);
#endif
#ifdef HAVE_PK_CALLBACKS
if (pkCallbacks)
SetupPkCallbacks(ctx, ssl);
#endif
if (matchName && doPeerCheck)
wolfSSL_check_domain_name(ssl, domain);
#ifndef WOLFSSL_CALLBACKS
if (nonBlocking) {
wolfSSL_set_using_nonblock(ssl, 1);
tcp_set_nonblocking(&sockfd);
NonBlockingSSL_Connect(ssl);
}
else if (wolfSSL_connect(ssl) != SSL_SUCCESS) {
/* see note at top of README */
int err = wolfSSL_get_error(ssl, 0);
char buffer[WOLFSSL_MAX_ERROR_SZ];
printf("err = %d, %s\n", err,
wolfSSL_ERR_error_string(err, buffer));
err_sys("SSL_connect failed");
/* if you're getting an error here */
}
#else
timeout.tv_sec = 2;
timeout.tv_usec = 0;
NonBlockingSSL_Connect(ssl); /* will keep retrying on timeout */
#endif
showPeer(ssl);
#ifdef HAVE_SECURE_RENEGOTIATION
if (scr && forceScr) {
if (nonBlocking) {
printf("not doing secure renegotiation on example with"
" nonblocking yet");
} else {
if (wolfSSL_Rehandshake(ssl) != SSL_SUCCESS) {
int err = wolfSSL_get_error(ssl, 0);
char buffer[WOLFSSL_MAX_ERROR_SZ];
printf("err = %d, %s\n", err,
wolfSSL_ERR_error_string(err, buffer));
err_sys("wolfSSL_Rehandshake failed");
}
}
}
#endif /* HAVE_SECURE_RENEGOTIATION */
if (sendGET) {
printf("SSL connect ok, sending GET...\n");
msgSz = 28;
strncpy(msg, "GET /index.html HTTP/1.0\r\n\r\n", msgSz);
msg[msgSz] = '\0';
}
if (wolfSSL_write(ssl, msg, msgSz) != msgSz)
err_sys("SSL_write failed");
input = wolfSSL_read(ssl, reply, sizeof(reply)-1);
if (input > 0) {
reply[input] = 0;
printf("Server response: %s\n", reply);
if (sendGET) { /* get html */
while (1) {
input = wolfSSL_read(ssl, reply, sizeof(reply)-1);
if (input > 0) {
reply[input] = 0;
printf("%s\n", reply);
}
else
break;
}
}
}
else if (input < 0) {
int readErr = wolfSSL_get_error(ssl, 0);
if (readErr != SSL_ERROR_WANT_READ)
err_sys("wolfSSL_read failed");
}
#ifndef NO_SESSION_CACHE
if (resumeSession) {
session = wolfSSL_get_session(ssl);
sslResume = wolfSSL_new(ctx);
}
#endif
if (doDTLS == 0) { /* don't send alert after "break" command */
ret = wolfSSL_shutdown(ssl);
if (wc_shutdown && ret == SSL_SHUTDOWN_NOT_DONE)
wolfSSL_shutdown(ssl); /* bidirectional shutdown */
}
#ifdef ATOMIC_USER
if (atomicUser)
FreeAtomicUser(ssl);
#endif
wolfSSL_free(ssl);
CloseSocket(sockfd);
#ifndef NO_SESSION_CACHE
if (resumeSession) {
if (doDTLS) {
SOCKADDR_IN_T addr;
#ifdef USE_WINDOWS_API
Sleep(500);
#elif defined(WOLFSSL_TIRTOS)
Task_sleep(1);
#else
sleep(1);
#endif
build_addr(&addr, host, port, 1);
wolfSSL_dtls_set_peer(sslResume, &addr, sizeof(addr));
tcp_socket(&sockfd, 1);
}
else {
tcp_connect(&sockfd, host, port, 0);
}
wolfSSL_set_fd(sslResume, sockfd);
#ifdef HAVE_SECURE_RENEGOTIATION
if (scr) {
if (wolfSSL_UseSecureRenegotiation(sslResume) != SSL_SUCCESS)
err_sys("can't enable secure renegotiation");
}
#endif
wolfSSL_set_session(sslResume, session);
#ifdef HAVE_SESSION_TICKET
wolfSSL_set_SessionTicket_cb(sslResume, sessionTicketCB,
(void*)"resumed session");
#endif
showPeer(sslResume);
#ifndef WOLFSSL_CALLBACKS
if (nonBlocking) {
wolfSSL_set_using_nonblock(sslResume, 1);
tcp_set_nonblocking(&sockfd);
NonBlockingSSL_Connect(sslResume);
}
else if (wolfSSL_connect(sslResume) != SSL_SUCCESS)
err_sys("SSL resume failed");
#else
timeout.tv_sec = 2;
timeout.tv_usec = 0;
NonBlockingSSL_Connect(ssl); /* will keep retrying on timeout */
#endif
if (wolfSSL_session_reused(sslResume))
printf("reused session id\n");
else
printf("didn't reuse session id!!!\n");
if (wolfSSL_write(sslResume, resumeMsg, resumeSz) != resumeSz)
err_sys("SSL_write failed");
if (nonBlocking) {
/* give server a chance to bounce a message back to client */
#ifdef USE_WINDOWS_API
Sleep(500);
#elif defined(WOLFSSL_TIRTOS)
Task_sleep(1);
#else
sleep(1);
#endif
}
input = wolfSSL_read(sslResume, reply, sizeof(reply)-1);
if (input > 0) {
reply[input] = 0;
printf("Server resume response: %s\n", reply);
}
/* try to send session break */
wolfSSL_write(sslResume, msg, msgSz);
ret = wolfSSL_shutdown(sslResume);
if (wc_shutdown && ret == SSL_SHUTDOWN_NOT_DONE)
wolfSSL_shutdown(sslResume); /* bidirectional shutdown */
wolfSSL_free(sslResume);
CloseSocket(sockfd);
}
#endif /* NO_SESSION_CACHE */
wolfSSL_CTX_free(ctx);
((func_args*)args)->return_code = 0;
#ifdef USE_WOLFSSL_MEMORY
if (trackMemory)
ShowMemoryTracker();
#endif /* USE_WOLFSSL_MEMORY */
#if !defined(WOLFSSL_TIRTOS)
return 0;
#endif
}
int main_html_server(int argc, char **argv)
{
struct server server;
unsigned i, playing = 0, spectating = 0;
char *ip, *port;
const char *addr;
sqlite3_stmt *res;
unsigned nrow;
const char *query =
"SELECT" ALL_EXTENDED_SERVER_COLUMNS
" FROM servers"
" WHERE ip = ? AND port = ?";
if (argc != 2) {
fprintf(stderr, "usage: %s <server_addr>\n", argv[0]);
return EXIT_FAILURE;
}
if (!parse_addr(argv[1], &ip, &port))
return EXIT_NOT_FOUND;
foreach_extended_server(query, &server, "ss", ip, port);
if (!res)
return EXIT_FAILURE;
if (!nrow)
return EXIT_NOT_FOUND;
if (!read_server_clients(&server))
return EXIT_FAILURE;
for (i = 0; i < server.num_clients; i++)
server.clients[i].ingame ? playing++ : spectating++;
/* Eventually, print them */
CUSTOM_TAB.name = escape(server.name);
CUSTOM_TAB.href = "";
html_header(&CUSTOM_TAB, server.name, "/servers", NULL);
html("<header id=\"server_header\">");
html("<section id=\"serverinfo\">");
html("<h2>%s</h2>", escape(server.name));
html("<ul>");
html("<li>%s</li><li>%s</li>", server.gametype, server.map);
html("<li>%u / %u clients</li>", server.num_clients, server.max_clients);
html("<li>");
html("%u players", playing);
if (spectating)
html(" + %u spectators", spectating);
html("</li>");
html("</ul>");
html("</section>");
html("<section id=\"serveraddr\">");
html("<label for=\"serveraddr_input\">Server address</label>");
addr = build_addr(server.ip, server.port);
html("<input type=\"text\" value=\"%s\" size=\"%u\" id=\"serveraddr_input\" readonly/>",
addr, strlen(addr));
html("</section>");
html("</header>");
show_client_list(&server);
html_footer("server", relurl("/servers/%s.json", addr));
return EXIT_SUCCESS;
}
static void
lower_builtin_setjmp (gimple_stmt_iterator *gsi)
{
gimple *stmt = gsi_stmt (*gsi);
location_t loc = gimple_location (stmt);
tree cont_label = create_artificial_label (loc);
tree next_label = create_artificial_label (loc);
tree dest, t, arg;
gimple *g;
/* __builtin_setjmp_{setup,receiver} aren't ECF_RETURNS_TWICE and for RTL
these builtins are modelled as non-local label jumps to the label
that is passed to these two builtins, so pretend we have a non-local
label during GIMPLE passes too. See PR60003. */
cfun->has_nonlocal_label = 1;
/* NEXT_LABEL is the label __builtin_longjmp will jump to. Its address is
passed to both __builtin_setjmp_setup and __builtin_setjmp_receiver. */
FORCED_LABEL (next_label) = 1;
tree orig_dest = dest = gimple_call_lhs (stmt);
if (orig_dest && TREE_CODE (orig_dest) == SSA_NAME)
dest = create_tmp_reg (TREE_TYPE (orig_dest));
/* Build '__builtin_setjmp_setup (BUF, NEXT_LABEL)' and insert. */
arg = build_addr (next_label);
t = builtin_decl_implicit (BUILT_IN_SETJMP_SETUP);
g = gimple_build_call (t, 2, gimple_call_arg (stmt, 0), arg);
gimple_set_location (g, loc);
gimple_set_block (g, gimple_block (stmt));
gsi_insert_before (gsi, g, GSI_SAME_STMT);
/* Build 'DEST = 0' and insert. */
if (dest)
{
g = gimple_build_assign (dest, build_zero_cst (TREE_TYPE (dest)));
gimple_set_location (g, loc);
gimple_set_block (g, gimple_block (stmt));
gsi_insert_before (gsi, g, GSI_SAME_STMT);
}
/* Build 'goto CONT_LABEL' and insert. */
g = gimple_build_goto (cont_label);
gsi_insert_before (gsi, g, GSI_SAME_STMT);
/* Build 'NEXT_LABEL:' and insert. */
g = gimple_build_label (next_label);
gsi_insert_before (gsi, g, GSI_SAME_STMT);
/* Build '__builtin_setjmp_receiver (NEXT_LABEL)' and insert. */
arg = build_addr (next_label);
t = builtin_decl_implicit (BUILT_IN_SETJMP_RECEIVER);
g = gimple_build_call (t, 1, arg);
gimple_set_location (g, loc);
gimple_set_block (g, gimple_block (stmt));
gsi_insert_before (gsi, g, GSI_SAME_STMT);
/* Build 'DEST = 1' and insert. */
if (dest)
{
g = gimple_build_assign (dest, fold_convert_loc (loc, TREE_TYPE (dest),
integer_one_node));
gimple_set_location (g, loc);
gimple_set_block (g, gimple_block (stmt));
gsi_insert_before (gsi, g, GSI_SAME_STMT);
}
/* Build 'CONT_LABEL:' and insert. */
g = gimple_build_label (cont_label);
gsi_insert_before (gsi, g, GSI_SAME_STMT);
/* Build orig_dest = dest if necessary. */
if (dest != orig_dest)
{
g = gimple_build_assign (orig_dest, dest);
gsi_insert_before (gsi, g, GSI_SAME_STMT);
}
/* Remove the call to __builtin_setjmp. */
gsi_remove (gsi, false);
}
tree
create_mem_ref (gimple_stmt_iterator *gsi, tree type, aff_tree *addr,
tree alias_ptr_type, tree iv_cand, tree base_hint, bool speed)
{
tree mem_ref, tmp;
tree atype;
struct mem_address parts;
addr_to_parts (type, addr, iv_cand, base_hint, &parts, speed);
gimplify_mem_ref_parts (gsi, &parts);
mem_ref = create_mem_ref_raw (type, alias_ptr_type, &parts);
if (mem_ref)
return mem_ref;
/* The expression is too complicated. Try making it simpler. */
if (parts.step && !integer_onep (parts.step))
{
/* Move the multiplication to index. */
gcc_assert (parts.index);
parts.index = force_gimple_operand_gsi (gsi,
fold_build2 (MULT_EXPR, sizetype,
parts.index, parts.step),
true, NULL_TREE, true, GSI_SAME_STMT);
parts.step = NULL_TREE;
mem_ref = create_mem_ref_raw (type, alias_ptr_type, &parts);
if (mem_ref)
return mem_ref;
}
if (parts.symbol)
{
tmp = build_addr (parts.symbol, current_function_decl);
gcc_assert (is_gimple_val (tmp));
/* Add the symbol to base, eventually forcing it to register. */
if (parts.base)
{
gcc_assert (useless_type_conversion_p
(sizetype, TREE_TYPE (parts.base)));
if (parts.index)
{
atype = TREE_TYPE (tmp);
parts.base = force_gimple_operand_gsi (gsi,
fold_build2 (POINTER_PLUS_EXPR, atype,
tmp,
fold_convert (sizetype, parts.base)),
true, NULL_TREE, true, GSI_SAME_STMT);
}
else
{
parts.index = parts.base;
parts.base = tmp;
}
}
else
parts.base = tmp;
parts.symbol = NULL_TREE;
mem_ref = create_mem_ref_raw (type, alias_ptr_type, &parts);
if (mem_ref)
return mem_ref;
}
if (parts.index)
{
/* Add index to base. */
if (parts.base)
{
atype = TREE_TYPE (parts.base);
parts.base = force_gimple_operand_gsi (gsi,
fold_build2 (POINTER_PLUS_EXPR, atype,
parts.base,
parts.index),
true, NULL_TREE, true, GSI_SAME_STMT);
}
else
parts.base = parts.index;
parts.index = NULL_TREE;
mem_ref = create_mem_ref_raw (type, alias_ptr_type, &parts);
if (mem_ref)
return mem_ref;
}
if (parts.offset && !integer_zerop (parts.offset))
{
/* Try adding offset to base. */
if (parts.base)
{
atype = TREE_TYPE (parts.base);
parts.base = force_gimple_operand_gsi (gsi,
fold_build2 (POINTER_PLUS_EXPR, atype,
parts.base,
fold_convert (sizetype, parts.offset)),
true, NULL_TREE, true, GSI_SAME_STMT);
}
else
parts.base = parts.offset;
parts.offset = NULL_TREE;
mem_ref = create_mem_ref_raw (type, alias_ptr_type, &parts);
if (mem_ref)
return mem_ref;
}
/* Verify that the address is in the simplest possible shape
(only a register). If we cannot create such a memory reference,
something is really wrong. */
gcc_assert (parts.symbol == NULL_TREE);
gcc_assert (parts.index == NULL_TREE);
gcc_assert (!parts.step || integer_onep (parts.step));
gcc_assert (!parts.offset || integer_zerop (parts.offset));
gcc_unreachable ();
}
rtx
addr_for_mem_ref (struct mem_address *addr, addr_space_t as,
bool really_expand)
{
enum machine_mode address_mode = targetm.addr_space.address_mode (as);
rtx address, sym, bse, idx, st, off;
struct mem_addr_template *templ;
if (addr->step && !integer_onep (addr->step))
st = immed_double_int_const (tree_to_double_int (addr->step), address_mode);
else
st = NULL_RTX;
if (addr->offset && !integer_zerop (addr->offset))
off = immed_double_int_const (tree_to_double_int (addr->offset), address_mode);
else
off = NULL_RTX;
if (!really_expand)
{
unsigned int templ_index
= TEMPL_IDX (as, addr->symbol, addr->base, addr->index, st, off);
if (templ_index
>= VEC_length (mem_addr_template, mem_addr_template_list))
VEC_safe_grow_cleared (mem_addr_template, gc, mem_addr_template_list,
templ_index + 1);
/* Reuse the templates for addresses, so that we do not waste memory. */
templ = VEC_index (mem_addr_template, mem_addr_template_list, templ_index);
if (!templ->ref)
{
sym = (addr->symbol ?
gen_rtx_SYMBOL_REF (address_mode, ggc_strdup ("test_symbol"))
: NULL_RTX);
bse = (addr->base ?
gen_raw_REG (address_mode, LAST_VIRTUAL_REGISTER + 1)
: NULL_RTX);
idx = (addr->index ?
gen_raw_REG (address_mode, LAST_VIRTUAL_REGISTER + 2)
: NULL_RTX);
gen_addr_rtx (address_mode, sym, bse, idx,
st? const0_rtx : NULL_RTX,
off? const0_rtx : NULL_RTX,
&templ->ref,
&templ->step_p,
&templ->off_p);
}
if (st)
*templ->step_p = st;
if (off)
*templ->off_p = off;
return templ->ref;
}
/* Otherwise really expand the expressions. */
sym = (addr->symbol
? expand_expr (build_addr (addr->symbol, current_function_decl),
NULL_RTX, address_mode, EXPAND_NORMAL)
: NULL_RTX);
bse = (addr->base
? expand_expr (addr->base, NULL_RTX, address_mode, EXPAND_NORMAL)
: NULL_RTX);
idx = (addr->index
? expand_expr (addr->index, NULL_RTX, address_mode, EXPAND_NORMAL)
: NULL_RTX);
gen_addr_rtx (address_mode, sym, bse, idx, st, off, &address, NULL, NULL);
return address;
}
THREAD_RETURN WOLFSSH_THREAD client_test(void* args)
{
WOLFSSH_CTX* ctx = NULL;
WOLFSSH* ssh = NULL;
SOCKET_T sockFd = WOLFSSH_SOCKET_INVALID;
SOCKADDR_IN_T clientAddr;
socklen_t clientAddrSz = sizeof(clientAddr);
char rxBuf[80];
int ret;
int ch;
word16 port = wolfSshPort;
char* host = (char*)wolfSshIp;
const char* username = NULL;
const char* password = NULL;
const char* cmd = NULL;
byte imExit = 0;
byte nonBlock = 0;
byte keepOpen = 0;
#ifdef USE_WINDOWS_API
byte rawMode = 0;
#endif
int argc = ((func_args*)args)->argc;
char** argv = ((func_args*)args)->argv;
((func_args*)args)->return_code = 0;
while ((ch = mygetopt(argc, argv, "?NP:h:p:u:xc:Rtz")) != -1) {
switch (ch) {
case 'h':
host = myoptarg;
break;
case 'z':
#ifdef WOLFSSH_SHOW_SIZES
wolfSSH_ShowSizes();
exit(EXIT_SUCCESS);
#endif
break;
case 'p':
port = (word16)atoi(myoptarg);
#if !defined(NO_MAIN_DRIVER) || defined(USE_WINDOWS_API)
if (port == 0)
err_sys("port number cannot be 0");
#endif
break;
case 'u':
username = myoptarg;
break;
case 'P':
password = myoptarg;
break;
case 'x':
/* exit after successful connection without read/write */
imExit = 1;
break;
case 'N':
nonBlock = 1;
break;
#if !defined(SINGLE_THREADED) && !defined(WOLFSSL_NUCLEUS)
case 'c':
cmd = myoptarg;
break;
#ifdef USE_WINDOWS_API
case 'R':
rawMode = 1;
break;
#endif /* USE_WINDOWS_API */
#endif
#ifdef WOLFSSH_TERM
case 't':
keepOpen = 1;
break;
#endif
case '?':
ShowUsage();
exit(EXIT_SUCCESS);
default:
ShowUsage();
exit(MY_EX_USAGE);
}
}
myoptind = 0; /* reset for test cases */
if (username == NULL)
err_sys("client requires a username parameter.");
#ifdef SINGLE_THREADED
if (keepOpen)
err_sys("Threading needed for terminal session\n");
#endif
ctx = wolfSSH_CTX_new(WOLFSSH_ENDPOINT_CLIENT, NULL);
if (ctx == NULL)
err_sys("Couldn't create wolfSSH client context.");
if (((func_args*)args)->user_auth == NULL)
wolfSSH_SetUserAuth(ctx, wsUserAuth);
else
wolfSSH_SetUserAuth(ctx, ((func_args*)args)->user_auth);
ssh = wolfSSH_new(ctx);
if (ssh == NULL)
err_sys("Couldn't create wolfSSH session.");
if (password != NULL)
wolfSSH_SetUserAuthCtx(ssh, (void*)password);
wolfSSH_CTX_SetPublicKeyCheck(ctx, wsPublicKeyCheck);
wolfSSH_SetPublicKeyCheckCtx(ssh, (void*)"You've been sampled!");
ret = wolfSSH_SetUsername(ssh, username);
if (ret != WS_SUCCESS)
err_sys("Couldn't set the username.");
build_addr(&clientAddr, host, port);
tcp_socket(&sockFd);
ret = connect(sockFd, (const struct sockaddr *)&clientAddr, clientAddrSz);
if (ret != 0)
err_sys("Couldn't connect to server.");
if (nonBlock)
tcp_set_nonblocking(&sockFd);
ret = wolfSSH_set_fd(ssh, (int)sockFd);
if (ret != WS_SUCCESS)
err_sys("Couldn't set the session's socket.");
if (cmd != NULL) {
ret = wolfSSH_SetChannelType(ssh, WOLFSSH_SESSION_EXEC,
(byte*)cmd, (word32)WSTRLEN((char*)cmd));
if (ret != WS_SUCCESS)
err_sys("Couldn't set the channel type.");
}
#ifdef WOLFSSH_TERM
if (keepOpen) {
ret = wolfSSH_SetChannelType(ssh, WOLFSSH_SESSION_TERMINAL, NULL, 0);
if (ret != WS_SUCCESS)
err_sys("Couldn't set the terminal channel type.");
}
#endif
if (!nonBlock)
ret = wolfSSH_connect(ssh);
else
ret = NonBlockSSH_connect(ssh);
if (ret != WS_SUCCESS) {
printf("err = %s\n", wolfSSH_get_error_name(ssh));
err_sys("Couldn't connect SSH stream.");
}
#if !defined(SINGLE_THREADED) && !defined(WOLFSSL_NUCLEUS)
if (keepOpen) /* set up for psuedo-terminal */
SetEcho(2);
if (cmd != NULL || keepOpen == 1) {
#if defined(_POSIX_THREADS)
thread_args arg;
pthread_t thread[2];
arg.ssh = ssh;
wc_InitMutex(&arg.lock);
pthread_create(&thread[0], NULL, readInput, (void*)&arg);
pthread_create(&thread[1], NULL, readPeer, (void*)&arg);
pthread_join(thread[1], NULL);
pthread_cancel(thread[0]);
#elif defined(_MSC_VER)
thread_args arg;
HANDLE thread[2];
arg.ssh = ssh;
arg.rawMode = rawMode;
wc_InitMutex(&arg.lock);
thread[0] = CreateThread(NULL, 0, readInput, (void*)&arg, 0, 0);
thread[1] = CreateThread(NULL, 0, readPeer, (void*)&arg, 0, 0);
WaitForSingleObject(thread[1], INFINITE);
CloseHandle(thread[0]);
CloseHandle(thread[1]);
#else
err_sys("No threading to use");
#endif
if (keepOpen)
SetEcho(1);
}
else
#endif
if (!imExit) {
ret = wolfSSH_stream_send(ssh, (byte*)testString,
(word32)strlen(testString));
if (ret <= 0)
err_sys("Couldn't send test string.");
do {
ret = wolfSSH_stream_read(ssh, (byte*)rxBuf, sizeof(rxBuf) - 1);
if (ret <= 0) {
ret = wolfSSH_get_error(ssh);
if (ret != WS_WANT_READ && ret != WS_WANT_WRITE)
err_sys("Stream read failed.");
}
} while (ret == WS_WANT_READ || ret == WS_WANT_WRITE);
rxBuf[ret] = '\0';
printf("Server said: %s\n", rxBuf);
}
ret = wolfSSH_shutdown(ssh);
WCLOSESOCKET(sockFd);
wolfSSH_free(ssh);
wolfSSH_CTX_free(ctx);
if (ret != WS_SUCCESS)
err_sys("Closing stream failed. Connection could have been closed by peer");
#if defined(HAVE_ECC) && defined(FP_ECC) && defined(HAVE_THREAD_LS)
wc_ecc_fp_free(); /* free per thread cache */
#endif
return 0;
}
THREAD_RETURN CYASSL_THREAD client_test(void* args)
{
SOCKET_T sockfd = 0;
CYASSL_METHOD* method = 0;
CYASSL_CTX* ctx = 0;
CYASSL* ssl = 0;
CYASSL* sslResume = 0;
CYASSL_SESSION* session = 0;
char resumeMsg[] = "resuming cyassl!";
int resumeSz = sizeof(resumeMsg);
char msg[32] = "hello cyassl!"; /* GET may make bigger */
char reply[80];
int input;
int msgSz = (int)strlen(msg);
int port = yasslPort;
char* host = (char*)yasslIP;
char* domain = (char*)"www.yassl.com";
int ch;
int version = CLIENT_INVALID_VERSION;
int usePsk = 0;
int sendGET = 0;
int benchmark = 0;
int doDTLS = 0;
int matchName = 0;
int doPeerCheck = 1;
int nonBlocking = 0;
int resumeSession = 0;
int trackMemory = 0;
int useClientCert = 1;
int fewerPackets = 0;
int atomicUser = 0;
int pkCallbacks = 0;
char* cipherList = NULL;
char* verifyCert = (char*)caCert;
char* ourCert = (char*)cliCert;
char* ourKey = (char*)cliKey;
#ifdef HAVE_SNI
char* sniHostName = NULL;
#endif
#ifdef HAVE_MAX_FRAGMENT
byte maxFragment = 0;
#endif
#ifdef HAVE_TRUNCATED_HMAC
byte truncatedHMAC = 0;
#endif
#ifdef HAVE_OCSP
int useOcsp = 0;
char* ocspUrl = NULL;
#endif
int argc = ((func_args*)args)->argc;
char** argv = ((func_args*)args)->argv;
((func_args*)args)->return_code = -1; /* error state */
#ifdef NO_RSA
verifyCert = (char*)eccCert;
ourCert = (char*)cliEccCert;
ourKey = (char*)cliEccKey;
#endif
(void)resumeSz;
(void)session;
(void)sslResume;
(void)trackMemory;
(void)atomicUser;
(void)pkCallbacks;
StackTrap();
while ((ch = mygetopt(argc, argv,
"?gdusmNrtfxUPh:p:v:l:A:c:k:b:zS:L:ToO:")) != -1) {
switch (ch) {
case '?' :
Usage();
exit(EXIT_SUCCESS);
case 'g' :
sendGET = 1;
break;
case 'd' :
doPeerCheck = 0;
break;
case 'u' :
doDTLS = 1;
break;
case 's' :
usePsk = 1;
break;
case 't' :
#ifdef USE_CYASSL_MEMORY
trackMemory = 1;
#endif
break;
case 'm' :
matchName = 1;
break;
case 'x' :
useClientCert = 0;
break;
case 'f' :
fewerPackets = 1;
break;
case 'U' :
#ifdef ATOMIC_USER
atomicUser = 1;
#endif
break;
case 'P' :
#ifdef HAVE_PK_CALLBACKS
pkCallbacks = 1;
#endif
break;
case 'h' :
host = myoptarg;
domain = myoptarg;
break;
case 'p' :
port = atoi(myoptarg);
#if !defined(NO_MAIN_DRIVER) || defined(USE_WINDOWS_API)
if (port == 0)
err_sys("port number cannot be 0");
#endif
break;
case 'v' :
version = atoi(myoptarg);
if (version < 0 || version > 3) {
Usage();
exit(MY_EX_USAGE);
}
break;
case 'l' :
cipherList = myoptarg;
break;
case 'A' :
verifyCert = myoptarg;
break;
case 'c' :
ourCert = myoptarg;
break;
case 'k' :
ourKey = myoptarg;
break;
case 'b' :
benchmark = atoi(myoptarg);
if (benchmark < 0 || benchmark > 1000000) {
Usage();
exit(MY_EX_USAGE);
}
break;
case 'N' :
nonBlocking = 1;
break;
case 'r' :
resumeSession = 1;
break;
case 'z' :
#ifndef CYASSL_LEANPSK
CyaSSL_GetObjectSize();
#endif
break;
case 'S' :
#ifdef HAVE_SNI
sniHostName = myoptarg;
#endif
break;
case 'L' :
#ifdef HAVE_MAX_FRAGMENT
maxFragment = atoi(myoptarg);
if (maxFragment < CYASSL_MFL_2_9 ||
maxFragment > CYASSL_MFL_2_13) {
Usage();
exit(MY_EX_USAGE);
}
#endif
break;
case 'T' :
#ifdef HAVE_TRUNCATED_HMAC
truncatedHMAC = 1;
#endif
break;
case 'o' :
#ifdef HAVE_OCSP
useOcsp = 1;
#endif
break;
case 'O' :
#ifdef HAVE_OCSP
useOcsp = 1;
ocspUrl = myoptarg;
#endif
break;
default:
Usage();
exit(MY_EX_USAGE);
}
}
myoptind = 0; /* reset for test cases */
/* sort out DTLS versus TLS versions */
if (version == CLIENT_INVALID_VERSION) {
if (doDTLS)
version = CLIENT_DTLS_DEFAULT_VERSION;
else
version = CLIENT_DEFAULT_VERSION;
}
else {
if (doDTLS) {
if (version == 3)
version = -2;
else
version = -1;
}
}
#ifdef USE_CYASSL_MEMORY
if (trackMemory)
InitMemoryTracker();
#endif
switch (version) {
#ifndef NO_OLD_TLS
case 0:
method = CyaSSLv3_client_method();
break;
#ifndef NO_TLS
case 1:
method = CyaTLSv1_client_method();
break;
case 2:
method = CyaTLSv1_1_client_method();
break;
#endif /* NO_TLS */
#endif /* NO_OLD_TLS */
#ifndef NO_TLS
case 3:
method = CyaTLSv1_2_client_method();
break;
#endif
#ifdef CYASSL_DTLS
case -1:
method = CyaDTLSv1_client_method();
break;
case -2:
method = CyaDTLSv1_2_client_method();
break;
#endif
default:
err_sys("Bad SSL version");
break;
}
if (method == NULL)
err_sys("unable to get method");
ctx = CyaSSL_CTX_new(method);
if (ctx == NULL)
err_sys("unable to get ctx");
if (cipherList)
if (CyaSSL_CTX_set_cipher_list(ctx, cipherList) != SSL_SUCCESS)
err_sys("client can't set cipher list 1");
#ifdef CYASSL_LEANPSK
usePsk = 1;
#endif
#if defined(NO_RSA) && !defined(HAVE_ECC)
usePsk = 1;
#endif
if (fewerPackets)
CyaSSL_CTX_set_group_messages(ctx);
if (usePsk) {
#ifndef NO_PSK
CyaSSL_CTX_set_psk_client_callback(ctx, my_psk_client_cb);
if (cipherList == NULL) {
const char *defaultCipherList;
#ifdef HAVE_NULL_CIPHER
defaultCipherList = "PSK-NULL-SHA256";
#else
defaultCipherList = "PSK-AES128-CBC-SHA256";
#endif
if (CyaSSL_CTX_set_cipher_list(ctx,defaultCipherList) !=SSL_SUCCESS)
err_sys("client can't set cipher list 2");
}
#endif
useClientCert = 0;
}
#ifdef OPENSSL_EXTRA
CyaSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
#endif
#if defined(CYASSL_SNIFFER) && !defined(HAVE_NTRU) && !defined(HAVE_ECC)
if (cipherList == NULL) {
/* don't use EDH, can't sniff tmp keys */
if (CyaSSL_CTX_set_cipher_list(ctx, "AES256-SHA256") != SSL_SUCCESS) {
err_sys("client can't set cipher list 3");
}
}
#endif
#ifdef HAVE_OCSP
if (useOcsp) {
if (ocspUrl != NULL) {
CyaSSL_CTX_SetOCSP_OverrideURL(ctx, ocspUrl);
CyaSSL_CTX_EnableOCSP(ctx, CYASSL_OCSP_NO_NONCE
| CYASSL_OCSP_URL_OVERRIDE);
}
else
CyaSSL_CTX_EnableOCSP(ctx, CYASSL_OCSP_NO_NONCE);
}
#endif
#ifdef USER_CA_CB
CyaSSL_CTX_SetCACb(ctx, CaCb);
#endif
#ifdef VERIFY_CALLBACK
CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myVerify);
#endif
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
if (useClientCert){
if (CyaSSL_CTX_use_certificate_chain_file(ctx, ourCert) != SSL_SUCCESS)
err_sys("can't load client cert file, check file and run from"
" CyaSSL home dir");
if (CyaSSL_CTX_use_PrivateKey_file(ctx, ourKey, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("can't load client private key file, check file and run "
"from CyaSSL home dir");
}
if (!usePsk) {
if (CyaSSL_CTX_load_verify_locations(ctx, verifyCert, 0) != SSL_SUCCESS)
err_sys("can't load ca file, Please run from CyaSSL home dir");
}
#endif
#if !defined(NO_CERTS)
if (!usePsk && doPeerCheck == 0)
CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
#endif
#ifdef HAVE_CAVIUM
CyaSSL_CTX_UseCavium(ctx, CAVIUM_DEV_ID);
#endif
#ifdef HAVE_SNI
if (sniHostName)
if (CyaSSL_CTX_UseSNI(ctx, 0, sniHostName, XSTRLEN(sniHostName))
!= SSL_SUCCESS)
err_sys("UseSNI failed");
#endif
#ifdef HAVE_MAX_FRAGMENT
if (maxFragment)
if (CyaSSL_CTX_UseMaxFragment(ctx, maxFragment) != SSL_SUCCESS)
err_sys("UseMaxFragment failed");
#endif
#ifdef HAVE_TRUNCATED_HMAC
if (truncatedHMAC)
if (CyaSSL_CTX_UseTruncatedHMAC(ctx) != SSL_SUCCESS)
err_sys("UseTruncatedHMAC failed");
#endif
if (benchmark) {
/* time passed in number of connects give average */
int times = benchmark;
int i = 0;
double start = current_time(), avg;
for (i = 0; i < times; i++) {
tcp_connect(&sockfd, host, port, doDTLS);
ssl = CyaSSL_new(ctx);
CyaSSL_set_fd(ssl, sockfd);
if (CyaSSL_connect(ssl) != SSL_SUCCESS)
err_sys("SSL_connect failed");
CyaSSL_shutdown(ssl);
CyaSSL_free(ssl);
CloseSocket(sockfd);
}
avg = current_time() - start;
avg /= times;
avg *= 1000; /* milliseconds */
printf("CyaSSL_connect avg took: %8.3f milliseconds\n", avg);
CyaSSL_CTX_free(ctx);
((func_args*)args)->return_code = 0;
exit(EXIT_SUCCESS);
}
#if defined(CYASSL_MDK_ARM)
CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
#endif
ssl = CyaSSL_new(ctx);
if (ssl == NULL)
err_sys("unable to get SSL object");
if (doDTLS) {
SOCKADDR_IN_T addr;
build_addr(&addr, host, port, 1);
CyaSSL_dtls_set_peer(ssl, &addr, sizeof(addr));
tcp_socket(&sockfd, 1);
}
else {
tcp_connect(&sockfd, host, port, 0);
}
CyaSSL_set_fd(ssl, sockfd);
#ifdef HAVE_CRL
if (CyaSSL_EnableCRL(ssl, CYASSL_CRL_CHECKALL) != SSL_SUCCESS)
err_sys("can't enable crl check");
if (CyaSSL_LoadCRL(ssl, crlPemDir, SSL_FILETYPE_PEM, 0) != SSL_SUCCESS)
err_sys("can't load crl, check crlfile and date validity");
if (CyaSSL_SetCRL_Cb(ssl, CRL_CallBack) != SSL_SUCCESS)
err_sys("can't set crl callback");
#endif
#ifdef ATOMIC_USER
if (atomicUser)
SetupAtomicUser(ctx, ssl);
#endif
#ifdef HAVE_PK_CALLBACKS
if (pkCallbacks)
SetupPkCallbacks(ctx, ssl);
#endif
if (matchName && doPeerCheck)
CyaSSL_check_domain_name(ssl, domain);
#ifndef CYASSL_CALLBACKS
if (nonBlocking) {
CyaSSL_set_using_nonblock(ssl, 1);
tcp_set_nonblocking(&sockfd);
NonBlockingSSL_Connect(ssl);
}
else if (CyaSSL_connect(ssl) != SSL_SUCCESS) {
/* see note at top of README */
int err = CyaSSL_get_error(ssl, 0);
char buffer[CYASSL_MAX_ERROR_SZ];
printf("err = %d, %s\n", err,
CyaSSL_ERR_error_string(err, buffer));
err_sys("SSL_connect failed");
/* if you're getting an error here */
}
#else
timeout.tv_sec = 2;
timeout.tv_usec = 0;
NonBlockingSSL_Connect(ssl); /* will keep retrying on timeout */
#endif
showPeer(ssl);
if (sendGET) {
printf("SSL connect ok, sending GET...\n");
msgSz = 28;
strncpy(msg, "GET /index.html HTTP/1.0\r\n\r\n", msgSz);
msg[msgSz] = '\0';
}
if (CyaSSL_write(ssl, msg, msgSz) != msgSz)
err_sys("SSL_write failed");
input = CyaSSL_read(ssl, reply, sizeof(reply)-1);
if (input > 0) {
reply[input] = 0;
printf("Server response: %s\n", reply);
if (sendGET) { /* get html */
while (1) {
input = CyaSSL_read(ssl, reply, sizeof(reply)-1);
if (input > 0) {
reply[input] = 0;
printf("%s\n", reply);
}
else
break;
}
}
}
else if (input < 0) {
int readErr = CyaSSL_get_error(ssl, 0);
if (readErr != SSL_ERROR_WANT_READ)
err_sys("CyaSSL_read failed");
}
#ifndef NO_SESSION_CACHE
if (resumeSession) {
if (doDTLS) {
strncpy(msg, "break", 6);
msgSz = (int)strlen(msg);
/* try to send session close */
CyaSSL_write(ssl, msg, msgSz);
}
session = CyaSSL_get_session(ssl);
sslResume = CyaSSL_new(ctx);
}
#endif
if (doDTLS == 0) /* don't send alert after "break" command */
CyaSSL_shutdown(ssl); /* echoserver will interpret as new conn */
#ifdef ATOMIC_USER
if (atomicUser)
FreeAtomicUser(ssl);
#endif
CyaSSL_free(ssl);
CloseSocket(sockfd);
#ifndef NO_SESSION_CACHE
if (resumeSession) {
if (doDTLS) {
SOCKADDR_IN_T addr;
#ifdef USE_WINDOWS_API
Sleep(500);
#else
sleep(1);
#endif
build_addr(&addr, host, port, 1);
CyaSSL_dtls_set_peer(sslResume, &addr, sizeof(addr));
tcp_socket(&sockfd, 1);
}
else {
tcp_connect(&sockfd, host, port, 0);
}
CyaSSL_set_fd(sslResume, sockfd);
CyaSSL_set_session(sslResume, session);
showPeer(sslResume);
#ifndef CYASSL_CALLBACKS
if (nonBlocking) {
CyaSSL_set_using_nonblock(sslResume, 1);
tcp_set_nonblocking(&sockfd);
NonBlockingSSL_Connect(sslResume);
}
else if (CyaSSL_connect(sslResume) != SSL_SUCCESS)
err_sys("SSL resume failed");
#else
timeout.tv_sec = 2;
timeout.tv_usec = 0;
NonBlockingSSL_Connect(ssl); /* will keep retrying on timeout */
#endif
if (CyaSSL_session_reused(sslResume))
printf("reused session id\n");
else
printf("didn't reuse session id!!!\n");
if (CyaSSL_write(sslResume, resumeMsg, resumeSz) != resumeSz)
err_sys("SSL_write failed");
if (nonBlocking) {
/* give server a chance to bounce a message back to client */
#ifdef USE_WINDOWS_API
Sleep(500);
#else
sleep(1);
#endif
}
input = CyaSSL_read(sslResume, reply, sizeof(reply)-1);
if (input > 0) {
reply[input] = 0;
printf("Server resume response: %s\n", reply);
}
/* try to send session break */
CyaSSL_write(sslResume, msg, msgSz);
CyaSSL_shutdown(sslResume);
CyaSSL_free(sslResume);
CloseSocket(sockfd);
}
#endif /* NO_SESSION_CACHE */
CyaSSL_CTX_free(ctx);
((func_args*)args)->return_code = 0;
#ifdef USE_CYASSL_MEMORY
if (trackMemory)
ShowMemoryTracker();
#endif /* USE_CYASSL_MEMORY */
return 0;
}
//*******************************************************
// Take supplied filename and open it, then parse the contents.
// Upon return following set:
//
// OR we failed -1.
int readConfig(char *configFileName)
{
char linein[256];
int len;
const char delimiters[] = "=";
char *lefttoken, *righttoken;
char *cp;
// Used if building white/blacklist
struct in6_addr listEntry;
strncpy( interfacestr, NPDAEMON_WAN_IF_NAME, sizeof(interfacestr));
flog(LOG_INFO, "Supplied interface is %s", interfacestr);
listType = NOLIST;
if (tRoot != NULL)
{
tdestroy(tRoot, free);
tEntries = 0;
}
tRoot = NULL;
collectTargets = 100;
naLinkOptFlag = 0;
nsIgnoreLocal = 1;
naRouter = 1;
maxHops = 255;
interfaceIdx = if_nametoindex(interfacestr);
if (!interfaceIdx)
{
flog(LOG_ERR, "Could not get ifIndex for interface %s", interfacestr);
return 1;
}
while (getLinkaddress( interfacestr, linkAddr) )
{
flog(LOG_ERR, "failed to convert interface specified to a link-level address continue.");
sleep(1);
}
return 0;
if ((configFileFD = fopen(configFileName, "r")) == NULL)
{
fprintf(stderr, "Can't open %s: %s\n", configFileName, strerror(errno));
flog(LOG_ERR, "Can't open config file %s: %s", configFileName, strerror(errno));
}
// This is real simple config file parsing...
do {
int strToken, strIdx;
len = 0;
if (fgets(linein, 128, configFileFD) == NULL)
break;
// Tidy it up
stripwhitespace(linein);
// Special mega-hacky thing for blank lines:
len = strlen(linein);
if (len==0)
{
len=1;
continue;
}
// Tokenize
cp = strdupa(linein);
lefttoken = strtok(cp, delimiters);
righttoken = strtok(NULL, delimiters);
if ( (lefttoken == NULL) || (righttoken == NULL) )
{
continue;
}
// Match token
strIdx = -1;
for(strToken = 0; strToken < CONFIGTOTAL; strToken++)
{
if( !strcmp(lefttoken, configStrs[strToken]) )
{
strIdx = strToken;
// Matched, so drop to next step
break;
}
}
flog(LOG_DEBUG2, "Matched config item index: %d", strIdx);
// If config params are being added, it should only be required
// to update the strings in npd6config.h and then insert a
// case XXXXXXX: here with self-contined code inside.
switch (strIdx) {
case NOMATCH:
flog(LOG_DEBUG2, "Found noise in config file. Skipping.");
continue;
case NPD6PREFIX:
strncpy( prefixaddrstr, righttoken, sizeof(prefixaddrstr));
flog(LOG_DEBUG, "Raw prefix: %s", prefixaddrstr);
// We need to pad it up and record the length in bits
prefixaddrlen = prefixset(prefixaddrstr);
flog(LOG_INFO, "Padded prefix: %s, length = %d", prefixaddrstr, prefixaddrlen);
if ( prefixaddrlen <= 0 )
{
flog(LOG_ERR, "Invalid prefix.");
}
// Build a binary image of it
build_addr(prefixaddrstr, &prefixaddr);
break;
case NPD6INTERFACE:
if ( strlen( righttoken) > INTERFACE_STRLEN )
{
flog(LOG_ERR, "Invalid length interface name");
return 1;
}
strncpy( interfacestr, righttoken, sizeof(interfacestr));
flog(LOG_INFO, "Supplied interface is %s", interfacestr);
break;
case NPD6OPTFLAG:
if ( !strcmp( righttoken, SET ) )
{
flog(LOG_INFO, "linkOption flag SET");
naLinkOptFlag = 1;
}
else if ( !strcmp( righttoken, UNSET ) )
{
flog(LOG_INFO, "linkOption flag UNSET");
naLinkOptFlag = 0;
}
else
{
flog(LOG_ERR, "linkOption flag - Bad value");
return 1;
}
break;
case NPD6LOCALIG:
if ( !strcmp( righttoken, SET ) )
{
flog(LOG_INFO, "ignoreLocal flag SET");
nsIgnoreLocal = 1;
}
else if ( !strcmp( righttoken, UNSET ) )
{
flog(LOG_INFO, "ignoreLocal flag UNSET");
nsIgnoreLocal = 0;
}
else
{
flog(LOG_ERR, "ignoreLocal flag - Bad value");
return 1;
}
break;
case NPD6ROUTERNA:
if ( !strcmp( righttoken, SET ) )
{
flog(LOG_INFO, "routerNA flag SET");
naRouter = 1;
}
else if ( !strcmp( righttoken, UNSET ) )
{
flog(LOG_INFO, "routerNA flag UNSET");
naRouter = 0;
}
else
{
flog(LOG_ERR, "routerNA flag - Bad value");
return 1;
}
break;
case NPD6MAXHOPS:
maxHops = -1;
maxHops = atoi(righttoken);
if ( (maxHops < 0) || (maxHops > MAXMAXHOPS) )
{
flog(LOG_ERR, "maxHops - invalid value specified in config.");
return 1;
}
else
{
flog(LOG_INFO, "maxHops set to %d", maxHops);
}
break;
case NPD6TARGETS:
// If we arrive here and the tRoot tree already exists,
// then we're re-reading the config and so need to zap
// the tRoot data first.
if (tRoot != NULL)
{
tdestroy(tRoot, free);
tEntries = 0;
}
collectTargets = -1;
tRoot = NULL;
collectTargets = atoi(righttoken);
if ( (collectTargets < 0) || (collectTargets > MAXTARGETS) )
{
flog(LOG_ERR, "collectTargets - invalid value specified in config.");
return 1;
}
else
{
flog(LOG_INFO, "collectTargets set to %d", collectTargets);
}
break;
case NPD6LISTTYPE:
if ( !strcmp( righttoken, NPD6NONE ) )
{
flog(LOG_INFO, "List-type = NONE");
listType = NOLIST;
}
else if ( !strcmp( righttoken, NPD6BLACK ) )
{
flog(LOG_INFO, "List-type = BLACK");
listType = BLACKLIST;
}
else if( !strcmp( righttoken, NPD6WHITE ) )
{
flog(LOG_INFO, "List-type = WHITE");
listType = WHITELIST;
}
else
{
flog(LOG_ERR, "List-type = <invalid value> - Setting to NONE");
listType = NOLIST;
}
break;
case NPD6LISTADDR:
if (build_addr( righttoken, &listEntry) )
{
flog(LOG_DEBUG, "Address %s valid.", righttoken);
storeListEntry(&listEntry);
}
else
{
flog(LOG_ERR, "Address %s invalid.", righttoken);
}
break;
}
} while (len);
// Now do some final checks to ensure all required params were supplied
if ( ! strcmp(prefixaddrstr, NULLSTR) )
{
flog(LOG_ERR, "Prefix not defined in config file.");
return 1;
}
if ( ! strcmp(interfacestr, NULLSTR) )
{
flog(LOG_ERR, "interface not defined in config file.");
return 1;
}
// Work out the interface index
interfaceIdx = if_nametoindex(interfacestr);
if (!interfaceIdx)
{
flog(LOG_ERR, "Could not get ifIndex for interface %s", interfacestr);
return 1;
}
if (getLinkaddress( interfacestr, linkAddr) )
{
flog(LOG_ERR, "failed to convert interface specified to a link-level address.");
return 1;
}
return 0;
}
void echoclient_test(void* args)
{
SOCKET_T sockfd = 0;
FILE* fin = stdin;
FILE* fout = stdout;
int inCreated = 0;
int outCreated = 0;
char msg[1024];
char reply[1024];
SSL_METHOD* method = 0;
SSL_CTX* ctx = 0;
SSL* ssl = 0;
int doDTLS = 0;
int doLeanPSK = 0;
int sendSz;
int argc = 0;
char** argv = 0;
((func_args*)args)->return_code = -1; /* error state */
argc = ((func_args*)args)->argc;
argv = ((func_args*)args)->argv;
if (argc >= 2) {
fin = fopen(argv[1], "r");
inCreated = 1;
}
if (argc >= 3) {
fout = fopen(argv[2], "w");
outCreated = 1;
}
if (!fin) err_sys("can't open input file");
if (!fout) err_sys("can't open output file");
#ifdef CYASSL_DTLS
doDTLS = 1;
#endif
#ifdef CYASSL_LEANPSK
doLeanPSK = 1;
#endif
#if defined(CYASSL_DTLS)
method = DTLSv1_client_method();
#elif !defined(NO_TLS)
method = CyaSSLv23_client_method();
#else
method = SSLv3_client_method();
#endif
ctx = SSL_CTX_new(method);
#ifndef NO_FILESYSTEM
if (SSL_CTX_load_verify_locations(ctx, caCert, 0) != SSL_SUCCESS)
err_sys("can't load ca file, Please run from CyaSSL home dir");
#ifdef HAVE_ECC
if (SSL_CTX_load_verify_locations(ctx, eccCert, 0) != SSL_SUCCESS)
err_sys("can't load ca file, Please run from CyaSSL home dir");
#endif
#elif !defined(NO_CERTS)
if (!doLeanPSK)
load_buffer(ctx, caCert, CYASSL_CA);
#endif
#if defined(CYASSL_SNIFFER) && !defined(HAVE_NTRU) && !defined(HAVE_ECC)
/* don't use EDH, can't sniff tmp keys */
SSL_CTX_set_cipher_list(ctx, "AES256-SHA");
#endif
if (doLeanPSK) {
#ifdef CYASSL_LEANPSK
CyaSSL_CTX_set_psk_client_callback(ctx, my_psk_client_cb);
SSL_CTX_set_cipher_list(ctx, "PSK-NULL-SHA");
#endif
}
#ifdef OPENSSL_EXTRA
SSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
#endif
ssl = SSL_new(ctx);
if (doDTLS) {
SOCKADDR_IN_T addr;
build_addr(&addr, yasslIP, yasslPort);
CyaSSL_dtls_set_peer(ssl, &addr, sizeof(addr));
tcp_socket(&sockfd, 1);
}
else {
tcp_connect(&sockfd, yasslIP, yasslPort, 0);
}
SSL_set_fd(ssl, sockfd);
#if defined(USE_WINDOWS_API) && defined(CYASSL_DTLS) && defined(NO_MAIN_DRIVER)
/* let echoserver bind first, TODO: add Windows signal like pthreads does */
Sleep(100);
#endif
if (SSL_connect(ssl) != SSL_SUCCESS) err_sys("SSL_connect failed");
while (fgets(msg, sizeof(msg), fin)) {
sendSz = (int)strlen(msg);
if (SSL_write(ssl, msg, sendSz) != sendSz)
err_sys("SSL_write failed");
if (strncmp(msg, "quit", 4) == 0) {
fputs("sending server shutdown command: quit!\n", fout);
break;
}
if (strncmp(msg, "break", 5) == 0) {
fputs("sending server session close: break!\n", fout);
break;
}
while (sendSz) {
int got;
if ( (got = SSL_read(ssl, reply, sizeof(reply))) > 0) {
reply[got] = 0;
fputs(reply, fout);
sendSz -= got;
}
else
break;
}
}
#ifdef CYASSL_DTLS
strncpy(msg, "break", 6);
sendSz = (int)strlen(msg);
/* try to tell server done */
SSL_write(ssl, msg, sendSz);
#else
SSL_shutdown(ssl);
#endif
SSL_free(ssl);
SSL_CTX_free(ctx);
fflush(fout);
if (inCreated) fclose(fin);
if (outCreated) fclose(fout);
CloseSocket(sockfd);
((func_args*)args)->return_code = 0;
}
void client_test(void* args)
{
SOCKET_T sockfd = 0;
CYASSL_METHOD* method = 0;
CYASSL_CTX* ctx = 0;
CYASSL* ssl = 0;
CYASSL* sslResume = 0;
CYASSL_SESSION* session = 0;
char resumeMsg[] = "resuming cyassl!";
int resumeSz = sizeof(resumeMsg);
char msg[64] = "hello cyassl!";
char reply[1024];
int input;
int msgSz = (int)strlen(msg);
int port = yasslPort;
char* host = (char*)yasslIP;
char* domain = (char*)"www.yassl.com";
int ch;
int version = CLIENT_DEFAULT_VERSION;
int usePsk = 0;
int sendGET = 0;
int benchmark = 0;
int doDTLS = 0;
int matchName = 0;
int doPeerCheck = 1;
int nonBlocking = 0;
int resumeSession = 0;
char* cipherList = NULL;
char* verifyCert = (char*)caCert;
char* ourCert = (char*)cliCert;
char* ourKey = (char*)cliKey;
int argc = ((func_args*)args)->argc;
char** argv = ((func_args*)args)->argv;
((func_args*)args)->return_code = -1; /* error state */
while ((ch = mygetopt(argc, argv, "?gdusmNrh:p:v:l:A:c:k:b:")) != -1) {
switch (ch) {
case '?' :
Usage();
exit(EXIT_SUCCESS);
case 'g' :
sendGET = 1;
break;
case 'd' :
doPeerCheck = 0;
break;
case 'u' :
doDTLS = 1;
version = -1; /* DTLS flag */
break;
case 's' :
usePsk = 1;
break;
case 'm' :
matchName = 1;
break;
case 'h' :
host = myoptarg;
domain = myoptarg;
break;
case 'p' :
port = atoi(myoptarg);
break;
case 'v' :
version = atoi(myoptarg);
if (version < 0 || version > 3) {
Usage();
exit(MY_EX_USAGE);
}
if (doDTLS)
version = -1; /* DTLS flag */
break;
case 'l' :
cipherList = myoptarg;
break;
case 'A' :
verifyCert = myoptarg;
break;
case 'c' :
ourCert = myoptarg;
break;
case 'k' :
ourKey = myoptarg;
break;
case 'b' :
benchmark = atoi(myoptarg);
if (benchmark < 0 || benchmark > 1000000) {
Usage();
exit(MY_EX_USAGE);
}
break;
case 'N' :
nonBlocking = 1;
break;
case 'r' :
resumeSession = 1;
break;
default:
Usage();
exit(MY_EX_USAGE);
}
}
myoptind = 0; /* reset for test cases */
switch (version) {
#ifndef NO_OLD_TLS
case 0:
method = CyaSSLv3_client_method();
break;
case 1:
method = CyaTLSv1_client_method();
break;
case 2:
method = CyaTLSv1_1_client_method();
break;
#endif
case 3:
method = CyaTLSv1_2_client_method();
break;
#ifdef CYASSL_DTLS
case -1:
method = CyaDTLSv1_client_method();
break;
#endif
default:
err_sys("Bad SSL version");
}
if (method == NULL)
err_sys("unable to get method");
ctx = CyaSSL_CTX_new(method);
if (ctx == NULL)
err_sys("unable to get ctx");
if (cipherList)
if (CyaSSL_CTX_set_cipher_list(ctx, cipherList) != SSL_SUCCESS)
err_sys("can't set cipher list");
#ifdef CYASSL_LEANPSK
usePsk = 1;
#endif
if (usePsk) {
#ifndef NO_PSK
CyaSSL_CTX_set_psk_client_callback(ctx, my_psk_client_cb);
if (cipherList == NULL) {
const char *defaultCipherList;
#ifdef HAVE_NULL_CIPHER
defaultCipherList = "PSK-NULL-SHA";
#else
defaultCipherList = "PSK-AES256-CBC-SHA";
#endif
if (CyaSSL_CTX_set_cipher_list(ctx,defaultCipherList) !=SSL_SUCCESS)
err_sys("can't set cipher list");
}
#endif
}
#ifdef OPENSSL_EXTRA
CyaSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
#endif
#if defined(CYASSL_SNIFFER) && !defined(HAVE_NTRU) && !defined(HAVE_ECC)
if (cipherList == NULL) {
/* don't use EDH, can't sniff tmp keys */
if (CyaSSL_CTX_set_cipher_list(ctx, "AES256-SHA") != SSL_SUCCESS) {
err_sys("can't set cipher list");
}
}
#endif
#ifdef USER_CA_CB
CyaSSL_CTX_SetCACb(ctx, CaCb);
#endif
#ifdef VERIFY_CALLBACK
CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myVerify);
#endif
#ifndef NO_FILESYSTEM
if (!usePsk){
if (CyaSSL_CTX_use_certificate_file(ctx, ourCert, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("can't load client cert file, check file and run from"
" CyaSSL home dir");
if (CyaSSL_CTX_use_PrivateKey_file(ctx, ourKey, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("can't load client cert file, check file and run from"
" CyaSSL home dir");
if (CyaSSL_CTX_load_verify_locations(ctx, verifyCert, 0) != SSL_SUCCESS)
err_sys("can't load ca file, Please run from CyaSSL home dir");
}
#endif
if (!usePsk && doPeerCheck == 0)
CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
if (benchmark) {
/* time passed in number of connects give average */
int times = benchmark;
int i = 0;
double start = current_time(), avg;
for (i = 0; i < times; i++) {
tcp_connect(&sockfd, host, port, doDTLS);
ssl = CyaSSL_new(ctx);
CyaSSL_set_fd(ssl, sockfd);
if (CyaSSL_connect(ssl) != SSL_SUCCESS)
err_sys("SSL_connect failed");
CyaSSL_shutdown(ssl);
CyaSSL_free(ssl);
CloseSocket(sockfd);
}
avg = current_time() - start;
avg /= times;
avg *= 1000; /* milliseconds */
printf("CyaSSL_connect avg took: %8.3f milliseconds\n", avg);
CyaSSL_CTX_free(ctx);
((func_args*)args)->return_code = 0;
exit(EXIT_SUCCESS);
}
ssl = CyaSSL_new(ctx);
if (ssl == NULL)
err_sys("unable to get SSL object");
if (doDTLS) {
SOCKADDR_IN_T addr;
build_addr(&addr, host, port);
CyaSSL_dtls_set_peer(ssl, &addr, sizeof(addr));
tcp_socket(&sockfd, 1);
}
else {
tcp_connect(&sockfd, host, port, 0);
}
CyaSSL_set_fd(ssl, sockfd);
#ifdef HAVE_CRL
if (CyaSSL_EnableCRL(ssl, CYASSL_CRL_CHECKALL) != SSL_SUCCESS)
err_sys("can't enable crl check");
if (CyaSSL_LoadCRL(ssl, crlPemDir, SSL_FILETYPE_PEM, 0) != SSL_SUCCESS)
err_sys("can't load crl, check crlfile and date validity");
if (CyaSSL_SetCRL_Cb(ssl, CRL_CallBack) != SSL_SUCCESS)
err_sys("can't set crl callback");
#endif
if (matchName && doPeerCheck)
CyaSSL_check_domain_name(ssl, domain);
#ifndef CYASSL_CALLBACKS
if (nonBlocking) {
CyaSSL_set_using_nonblock(ssl, 1);
tcp_set_nonblocking(&sockfd);
NonBlockingSSL_Connect(ssl);
}
else if (CyaSSL_connect(ssl) != SSL_SUCCESS) {
/* see note at top of README */
int err = CyaSSL_get_error(ssl, 0);
char buffer[80];
printf("err = %d, %s\n", err,
CyaSSL_ERR_error_string(err, buffer));
err_sys("SSL_connect failed");
/* if you're getting an error here */
}
#else
timeout.tv_sec = 2;
timeout.tv_usec = 0;
NonBlockingSSL_Connect(ssl); /* will keep retrying on timeout */
#endif
showPeer(ssl);
if (sendGET) {
printf("SSL connect ok, sending GET...\n");
msgSz = 28;
strncpy(msg, "GET /index.html HTTP/1.0\r\n\r\n", msgSz);
}
if (CyaSSL_write(ssl, msg, msgSz) != msgSz)
err_sys("SSL_write failed");
input = CyaSSL_read(ssl, reply, sizeof(reply));
if (input > 0) {
reply[input] = 0;
printf("Server response: %s\n", reply);
if (sendGET) { /* get html */
while (1) {
input = CyaSSL_read(ssl, reply, sizeof(reply));
if (input > 0) {
reply[input] = 0;
printf("%s\n", reply);
}
else
break;
}
}
}
if (resumeSession) {
if (doDTLS) {
strncpy(msg, "break", 6);
msgSz = (int)strlen(msg);
/* try to send session close */
CyaSSL_write(ssl, msg, msgSz);
}
session = CyaSSL_get_session(ssl);
sslResume = CyaSSL_new(ctx);
}
if (doDTLS == 0) /* don't send alert after "break" command */
CyaSSL_shutdown(ssl); /* echoserver will interpret as new conn */
CyaSSL_free(ssl);
CloseSocket(sockfd);
if (resumeSession) {
if (doDTLS) {
SOCKADDR_IN_T addr;
#ifdef USE_WINDOWS_API
Sleep(500);
#else
sleep(1);
#endif
build_addr(&addr, host, port);
CyaSSL_dtls_set_peer(sslResume, &addr, sizeof(addr));
tcp_socket(&sockfd, 1);
}
else {
tcp_connect(&sockfd, host, port, 0);
}
CyaSSL_set_fd(sslResume, sockfd);
CyaSSL_set_session(sslResume, session);
showPeer(sslResume);
#ifndef CYASSL_CALLBACKS
if (nonBlocking) {
CyaSSL_set_using_nonblock(sslResume, 1);
tcp_set_nonblocking(&sockfd);
NonBlockingSSL_Connect(sslResume);
}
else if (CyaSSL_connect(sslResume) != SSL_SUCCESS)
err_sys("SSL resume failed");
#else
timeout.tv_sec = 2;
timeout.tv_usec = 0;
NonBlockingSSL_Connect(ssl); /* will keep retrying on timeout */
#endif
#ifdef OPENSSL_EXTRA
if (CyaSSL_session_reused(sslResume))
printf("reused session id\n");
else
printf("didn't reuse session id!!!\n");
#endif
if (CyaSSL_write(sslResume, resumeMsg, resumeSz) != resumeSz)
err_sys("SSL_write failed");
if (nonBlocking) {
/* give server a chance to bounce a message back to client */
#ifdef USE_WINDOWS_API
Sleep(500);
#else
sleep(1);
#endif
}
input = CyaSSL_read(sslResume, reply, sizeof(reply));
if (input > 0) {
reply[input] = 0;
printf("Server resume response: %s\n", reply);
}
/* try to send session break */
CyaSSL_write(sslResume, msg, msgSz);
CyaSSL_shutdown(sslResume);
CyaSSL_free(sslResume);
}
CyaSSL_CTX_free(ctx);
CloseSocket(sockfd);
((func_args*)args)->return_code = 0;
}
