From 8dedecf3e18feefe2bbc20918651570fcd48665d Mon Sep 17 00:00:00 2001 From: Conner Date: Tue, 16 May 2017 14:51:09 -0600 Subject: [PATCH 01/10] changed server-tcp.c to more closely follow coding standard --- psk/server-tcp.c | 28 +++++++++++++++------------- 1 file changed, 15 insertions(+), 13 deletions(-) diff --git a/psk/server-tcp.c b/psk/server-tcp.c index f829f45d..3a05b9e5 100644 --- a/psk/server-tcp.c +++ b/psk/server-tcp.c @@ -1,6 +1,6 @@ /* server-tcp.c - * A server ecample using a TCP connection. - * + * A server ecample using a TCP connection. + * * Copyright (C) 2006-2015 wolfSSL Inc. * * This file is part of wolfSSL. (formerly known as CyaSSL) @@ -34,15 +34,15 @@ #define LISTENQ 1024 #define SERV_PORT 11111 -/* - * Fatal error detected, print out and exit. +/* + * Fatal error detected, print out and exit. */ void err_sys(const char *err, ...) { printf("Fatal error : %s\n", err); } -/* +/* * Handles response to client. */ void respond(int sockfd) @@ -71,11 +71,12 @@ int main() char buff[MAXLINE]; socklen_t cliLen; - /* find a socket , 0 for using TCP option */ + /* find a socket , 0 for using TCP option */ listenfd = socket(AF_INET, SOCK_STREAM, 0); - if (listenfd < 0) + if (listenfd < 0) { err_sys("socket error"); - + } + /* set up server address and port */ memset(&servAddr, 0, sizeof(servAddr)); servAddr.sin_family = AF_INET; @@ -86,15 +87,16 @@ int main() opt = 1; setsockopt(listenfd, SOL_SOCKET, SO_REUSEADDR, (const void*)&opt, sizeof(int)); - if (bind(listenfd, (struct sockaddr *) &servAddr, sizeof(servAddr)) < 0) + if (bind(listenfd, (struct sockaddr *) &servAddr, sizeof(servAddr)) < 0) { err_sys("bind error"); - - /* listen to the socket */ + } + + /* listen to the socket */ if (listen(listenfd, LISTENQ) < 0) { err_sys("listen error"); return 1; } - + /* main loop for accepting and responding to clients */ for ( ; ; ) { cliLen = sizeof(cliAddr); @@ -107,7 +109,7 @@ int main() printf("Connection from %s, port %d\n", inet_ntop(AF_INET, &cliAddr.sin_addr, buff, sizeof(buff)), ntohs(cliAddr.sin_port)); - + respond(connfd); /* closes the connections after responding */ if (close(connfd) == -1) { From e8d01ac1b56c97034478c93836e3e5207149c4a5 Mon Sep 17 00:00:00 2001 From: Conner Date: Tue, 16 May 2017 15:11:55 -0600 Subject: [PATCH 02/10] Changed server-psk-threading.c to more closely follow coding standard. --- psk/server-psk-threaded.c | 50 +++++++++++++++++++++------------------ 1 file changed, 27 insertions(+), 23 deletions(-) diff --git a/psk/server-psk-threaded.c b/psk/server-psk-threaded.c index 5c6f7c76..63a7e286 100644 --- a/psk/server-psk-threaded.c +++ b/psk/server-psk-threaded.c @@ -1,6 +1,6 @@ /* server-psk-threaded.c * A server ecample using a multi-threaded TCP connection with PSK security. - * + * * Copyright (C) 2006-2015 wolfSSL Inc. * * This file is part of wolfSSL. (formerly known as CyaSSL) @@ -50,8 +50,9 @@ static inline unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identity, (void)ssl; (void)key_max_len; - if (strncmp(identity, "Client_identity", 15) != 0) + if (strncmp(identity, "Client_identity", 15) != 0) { return 0; + } key[0] = 26; key[1] = 43; @@ -68,10 +69,10 @@ void* wolfssl_thread(void* fd) { WOLFSSL* ssl; int connfd = *((int*)fd); - int n; - char buf[MAXLINE]; + int n; + char buf[MAXLINE]; char response[] = "I hear ya for shizzle"; - + memset(buf, 0, MAXLINE); /* create WOLFSSL object */ @@ -79,14 +80,15 @@ void* wolfssl_thread(void* fd) printf("Fatal error : wolfSSL_new error"); /* place signal for forced error exit here */ } - + wolfSSL_set_fd(ssl, connfd); /* respond to client */ n = wolfSSL_read(ssl, buf, MAXLINE); if (n > 0) { printf("%s\n", buf); - if (wolfSSL_write(ssl, response, strlen(response)) != strlen(response)) { + if (wolfSSL_write(ssl, response, strlen(response)) + != strlen(response)) { printf("Fatal error :respond: write error\n"); /* place signal for forced error exit here */ } @@ -95,12 +97,12 @@ void* wolfssl_thread(void* fd) printf("Fatal error : respond: read error\n"); /* place signal for forced error exit here */ } - + /* closes the connections after responding */ wolfSSL_shutdown(ssl); wolfSSL_free(ssl); if (close(connfd) == -1) { - printf("Fatal error : close error\n"); + printf("Fatal error : close error\n"); /* place signal for forced error exit here */ } @@ -118,18 +120,20 @@ int main() void* wolfssl_thread(void*); wolfSSL_Init(); - - if ((ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())) == NULL) - printf("Fatal error : wolfSSL_CTX_new error\n"); - /* use psk suite for security */ + if ((ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())) == NULL) { + printf("Fatal error : wolfSSL_CTX_new error\n"); + } + + /* use psk suite for security */ wolfSSL_CTX_set_psk_server_callback(ctx, my_psk_server_cb); wolfSSL_CTX_use_psk_identity_hint(ctx, "wolfssl server"); if (wolfSSL_CTX_set_cipher_list(ctx, "PSK-AES128-CBC-SHA256") - != SSL_SUCCESS) + != SSL_SUCCESS) { printf("Fatal error : server can't set cipher list"); + } - /* find a socket */ + /* find a socket */ listenfd = socket(AF_INET, SOCK_STREAM, 0); if (listenfd < 0) { printf("Fatal error : socket error"); @@ -145,17 +149,17 @@ int main() opt = 1; if (setsockopt(listenfd, SOL_SOCKET, SO_REUSEADDR, (const void *)&opt, sizeof(int))) { - return 1; + return 1; } - + if (bind(listenfd, (struct sockaddr *) &servAddr, sizeof(servAddr)) < 0) { printf("Fatal error : bind error"); - return 1; + return 1; } - + /* main loop for accepting and responding to clients */ for ( ; ; ) { - /* listen to the socket */ + /* listen to the socket */ if (listen(listenfd, LISTENQ) < 0) { printf("Fatal error : listen error"); return 1; @@ -171,13 +175,13 @@ int main() printf("Connection from %s, port %d\n", inet_ntop(AF_INET, &cliAddr.sin_addr, buff, sizeof(buff)), ntohs(cliAddr.sin_port)); - + if (pthread_create(&thread, NULL, &wolfssl_thread, (void*) &connfd) != 0) { - return 1; + return 1; } if (pthread_detach(thread) != 0) { - return 1; + return 1; } } } From 8bfdd52d09b5b5ae4aad0910b3a67dfc7ef4eaef Mon Sep 17 00:00:00 2001 From: Conner Date: Tue, 16 May 2017 15:40:10 -0600 Subject: [PATCH 03/10] Changed server-psk.c to more closely follow the coding standard. --- psk/server-psk.c | 40 +++++++++++++++++++++------------------- 1 file changed, 21 insertions(+), 19 deletions(-) diff --git a/psk/server-psk.c b/psk/server-psk.c index 5b89a22a..c941b349 100644 --- a/psk/server-psk.c +++ b/psk/server-psk.c @@ -1,6 +1,6 @@ /* server-psk.c - * A server ecample using a TCP connection with PSK security. - * + * A server ecample using a TCP connection with PSK security. + * * Copyright (C) 2006-2015 wolfSSL Inc. * * This file is part of wolfSSL. (formerly known as CyaSSL) @@ -36,10 +36,10 @@ #define LISTENQ 1024 #define SERV_PORT 11111 -/* +/* * Handles response to client. */ -int respond(WOLFSSL* ssl) +int Respond(WOLFSSL* ssl) { int n; /* length of string read */ char buf[MAXLINE]; /* string read from client */ @@ -64,14 +64,15 @@ int respond(WOLFSSL* ssl) /* * Identify which psk key to use. */ -static unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identity, unsigned char* key, - unsigned int key_max_len) +static unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identity, + unsigned char* key, unsigned int key_max_len) { (void)ssl; (void)key_max_len; - if (strncmp(identity, "Client_identity", 15) != 0) + if (strncmp(identity, "Client_identity", 15) != 0) { return 0; + } key[0] = 26; key[1] = 43; @@ -91,14 +92,14 @@ int main() WOLFSSL_CTX* ctx; wolfSSL_Init(); - + /* create ctx and configure certificates */ if ((ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())) == NULL) { printf("Fatal error : wolfSSL_CTX_new error\n"); return 1; } - - /* use psk suite for security */ + + /* use psk suite for security */ wolfSSL_CTX_set_psk_server_callback(ctx, my_psk_server_cb); wolfSSL_CTX_use_psk_identity_hint(ctx, "wolfssl server"); if (wolfSSL_CTX_set_cipher_list(ctx, "PSK-AES128-CBC-SHA256") @@ -114,7 +115,7 @@ int main() servAddr.sin_addr.s_addr = htonl(INADDR_ANY); servAddr.sin_port = htons(SERV_PORT); - /* find a socket */ + /* find a socket */ listenfd = socket(AF_INET, SOCK_STREAM, 0); if (listenfd < 0) { printf("Fatal error : socket error\n"); @@ -132,17 +133,17 @@ int main() printf("Fatal error : bind error\n"); return 1; } - - /* listen to the socket */ + + /* listen to the socket */ if (listen(listenfd, LISTENQ) < 0) { printf("Fatal error : listen error\n"); return 1; } - + /* main loop for accepting and responding to clients */ for ( ; ; ) { WOLFSSL* ssl; - + cliLen = sizeof(cliAddr); connfd = accept(listenfd, (struct sockaddr *) &cliAddr, &cliLen); if (connfd < 0) { @@ -153,20 +154,21 @@ int main() printf("Connection from %s, port %d\n", inet_ntop(AF_INET, &cliAddr.sin_addr, buff, sizeof(buff)), ntohs(cliAddr.sin_port)); - + /* create WOLFSSL object and respond */ if ((ssl = wolfSSL_new(ctx)) == NULL) { printf("Fatal error : wolfSSL_new error\n"); return 1; } wolfSSL_set_fd(ssl, connfd); - if (respond(ssl) != 0) + if (Respond(ssl) != 0) { return 1; - + } + /* closes the connections after responding */ wolfSSL_shutdown(ssl); wolfSSL_free(ssl); - + if (close(connfd) == -1) { printf("Fatal error : close error\n"); return 1; From 200708b5f513012b5bf2d77b6bbb02948fd2c4ce Mon Sep 17 00:00:00 2001 From: Conner Date: Tue, 16 May 2017 16:29:22 -0600 Subject: [PATCH 04/10] Finished changing the files in /psk to more closely follow the coding standard. --- psk/client-psk-nonblocking.c | 63 ++++++++++++++++-------------- psk/client-psk-resume.c | 43 ++++++++++---------- psk/client-psk.c | 42 ++++++++++---------- psk/client-tcp.c | 24 ++++++------ psk/server-psk-nonblocking.c | 76 +++++++++++++++++++++--------------- 5 files changed, 133 insertions(+), 115 deletions(-) diff --git a/psk/client-psk-nonblocking.c b/psk/client-psk-nonblocking.c index 0d221176..11dfdf13 100644 --- a/psk/client-psk-nonblocking.c +++ b/psk/client-psk-nonblocking.c @@ -36,7 +36,7 @@ #define SERV_PORT 11111 /* default port*/ /* - * enum used for tcp_select function + * enum used for tcp_select function */ enum { TEST_SELECT_FAIL, @@ -60,25 +60,28 @@ static inline int tcp_select(int socketfd, int to_sec) result = select(nfds, &recvfds, NULL, &errfds, &timeout); - if (result == 0) + if (result == 0) { return TEST_TIMEOUT; + } else if (result > 0) { - if (FD_ISSET(socketfd, &recvfds)) + if (FD_ISSET(socketfd, &recvfds)) { return TEST_RECV_READY; - else if(FD_ISSET(socketfd, &errfds)) + } + else if(FD_ISSET(socketfd, &errfds)) { return TEST_ERROR_READY; + } } return TEST_SELECT_FAIL; } /* - * sets up and uses nonblocking protocols using wolfssl + * sets up and uses nonblocking protocols using wolfssl */ static int NonBlockingSSL_Connect(WOLFSSL* ssl) { int ret, error, sockfd, select_ret, currTimeout; - + ret = wolfSSL_connect(ssl); error = wolfSSL_get_error(ssl, 0); sockfd = (int)wolfSSL_get_fd(ssl); @@ -87,10 +90,12 @@ static int NonBlockingSSL_Connect(WOLFSSL* ssl) error == SSL_ERROR_WANT_WRITE)) { currTimeout = 1; - if (error == SSL_ERROR_WANT_READ) + if (error == SSL_ERROR_WANT_READ) { printf("... client would read block\n"); - else + } + else { printf("... client would write block\n"); + } select_ret = tcp_select(sockfd, currTimeout); @@ -118,7 +123,7 @@ static int NonBlockingSSL_Connect(WOLFSSL* ssl) *psk client set up. */ static inline unsigned int My_Psk_Client_Cb(WOLFSSL* ssl, const char* hint, - char* identity, unsigned int id_max_len, unsigned char* key, + char* identity, unsigned int id_max_len, unsigned char* key, unsigned int key_max_len) { (void)ssl; @@ -139,20 +144,20 @@ static inline unsigned int My_Psk_Client_Cb(WOLFSSL* ssl, const char* hint, } /* - * this function will send the inputted string to the server and then + * this function will send the inputted string to the server and then * recieve the string from the server outputing it to the termial - */ + */ int SendReceive(WOLFSSL* ssl) { char sendline[MAXLINE]="Hello Server"; /* string to send to the server */ char recvline[MAXLINE]; /* string received from the server */ - + /* write string to the server */ if (wolfSSL_write(ssl, sendline, MAXLINE) != sizeof(sendline)) { printf("Write Error to Server\n"); return 1; } - + /* flags if the Server stopped before the client could end */ if (wolfSSL_read(ssl, recvline, MAXLINE) < 0 ) { printf("Client: Server Terminated Prematurely!\n"); @@ -161,7 +166,7 @@ int SendReceive(WOLFSSL* ssl) /* show message from the server */ printf("Server Message: %s\n", recvline); - + return 0; } @@ -177,20 +182,20 @@ int main(int argc, char **argv) printf("Usage: tcpClient \n"); return 1; } - + wolfSSL_Init(); /* initialize wolfSSL */ - - + + /* create and initialize WOLFSSL_CTX structure */ if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL) { fprintf(stderr, "SSL_CTX_new error.\n"); return 1; - } - + } + /* create a stream socket using tcp,internet protocal IPv4, * full-duplex stream */ sockfd = socket(AF_INET, SOCK_STREAM, 0); - + /* places n zero-valued bytes in the address servaddr */ memset(&servaddr, 0, sizeof(servaddr)); @@ -199,23 +204,23 @@ int main(int argc, char **argv) /* converts IPv4 addresses from text to binary form */ ret = inet_pton(AF_INET, argv[1], &servaddr.sin_addr); - + if (ret != 1) { printf("inet_pton error\n"); return 1; } - + /* set up pre shared keys */ wolfSSL_CTX_set_psk_client_callback(ctx,My_Psk_Client_Cb); /* attempts to make a connection on a socket */ ret = connect(sockfd, (struct sockaddr *) &servaddr, sizeof(servaddr)); - + if (ret != 0) { printf("Connection Error\n"); return 1; } - + /* create wolfSSL object after each tcp connect */ if ((ssl = wolfSSL_new(ctx)) == NULL) { fprintf(stderr, "wolfSSL_new error.\n"); @@ -228,7 +233,7 @@ int main(int argc, char **argv) /* tell wolfSSL that nonblocking is going to be used */ wolfSSL_set_using_nonblock(ssl, 1); - /* invokes the fcntl callable service to get the file status + /* invokes the fcntl callable service to get the file status * flags for a file. checks if it returns an error, if it does * stop program */ int flags = fcntl(sockfd, F_GETFL, 0); @@ -238,8 +243,8 @@ int main(int argc, char **argv) } /* invokes the fcntl callable service to set file status flags. - * Do not block an open, a read, or a write on the file - * (do not wait for terminal input. If an error occurs, + * Do not block an open, a read, or a write on the file + * (do not wait for terminal input. If an error occurs, * stop program*/ flags = fcntl(sockfd, F_SETFL, flags | O_NONBLOCK); if (flags < 0) { @@ -262,11 +267,11 @@ int main(int argc, char **argv) /* cleanup */ wolfSSL_free(ssl); - /* when completely done using SSL/TLS, free the + /* when completely done using SSL/TLS, free the * wolfssl_ctx object */ wolfSSL_CTX_free(ctx); wolfSSL_Cleanup(); - + return ret; } diff --git a/psk/client-psk-resume.c b/psk/client-psk-resume.c index 35746c3d..000361fc 100644 --- a/psk/client-psk-resume.c +++ b/psk/client-psk-resume.c @@ -40,7 +40,7 @@ *psk client set up. */ static inline unsigned int My_Psk_Client_Cb(WOLFSSL* ssl, const char* hint, - char* identity, unsigned int id_max_len, unsigned char* key, + char* identity, unsigned int id_max_len, unsigned char* key, unsigned int key_max_len) { (void)ssl; @@ -61,20 +61,20 @@ static inline unsigned int My_Psk_Client_Cb(WOLFSSL* ssl, const char* hint, } /* - * this function will send the inputted string to the server and then + * this function will send the inputted string to the server and then * recieve the string from the server outputing it to the termial - */ + */ int SendReceive(WOLFSSL* ssl) { char sendline[MAXLINE]="Hello Server"; /* string to send to the server */ char recvline[MAXLINE]; /* string received from the server */ - + /* write string to the server */ if (wolfSSL_write(ssl, sendline, MAXLINE) != sizeof(sendline)) { printf("Write Error to Server\n"); return 1; } - + /* flags if the Server stopped before the client could end */ if (wolfSSL_read(ssl, recvline, MAXLINE) < 0 ) { printf("Client: Server Terminated Prematurely!\n"); @@ -83,12 +83,12 @@ int SendReceive(WOLFSSL* ssl) /* show message from the server */ printf("Server Message: %s\n", recvline); - - return 0; + + return 0; } int main(int argc, char **argv){ - + int sockfd, sock, ret; WOLFSSL* ssl; WOLFSSL* sslResume = 0; @@ -101,19 +101,19 @@ int main(int argc, char **argv){ printf("Usage: tcpClient \n"); return 1; } - + wolfSSL_Init(); /* initialize wolfSSL */ - + /* create and initialize WOLFSSL_CTX structure */ if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL) { fprintf(stderr, "SSL_CTX_new error.\n"); return 1; } - + /* create a stream socket using tcp,internet protocal IPv4, * full-duplex stream */ sockfd = socket(AF_INET, SOCK_STREAM, 0); - + /* places n zero-valued bytes in the address servaddr */ memset(&servaddr, 0, sizeof(servaddr)); @@ -122,11 +122,11 @@ int main(int argc, char **argv){ /* converts IPv4 addresses from text to binary form */ ret = inet_pton(AF_INET, argv[1], &servaddr.sin_addr); - + if (ret != 1){ return 1; } - + /* set up pre shared keys */ wolfSSL_CTX_set_psk_client_callback(ctx, My_Psk_Client_Cb); @@ -135,7 +135,7 @@ int main(int argc, char **argv){ if (ret != 0 ){ return 1; } - + /* create wolfSSL object after each tcp connect */ if ( (ssl = wolfSSL_new(ctx)) == NULL) { fprintf(stderr, "wolfSSL_new error.\n"); @@ -164,15 +164,15 @@ int main(int argc, char **argv){ wolfSSL_Cleanup(); /* - * resume session, start new connection and socket + * resume session, start new connection and socket */ /* start a new socket connection */ sock = socket(AF_INET, SOCK_STREAM, 0); - + /* connect to the socket */ ret = connect(sock, (struct sockaddr *) &servaddr, sizeof(servaddr)); - + if (ret != 0){ return 1; } @@ -194,8 +194,9 @@ int main(int argc, char **argv){ } /* check to see if the session id is being reused */ - if (wolfSSL_session_reused(sslResume)) + if (wolfSSL_session_reused(sslResume)) { printf("reused session id\n"); + } else printf("didn't reuse session id!!!\n"); @@ -206,9 +207,9 @@ int main(int argc, char **argv){ close(sock); /* clean up */ - wolfSSL_free(sslResume); + wolfSSL_free(sslResume); wolfSSL_CTX_free(ctx); wolfSSL_Cleanup(); - + return ret; } diff --git a/psk/client-psk.c b/psk/client-psk.c index 62cdd0c7..cbaf6f71 100755 --- a/psk/client-psk.c +++ b/psk/client-psk.c @@ -38,7 +38,7 @@ *psk client set up. */ static inline unsigned int My_Psk_Client_Cb(WOLFSSL* ssl, const char* hint, - char* identity, unsigned int id_max_len, unsigned char* key, + char* identity, unsigned int id_max_len, unsigned char* key, unsigned int key_max_len) { (void)ssl; @@ -59,20 +59,20 @@ static inline unsigned int My_Psk_Client_Cb(WOLFSSL* ssl, const char* hint, } /* - * this function will send the inputted string to the server and then + * this function will send the inputted string to the server and then * recieve the string from the server outputing it to the termial - */ + */ int SendReceive(WOLFSSL* ssl) { char sendline[MAXLINE]="Hello Server"; /* string to send to the server */ char recvline[MAXLINE]; /* string received from the server */ - + /* write string to the server */ if (wolfSSL_write(ssl, sendline, MAXLINE) != sizeof(sendline)) { printf("Write Error to Server\n"); return 1; } - + /* flags if the Server stopped before the client could end */ if (wolfSSL_read(ssl, recvline, MAXLINE) < 0 ) { printf("Client: Server Terminated Prematurely!\n"); @@ -81,7 +81,7 @@ int SendReceive(WOLFSSL* ssl) /* show message from the server */ printf("Server Message: %s\n", recvline); - + return 0; } @@ -97,19 +97,19 @@ int main(int argc, char **argv) printf("Usage: tcpClient \n"); return 1; } - + wolfSSL_Init(); /* initialize wolfSSL */ - + /* create and initialize WOLFSSL_CTX structure */ if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL) { fprintf(stderr, "SSL_CTX_new error.\n"); return 1; } - + /* create a stream socket using tcp,internet protocal IPv4, * full-duplex stream */ sockfd = socket(AF_INET, SOCK_STREAM, 0); - + /* places n zero-valued bytes in the address servaddr */ memset(&servaddr, 0, sizeof(servaddr)); @@ -120,44 +120,44 @@ int main(int argc, char **argv) ret = inet_pton(AF_INET, argv[1], &servaddr.sin_addr); if (ret != 1) { - printf("inet_pton error\n"); + printf("inet_pton error\n"); return 1; } - + /* set up pre shared keys */ wolfSSL_CTX_set_psk_client_callback(ctx, My_Psk_Client_Cb); - + /* attempts to make a connection on a socket */ ret = connect(sockfd, (struct sockaddr *) &servaddr, sizeof(servaddr)); - + if (ret != 0) { printf("Connection Error\n"); return 1; } - + /* creat wolfssl object after each tcp connct */ if ( (ssl = wolfSSL_new(ctx)) == NULL) { fprintf(stderr, "wolfSSL_new error.\n"); return 1; } - + /* associate the file descriptor with the session */ ret = wolfSSL_set_fd(ssl, sockfd); - - if (ret != SSL_SUCCESS){ + + if (ret != SSL_SUCCESS) { return 1; } - + /* takes inputting string and outputs it to the server */ ret = SendReceive(ssl); - if(ret != 0){ + if (ret != 0) { return 1; } /* cleanup */ wolfSSL_free(ssl); - /* when completely done using SSL/TLS, free the + /* when completely done using SSL/TLS, free the * wolfssl_ctx object */ wolfSSL_CTX_free(ctx); wolfSSL_Cleanup(); diff --git a/psk/client-tcp.c b/psk/client-tcp.c index 3e4658ab..6ea36f23 100644 --- a/psk/client-tcp.c +++ b/psk/client-tcp.c @@ -34,9 +34,9 @@ #define SERV_PORT 11111 /* - * this function will send the inputted string to the server and then + * this function will send the inputted string to the server and then * recieve the string from the server outputing it to the termial - */ + */ int SendReceive(int sockfd) { char sendline[MAXLINE]="Hello Server"; /* string to send to the server */ @@ -47,21 +47,21 @@ int SendReceive(int sockfd) printf("Write Error to Server\n"); return 1; } - - /* flags if the server stopped before the client could end */ + + /* flags if the server stopped before the client could end */ if (read(sockfd, recvline, MAXLINE) == 0) { printf("Client: Server Terminated Prematurely!\n"); return 1; } printf("Server Message: %s\n", recvline); - + return 0; } int main(int argc, char **argv) { - int sockfd, ret; + int sockfd, ret; struct sockaddr_in servaddr; /* must include an ip address or this will flag */ @@ -72,17 +72,17 @@ int main(int argc, char **argv) /* create a stream socket using tcp,internet protocal IPv4, * full-duplex stream */ - sockfd = socket(AF_INET, SOCK_STREAM, 0); + sockfd = socket(AF_INET, SOCK_STREAM, 0); /* places n zero-valued bytes in the address servaddr */ memset(&servaddr, 0, sizeof(servaddr)); servaddr.sin_family = AF_INET; - servaddr.sin_port = htons(SERV_PORT); + servaddr.sin_port = htons(SERV_PORT); /* converts IPv4 addresses from text to binary form */ ret = inet_pton(AF_INET, argv[1], &servaddr.sin_addr); - + if (ret != 1) { printf("Not a Valid network address"); return 1; @@ -90,11 +90,11 @@ int main(int argc, char **argv) /* attempts to make a connection on a socket */ ret = connect(sockfd, (struct sockaddr *) &servaddr, sizeof(servaddr)); - + if (ret != 0) { return 1; } - + /* takes inputting string and outputs it to the server */ ret = SendReceive(sockfd); if (ret != 0){ @@ -103,6 +103,6 @@ int main(int argc, char **argv) } /* close socket and connection */ close(sockfd); - + return ret; } diff --git a/psk/server-psk-nonblocking.c b/psk/server-psk-nonblocking.c index 23cc6085..aa123e63 100644 --- a/psk/server-psk-nonblocking.c +++ b/psk/server-psk-nonblocking.c @@ -1,6 +1,6 @@ /* server-psk-nonblocking.c - * A server ecample using a TCP connection with PSK security and non blocking. - * + * A server ecample using a TCP connection with PSK security and non blocking. + * * Copyright (C) 2006-2015 wolfSSL Inc. * * This file is part of wolfSSL. (formerly known as CyaSSL) @@ -58,7 +58,7 @@ int tcp_select(int sockfd, int to_sec) int nfds = sockfd + 1; struct timeval timeout = {to_sec, 0}; int result; - + /* reset socket values */ FD_ZERO(&recvfds); FD_SET(sockfd, &recvfds); @@ -68,13 +68,16 @@ int tcp_select(int sockfd, int to_sec) result = select(nfds, &recvfds, NULL, &errfds, &timeout); /* logic for which enumerated value is returned */ - if (result == 0) + if (result == 0) { return TEST_TIMEOUT; + } else if (result > 0) { - if (FD_ISSET(sockfd, &recvfds)) + if (FD_ISSET(sockfd, &recvfds)) { return TEST_RECV_READY; - else if (FD_ISSET(sockfd, &errfds)) + } + else if (FD_ISSET(sockfd, &errfds)) { return TEST_ERROR_READY; + } } return TEST_SELECT_FAIL; @@ -84,7 +87,7 @@ int tcp_select(int sockfd, int to_sec) /* * Pulled in from examples/server/server.c * Function to handle nonblocking. Loops until tcp_select notifies that it's - * ready for action. + * ready for action. */ int NonBlockingSSL(WOLFSSL* ssl) { @@ -99,15 +102,17 @@ int NonBlockingSSL(WOLFSSL* ssl) int currTimeout = 1; /* print out for user notification */ - if (error == SSL_ERROR_WANT_READ) + if (error == SSL_ERROR_WANT_READ) { printf("... server would read block\n"); - else + } + else { printf("... server would write block\n"); + } select_ret = tcp_select(sockfd, currTimeout); - + /* if tcp_select signals ready try to accept otherwise continue loop*/ - if ((select_ret == TEST_RECV_READY) || + if ((select_ret == TEST_RECV_READY) || (select_ret == TEST_ERROR_READY)) { ret = wolfSSL_accept(ssl); error = wolfSSL_get_error(ssl, 0); @@ -129,10 +134,10 @@ int NonBlockingSSL(WOLFSSL* ssl) } -/* +/* * Handles response to client. */ -int respond(WOLFSSL* ssl) +int Respond(WOLFSSL* ssl) { int n; /* length of string read */ char buf[MAXLINE]; /* string read from client */ @@ -140,17 +145,21 @@ int respond(WOLFSSL* ssl) memset(buf, 0, MAXLINE); do { - if (NonBlockingSSL(ssl) != SSL_SUCCESS) + if (NonBlockingSSL(ssl) != SSL_SUCCESS) { return 1; + } + n = wolfSSL_read(ssl, buf, MAXLINE); if (n > 0) { printf("%s\n", buf); - } + } } while(n < 0); - - if (NonBlockingSSL(ssl) != SSL_SUCCESS) + + if (NonBlockingSSL(ssl) != SSL_SUCCESS) { return 1; + } + if (wolfSSL_write(ssl, response, strlen(response)) != strlen(response)) { printf("Fatal error : respond: write error\n"); return 1; @@ -168,8 +177,9 @@ static inline unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identity, (void)ssl; (void)key_max_len; - if (strncmp(identity, "Client_identity", 15) != 0) + if (strncmp(identity, "Client_identity", 15) != 0) { return 0; + } key[0] = 26; key[1] = 43; @@ -190,20 +200,21 @@ int main() WOLFSSL_CTX* ctx; wolfSSL_Init(); - + if ((ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())) == NULL) { printf("Fatal error : wolfSSL_CTX_new error\n"); return 1; } - /* use psk suite for security */ + /* use psk suite for security */ wolfSSL_CTX_set_psk_server_callback(ctx, my_psk_server_cb); wolfSSL_CTX_use_psk_identity_hint(ctx, "wolfssl server"); if (wolfSSL_CTX_set_cipher_list(ctx, "PSK-AES128-CBC-SHA256") - != SSL_SUCCESS) + != SSL_SUCCESS) { printf("Fatal error : server can't set cipher list\n"); + } - /* find a socket */ + /* find a socket */ listenfd = socket(AF_INET, SOCK_STREAM, 0); if (listenfd < 0) { printf("Fatal error : socket error\n"); @@ -221,40 +232,40 @@ int main() if (setsockopt(listenfd, SOL_SOCKET, SO_REUSEADDR, (const void*)&opt, sizeof(int)) != 0) { printf("Fatal error : setsockopt errer"); - return 1; + return 1; } if (bind(listenfd, (struct sockaddr *) &servAddr, sizeof(servAddr)) < 0) { printf("Fatal error : bind error\n"); return 1; } - + /* main loop for accepting and responding to clients */ for ( ; ; ) { WOLFSSL* ssl; - - /* listen to the socket */ + + /* listen to the socket */ if (listen(listenfd, LISTENQ) < 0) { printf("Fatal error : listen error\n"); return 1; } - + cliLen = sizeof(cliAddr); connfd = accept(listenfd, (struct sockaddr *) &cliAddr, &cliLen); if (connfd < 0) { if (errno != EINTR) { printf("Fatal error : accept error\n"); - return 1; + return 1; } } else { printf("Connection from %s, port %d\n", inet_ntop(AF_INET, &cliAddr.sin_addr, buff, sizeof(buff)), ntohs(cliAddr.sin_port)); - + /* create WOLFSSL object */ if ((ssl = wolfSSL_new(ctx)) == NULL) { printf("Fatal error : wolfSSL_new error\n"); - return 1; + return 1; } wolfSSL_set_fd(ssl, connfd); @@ -264,9 +275,10 @@ int main() printf("Fatal error : fcntl set failed\n"); return 1; } - if (respond(ssl) != 0) + if (Respond(ssl) != 0) { printf("Fatal error : respond error\n"); return 1; + } /* closes the connections after responding */ wolfSSL_shutdown(ssl); @@ -280,7 +292,7 @@ int main() /* free up memory used by wolfssl */ wolfSSL_CTX_free(ctx); wolfSSL_Cleanup(); - + return 0; } From e71ac27212dd4ab711e946f31ab476b6e9efe3ce Mon Sep 17 00:00:00 2001 From: Conner Date: Thu, 18 May 2017 09:08:34 -0600 Subject: [PATCH 05/10] Changed --enable-3des to --enable--des3 in README --- crypto/3des/README | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/crypto/3des/README b/crypto/3des/README index af31826c..a8a60bd1 100644 --- a/crypto/3des/README +++ b/crypto/3des/README @@ -1,11 +1,10 @@ How to use 3des-file-encrypt.c -1) a. Compile wolfSSL with ./configure --enable-pwdbased --enable-3des, run +1) a. Compile wolfSSL with ./configure --enable-pwdbased --enable-des3, run 'make', and then install by typing 'sudo make install'. b. In the crypto/3des directory run the Makefile by typing 'make'. 2) Make a file to encode. Can be any file (ex. .txt .in .out .file etc.) 3) run the excecutable, for help run with -h flag. Basic command is as follows: - ./3des-file-encrypt <-option> KeySize examples: 56, 112, or 168 From ead710ce8bbce335921740a9d3c963fa8a46019d Mon Sep 17 00:00:00 2001 From: Conner Date: Mon, 22 May 2017 10:36:43 -0600 Subject: [PATCH 06/10] Fixed typo in error message for server-psk.c --- psk/server-psk.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/psk/server-psk.c b/psk/server-psk.c index c941b349..2d46d0d1 100644 --- a/psk/server-psk.c +++ b/psk/server-psk.c @@ -54,7 +54,7 @@ int Respond(WOLFSSL* ssl) } } if (n < 0) { - printf("Fatal error :espond: read error\n"); + printf("Fatal error :respond: read error\n"); return 1; } From 5f0d83c24a9a15ef7ec811d75e08c567517f1fd1 Mon Sep 17 00:00:00 2001 From: Conner Date: Tue, 23 May 2017 14:08:21 -0600 Subject: [PATCH 07/10] Fixed write error to server in client-tcp.c --- psk/client-tcp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/psk/client-tcp.c b/psk/client-tcp.c index 6ea36f23..6d679de4 100644 --- a/psk/client-tcp.c +++ b/psk/client-tcp.c @@ -43,7 +43,7 @@ int SendReceive(int sockfd) char recvline[MAXLINE]; /* string received from the server */ /* write string to the server */ - if (write(sockfd, sendline, strlen(sendline)) != sizeof(sendline)) { + if (write(sockfd, sendline, strlen(sendline)) != strlen(sendline)) { printf("Write Error to Server\n"); return 1; } From 9adb1a757f293a2cecca36c3d02cd9846ec24791 Mon Sep 17 00:00:00 2001 From: Conner Date: Fri, 26 May 2017 09:22:07 -0600 Subject: [PATCH 08/10] Cleaned up README tutorial fixing mistakes and better explaining sections that needed it --- psk/README.md | 99 ++++++++++++++++++++++++++------------------------- 1 file changed, 51 insertions(+), 48 deletions(-) diff --git a/psk/README.md b/psk/README.md index fee4c2e5..51b1de4d 100644 --- a/psk/README.md +++ b/psk/README.md @@ -9,11 +9,12 @@ TCP/PSK Tutorial ``read(sockfd, recvline, MAXLINE)`` becomes ``wolfSSL_read(ssl, recvline, MAXLINE)`` -3. Change all calls from write() or send() to CySSL_write(), in the simple client +3. Change all calls from write() or send() to wolfSSL_write(), in the simple client - ``write(socked, send line,strlen(send line))`` becomes ``wolfSSL_write(ssl, send line, strlen(sendline))`` + ``write(socked, sendline, strlen(sendline))`` becomes ``wolfSSL_write(ssl, sendline, strlen(sendline))`` -4. In the main method initialize wolfSSL and WOLFSSL_CTX. +4. In the main method initialize wolfSSL and WOLFSSL_CTX. You must initialize wolfSSL before making any other wolfSSL calls. + wolfSSL_CTX_new() takes an argument that defines what SSL/TLS protocol to use. In this case ``wolfTLSv1_2_client_method()`` is used to specify TLS 1.2. wolfSSL_Init(); @@ -35,10 +36,11 @@ TCP/PSK Tutorial return 1; } -6. Cleanup. After each wolfSSL object is done being used you can free it up by calling ``wolfSSL_free(ssl);`` +6. Cleanup. After each wolfSSL object is done being used you can free it up by calling ``wolfSSL_free(ssl);``. + 7. When completely done using SSL/TLS, free the WOLFSSL_CTX object by - ``wolfSSL_CTX_free(CTX);`` + ``wolfSSL_CTX_free(ctx);`` ``wolfSSL_Cleanup();`` @@ -82,7 +84,7 @@ TCP/PSK Tutorial 2. After the function ``wolfSSL_set_fd(ssl,sockfd)``, tell wolfSSL that you want non-blocking to be used. This is done by adding : `` wolfSSL_set_using_nonblock(ssl,1);`` -3. Now we much invoke the fcnt callable serve to use non-blocking. +3. Now we must invoke the fcntl callable serve to use non-blocking. int flags = fcntl(sockfd, F_GETFL, 0); if (flags < 0) { @@ -190,7 +192,7 @@ Session resumption allows a client/server pair to re-use previously generated cr WOLFSSL_SESSION* session = wolfSSL_get_session(ssl); WOLFSSL* sslResume = wolfSSL_new(ctx); -2. Now we must close wolfSSL SSL and close connections. Alos free the socket and ctx. +2. Now we must close wolfSSL SSL and close connections i.e. free the socket and ctx. /* shut down wolfSSL */ wolfSSL_shutdown(ssl); @@ -206,17 +208,17 @@ Session resumption allows a client/server pair to re-use previously generated cr 3. Now we are ready to reconnect and start a new socket but we are going to reuse the session id to make things go a little faster. - sock = socket(AF_INET, SOCK_STREAM, 0); + sockfd = socket(AF_INET, SOCK_STREAM, 0); /* connect to the socket */ - ret = connect(sock, (struct sockaddr *) &servaddr, sizeof(servaddr)); + ret = connect(sockfd, (struct sockaddr *) &servaddr, sizeof(servaddr)); if (ret != 0){ return 1; } /* set the session ID to connect to the server */ - wolfSSL_set_fd(sslResume, sock); + wolfSSL_set_fd(sslResume, sockfd); wolfSSL_set_session(sslResume, session); 4. Check if the connect was successful. @@ -243,7 +245,7 @@ Session resumption allows a client/server pair to re-use previously generated cr wolfSSL_shutdown(sslResume); /* shut down socket */ - close(sock); + close(sockfd); /* clean up */ wolfSSL_free(sslResume); @@ -261,13 +263,14 @@ Session resumption allows a client/server pair to re-use previously generated cr >(wolfSSL_read on first use also calls wolfSSL_accept if not explicitly called earlier in code.) -3. Change all calls from write() or send() to CySSL_write(), in the simple server +3. Change all calls from write() or send() to wolfSSL_write(), in the simple server ``write(sockfd, sendline, strlen(sendline))`` becomes ``wolfSSL_write(ssl, sendline, strlen(sendline))`` 4. Run the wolfSSL method to initalize wolfSSL ``wolfSSL_Init()`` -5. Create a ctx pointer that contains using the following process. +5. Create a ctx pointer that contains a server method using the following process. The server method wolfSSLv23_server_method() + allows clients with TLS 1+ to connect. ``` WOLFSSL_CTX* ctx; @@ -280,7 +283,7 @@ Session resumption allows a client/server pair to re-use previously generated cr ``` WOLFSSL* ssl; - wolfSSL_set_fd(ssl, “integer returned from accept”); + wolfSSL_set_fd(ssl, “integer (file descriptor) returned from accept”); wolfSSL_free(ssl); @@ -310,9 +313,9 @@ The following steps are on how to use PSK in a wolfSSL server >PSK-AES128-CBC-SHA256 creates the cipher list of having pre shared keys with advanced encryption security using 128 bit key >with cipher block chaining using secure hash algorithm. -3. Add the my_psk_server_cb function as follows. This is a function needed that is passed in as an argument to the wolfSSL callback. +3. Add the my_psk_server_cb function as follows. This is a necessary function that is passed in as an argument to the wolfSSL callback. -``` + ``` static inline unsigned int my_psk_client_cb(WOLFSSL* ssl, char* identity, unsigned char* key, unsigned int key_max_len) { (void)ssl; @@ -330,12 +333,12 @@ The following steps are on how to use PSK in a wolfSSL server return 4; } -``` + ``` Example Makefile for Simple wolfSSL PSK Client: -``` + ``` CC=gcc OBJ = client-psk.o CFLAG=-Wall @@ -350,19 +353,19 @@ Example Makefile for Simple wolfSSL PSK Client: clean: rm -f *.o client-psk -``` + ``` The -lwolfssl will link the wolfSSL Libraries to your program -The makefile for the server is going to be similar to that of the client. If the user wants separate makefiles just make a use the same set up of the client makefile and replace every instance of client-psk with server-psk. To combine make files just add a server-psk with similar ending to each time client-psk is referenced and change the target. There will also need to be a target for when compiling all targets. +The makefile for the server is going to be similar to that of the client. If the user wants separate makefiles just make and use the same set up of the client makefile and replace every instance of client-psk with server-psk. To combine make files just add a server-psk with similar ending to each time client-psk is referenced and change the target. There will also need to be a target for when compiling all targets. -``` + ``` all: server-psk client-psk server-psk: server-psk.c $(CC) -Wall -o server-psk server-psk.c -lwolfssl -``` + ``` ## Nonblocking psk ###### What is nonblocking? @@ -411,7 +414,7 @@ When a socket is setup as non-blocking, reads and writes to the socket do not ca -5. Before adding the NonblockingSSL_Connect function into our code we much add a tcp_select function that will be used by the NonblockingSSL_Connect. This is done by adding: +5. Before adding the NonblockingSSL_Connect function into our code we must add a tcp_select function that will be used by the NonblockingSSL_Connect. This is done by adding: ``` /* @@ -426,29 +429,28 @@ When a socket is setup as non-blocking, reads and writes to the socket do not ca static inline int tcp_select(int socketfd, int to_sec) { -    fd_set recvfds, errfds; -    int nfds = socketfd + 1; -    struct timeval timeout = { (to_sec > 0) ? to_sec : 0, 0}; -    int result; - -    FD_ZERO(&recvfds); -    FD_SET(socketfd, &recvfds); -    FD_ZERO(&errfds); -    FD_SET(socketfd, &errfds); - -    result = select(nfds, &recvfds, NULL, &errfds, &timeout); - -    if (result == 0) -        return TEST_TIMEOUT; -    else if (result > 0) { -        if (FD_ISSET(socketfd, &recvfds)) -            return TEST_RECV_READY; -        else if(FD_ISSET(socketfd, &errfds)) -            return TEST_ERROR_READY; -    } - -    return TEST_SELECT_FAIL; - } +    fd_set recvfds, errfds; +    int nfds = socketfd + 1; + struct timeval timeout = { (to_sec > 0) ? to_sec : 0, 0}; + int result; + + FD_ZERO(&recvfds); + FD_SET(socketfd, &recvfds); + FD_ZERO(&errfds); + FD_SET(socketfd, &errfds); + + result = select(nfds, &recvfds, NULL, &errfds, &timeout); + + if (result == 0) +      return TEST_TIMEOUT; + else if (result > 0) { +      if (FD_ISSET(socketfd, &recvfds)) +          return TEST_RECV_READY; +      else if(FD_ISSET(socketfd, &errfds)) +          return TEST_ERROR_READY; + } +     return TEST_SELECT_FAIL; + } ``` @@ -494,7 +496,7 @@ When a socket is setup as non-blocking, reads and writes to the socket do not ca } } ``` -##Tutorial for adding nonblocking to a Server. +## Tutorial for adding nonblocking to a Server. Nonblocking on the server side allows for switching between multiple client connections when reading and writing without closing them. @@ -511,6 +513,7 @@ Nonblocking on the server side allows for switching between multiple client conn >Both F_SETFL and O_NONBLOCK are constants from the fcntl.h file. 4. Include a function to select tcp. What this function does is it checks file descriptors for readiness of reading, writing, for pending exceptions, and for timeout. The timeout variable needs to point to struct timeval type. If the timeval members are 0 then the function does not block. The function and its input parameters are listed below. + ``select(int nfds, fd_set* read, fd_set* write, fd_set* exception, struct timeval* time)`` >For the example server we do not consider write when selecting the tcp so it is set to NULL. For ease the example code uses enumerated values for which state the function select returns. This then makes the next loop discussed easier. @@ -591,4 +594,4 @@ The main thread accepts clients and for each client accepted a new thread is spa } ``` -5. Void* arg is the argument that gets passed into wolfssal_thread when pthread_create is called. In this example that argument is used to pass the socket value that the client for the current thread is on. +5. Void* arg is the argument that gets passed into wolfssl_thread when pthread_create is called. In this example that argument is used to pass the socket value that the client for the current thread is on. From cc5286594d49ed53b84972b74b9821d1a1ba814e Mon Sep 17 00:00:00 2001 From: Conner Date: Fri, 26 May 2017 10:50:00 -0600 Subject: [PATCH 09/10] Fixed client-psk-resume error in which it did not resume with last session --- psk/README.md | 8 ++++---- psk/client-psk-resume.c | 5 ++--- 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/psk/README.md b/psk/README.md index 51b1de4d..0efb6934 100644 --- a/psk/README.md +++ b/psk/README.md @@ -208,17 +208,17 @@ Session resumption allows a client/server pair to re-use previously generated cr 3. Now we are ready to reconnect and start a new socket but we are going to reuse the session id to make things go a little faster. - sockfd = socket(AF_INET, SOCK_STREAM, 0); + sock = socket(AF_INET, SOCK_STREAM, 0); /* connect to the socket */ - ret = connect(sockfd, (struct sockaddr *) &servaddr, sizeof(servaddr)); + ret = connect(sock, (struct sockaddr *) &servaddr, sizeof(servaddr)); if (ret != 0){ return 1; } /* set the session ID to connect to the server */ - wolfSSL_set_fd(sslResume, sockfd); + wolfSSL_set_fd(sslResume, sock); wolfSSL_set_session(sslResume, session); 4. Check if the connect was successful. @@ -245,7 +245,7 @@ Session resumption allows a client/server pair to re-use previously generated cr wolfSSL_shutdown(sslResume); /* shut down socket */ - close(sockfd); + close(sock); /* clean up */ wolfSSL_free(sslResume); diff --git a/psk/client-psk-resume.c b/psk/client-psk-resume.c index 000361fc..6bb7f2b5 100644 --- a/psk/client-psk-resume.c +++ b/psk/client-psk-resume.c @@ -158,10 +158,9 @@ int main(int argc, char **argv){ /* close connection */ close(sockfd); - /* cleanup */ + /* cleanup without wolfSSL_Cleanup() for now */ wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); - wolfSSL_Cleanup(); /* * resume session, start new connection and socket @@ -206,7 +205,7 @@ int main(int argc, char **argv){ /* shut down socket */ close(sock); - /* clean up */ + /* clean up now with wolfSSL_Cleanup() */ wolfSSL_free(sslResume); wolfSSL_CTX_free(ctx); wolfSSL_Cleanup(); From cc31940bff5966a65f38eb22bccec266c251b804 Mon Sep 17 00:00:00 2001 From: Conner Date: Fri, 26 May 2017 15:19:27 -0600 Subject: [PATCH 10/10] Final read through and adjustments to README --- psk/README.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/psk/README.md b/psk/README.md index 0efb6934..788ea3b0 100644 --- a/psk/README.md +++ b/psk/README.md @@ -200,10 +200,9 @@ Session resumption allows a client/server pair to re-use previously generated cr /* close connection */ close(sockfd); - /* cleanup */ + /* cleanup without wolfSSL_Cleanup() for now */ wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); - wolfSSL_Cleanup(); 3. Now we are ready to reconnect and start a new socket but we are going to reuse the session id to make things go a little faster. @@ -247,7 +246,7 @@ Session resumption allows a client/server pair to re-use previously generated cr /* shut down socket */ close(sock); - /* clean up */ + /* clean up now with wolfSSL_Cleanup() */ wolfSSL_free(sslResume); wolfSSL_CTX_free(ctx); wolfSSL_Cleanup();