WolfSSL
/
wolfssl-examples
mirror of https://github.com/wolfSSL/wolfssl-examples.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Updated tls from cyassl to wolfssl, updating headers

pull/8/head
Nickolas Lapp 2015-05-26 10:52:42 -06:00
parent de2b31f1cd
commit 336ba1515d
11 changed files with 423 additions and 427 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

88
tls/client-callback.c
View File

@ -1,15 +1,15 @@
/* client.c
/* client-callback.c
*
* Copyright (C) 2006-2014 wolfSSL Inc.
* Copyright (C) 2006-2015 wolfSSL Inc.
*
* This file is part of CyaSSL.
* This file is part of wolfSSL. (formerly known as CyaSSL)
*
* CyaSSL is free software; you can redistribute it and/or modify
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* CyaSSL is distributed in the hope that it will be useful,
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
@ -23,11 +23,11 @@
#include <config.h>
#endif
#include <cyassl/ctaocrypt/settings.h>
#include <cyassl/options.h>
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/options.h>
#include <cyassl/ssl.h>
#include <cyassl/test.h>
#include <wolfssl/ssl.h>
#include <wolfssl/test.h>
#include <stdio.h>
#include <stdlib.h>
@ -64,7 +64,7 @@
* function with specific parameters : inbetween process of receiving msg
* based from embeded receive in src/io.c
*/
int CbIORecv(CYASSL *ssl, char *buf, int sz, void *ctx)
int CbIORecv(WOLFSSL *ssl, char *buf, int sz, void *ctx)
{
int recvd;
int sd = *(int*)ctx;
@ -73,39 +73,39 @@ int CbIORecv(CYASSL *ssl, char *buf, int sz, void *ctx)
if (recvd < 0) {
if (errno == SOCKET_EWOULDBLOCK || errno == SOCKET_EAGAIN) {
if (!CyaSSL_dtls(ssl) || CyaSSL_get_using_nonblock(ssl)) {
if (!wolfSSL_dtls(ssl) || wolfSSL_get_using_nonblock(ssl)) {
printf(" Would block\n");
return CYASSL_CBIO_ERR_WANT_READ;
return WOLFSSL_CBIO_ERR_WANT_READ;
}
else {
printf("Socket timeout\n");
return CYASSL_CBIO_ERR_TIMEOUT;
return WOLFSSL_CBIO_ERR_TIMEOUT;
}
}
else if (errno == SOCKET_ECONNRESET) {
printf("Connection reset\n");
return CYASSL_CBIO_ERR_CONN_RST;
return WOLFSSL_CBIO_ERR_CONN_RST;
}
else if (errno == SOCKET_EINTR) {
printf("Socket interrupted\n");
return CYASSL_CBIO_ERR_ISR;
return WOLFSSL_CBIO_ERR_ISR;
}
else if (errno == SOCKET_ECONNREFUSED) {
printf("Connection refused\n");
return CYASSL_CBIO_ERR_WANT_READ;
return WOLFSSL_CBIO_ERR_WANT_READ;
}
else if (errno == SOCKET_ECONNABORTED) {
printf("Connection aborted\n");
return CYASSL_CBIO_ERR_CONN_CLOSE;
return WOLFSSL_CBIO_ERR_CONN_CLOSE;
}
else {
printf("General error\n");
return CYASSL_CBIO_ERR_GENERAL;
return WOLFSSL_CBIO_ERR_GENERAL;
}
}
else if (recvd == 0) {
printf("Embed receive connection closed\n");
return CYASSL_CBIO_ERR_CONN_CLOSE;
return WOLFSSL_CBIO_ERR_CONN_CLOSE;
}
printf("Received %d bytes\n", sz);
@ -118,7 +118,7 @@ int CbIORecv(CYASSL *ssl, char *buf, int sz, void *ctx)
*function with specific parameters : inbetween process of sending out msg
*based from embeded receive in src/io.c
*/
int CbIOSend(CYASSL *ssl, char *buf, int sz, void *ctx)
int CbIOSend(WOLFSSL *ssl, char *buf, int sz, void *ctx)
{
int sd = *(int*)ctx;
int sent;
@ -130,23 +130,23 @@ int CbIOSend(CYASSL *ssl, char *buf, int sz, void *ctx)
printf("IO Send error\n");
if (errno == SOCKET_EWOULDBLOCK || errno == SOCKET_EAGAIN) {
printf("Would Block\n");
return CYASSL_CBIO_ERR_WANT_WRITE;
return WOLFSSL_CBIO_ERR_WANT_WRITE;
}
else if (errno == SOCKET_ECONNRESET) {
printf("Connection reset\n");
return CYASSL_CBIO_ERR_CONN_RST;
return WOLFSSL_CBIO_ERR_CONN_RST;
}
else if (errno == SOCKET_EINTR) {
printf("Socket interrupted\n");
return CYASSL_CBIO_ERR_ISR;
return WOLFSSL_CBIO_ERR_ISR;
}
else if (errno == SOCKET_EPIPE) {
printf("Socket EPIPE\n");
return CYASSL_CBIO_ERR_CONN_CLOSE;
return WOLFSSL_CBIO_ERR_CONN_CLOSE;
}
else {
printf("General error\n");
return CYASSL_CBIO_ERR_GENERAL;
return WOLFSSL_CBIO_ERR_GENERAL;
}
}
@ -159,42 +159,42 @@ int CbIOSend(CYASSL *ssl, char *buf, int sz, void *ctx)
int Client(const char* ip, word16 port)
{
int n;
char msg[] = "hello cyassl";
char msg[] = "hello wolfssl";
char reply[MAXSZ];
int msgSz = strlen(msg);
SOCKET_T fd;
CYASSL_CTX* ctx;
CYASSL* ssl;
WOLFSSL_CTX* ctx;
WOLFSSL* ssl;
if ((ctx = CyaSSL_CTX_new(CyaTLSv1_2_client_method())) == NULL)
if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL)
err_sys("Error in setting client ctx\n");
if (CyaSSL_CTX_load_verify_locations(ctx, caCert, 0) != SSL_SUCCESS)
if (wolfSSL_CTX_load_verify_locations(ctx, caCert, 0) != SSL_SUCCESS)
err_sys("trouble loading client cert");
if (CyaSSL_CTX_use_certificate_file(ctx, cliCert, SSL_FILETYPE_PEM)
if (wolfSSL_CTX_use_certificate_file(ctx, cliCert, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("trouble loading client cert");
if (CyaSSL_CTX_use_PrivateKey_file(ctx, cliKey, SSL_FILETYPE_PEM)
if (wolfSSL_CTX_use_PrivateKey_file(ctx, cliKey, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("trouble loading client cert");
/*sets the IO callback methods*/
CyaSSL_SetIORecv(ctx, CbIORecv);
CyaSSL_SetIOSend(ctx, CbIOSend);
wolfSSL_SetIORecv(ctx, CbIORecv);
wolfSSL_SetIOSend(ctx, CbIOSend);
if ((ssl = CyaSSL_new(ctx)) == NULL)
if ((ssl = wolfSSL_new(ctx)) == NULL)
err_sys("issue when creating ssl");
tcp_connect(&fd, ip, port, 0);
CyaSSL_set_fd(ssl, fd);
if (CyaSSL_connect(ssl) != SSL_SUCCESS)
wolfSSL_set_fd(ssl, fd);
if (wolfSSL_connect(ssl) != SSL_SUCCESS)
err_sys("client connect failed");
if (CyaSSL_write(ssl, msg, msgSz) != msgSz)
if (wolfSSL_write(ssl, msg, msgSz) != msgSz)
err_sys("client write failed");
memset(reply, 0, MAXSZ);
if ((n = CyaSSL_read(ssl, reply, MAXSZ - 1)) > 0) {
if ((n = wolfSSL_read(ssl, reply, MAXSZ - 1)) > 0) {
reply[n] = '\0';
}
else {
@ -203,9 +203,9 @@ int Client(const char* ip, word16 port)
}
printf("Server sent : %s\n", reply);
CyaSSL_shutdown(ssl);
CyaSSL_free(ssl);
CyaSSL_CTX_free(ctx);
wolfSSL_shutdown(ssl);
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
return 0;
}
@ -220,7 +220,7 @@ int main(int argc, char* argv[])
return 1;
}
CyaSSL_Init();
wolfSSL_Init();
if (argc < 3) {
if (Client(argv[1], YASSLPORT) != 0)
err_sys("error creating client");
@ -229,7 +229,7 @@ int main(int argc, char* argv[])
if (Client(argv[1], (word16)atoi(argv[2])) != 0)
err_sys("error creating client");
}
CyaSSL_Cleanup();
wolfSSL_Cleanup();
return 0;
}

8
tls/client-tcp.c
View File

@ -1,15 +1,15 @@
/* client-tcp.c
*
* Copyright (C) 2006-2014 wolfSSL Inc.
* Copyright (C) 2006-2015 wolfSSL Inc.
*
* This file is part of CyaSSL.
* This file is part of wolfSSL. (formerly known as CyaSSL)
*
* CyaSSL is free software; you can redistribute it and/or modify
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* CyaSSL is distributed in the hope that it will be useful,
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.

66
tls/client-tls-nonblocking.c
View File

@ -1,15 +1,15 @@
/* client-tls-nonblocking.c
*
* Copyright (C) 2006-2014 wolfSSL Inc.
* Copyright (C) 2006-2015 wolfSSL Inc.
*
* This file is part of CyaSSL.
* This file is part of wolfSSL. (formerly known as CyaSSL)
*
* CyaSSL is free software; you can redistribute it and/or modify
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* CyaSSL is distributed in the hope that it will be useful,
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
@ -23,7 +23,7 @@
#include <string.h>
#include <errno.h>
#include <arpa/inet.h>
#include <cyassl/ssl.h> /* CyaSSL security library */
#include <wolfssl/ssl.h> /* wolfSSL security library */
#include <fcntl.h> /* nonblocking I/O library */
#include <sys/select.h>
@ -67,12 +67,12 @@ static inline int tcp_select(int socketfd, int to_sec)
return TEST_SELECT_FAIL;
}
int NonBlockConnect(CYASSL* ssl)
int NonBlockConnect(WOLFSSL* ssl)
{
int ret = CyaSSL_connect(ssl);
int ret = wolfSSL_connect(ssl);
int error = CyaSSL_get_error(ssl, 0);
int sockfd = (int)CyaSSL_get_fd(ssl);
int error = wolfSSL_get_error(ssl, 0);
int sockfd = (int)wolfSSL_get_fd(ssl);
int select_ret;
while (ret != SSL_SUCCESS && (error == SSL_ERROR_WANT_READ ||
@ -88,8 +88,8 @@ int NonBlockConnect(CYASSL* ssl)
if ((select_ret == TEST_RECV_READY) ||
(select_ret == TEST_ERROR_READY)) {
ret = CyaSSL_connect(ssl);
error = CyaSSL_get_error(ssl, 0);
ret = wolfSSL_connect(ssl);
error = wolfSSL_get_error(ssl, 0);
}
else if (select_ret == TEST_TIMEOUT) {
error = SSL_ERROR_WANT_READ;
@ -108,7 +108,7 @@ int NonBlockConnect(CYASSL* ssl)
/*
* clients initial contact with server. (socket to connect, security layer)
*/
int ClientGreet(CYASSL* ssl)
int ClientGreet(WOLFSSL* ssl)
{
/* data to send to the server, data recieved from the server */
char sendBuff[MAXDATASIZE], rcvBuff[MAXDATASIZE] = {0};
@ -118,25 +118,25 @@ int count = 0;
printf("Message for server:\t");
fgets(sendBuff, MAXDATASIZE, stdin);
if (CyaSSL_write(ssl, sendBuff, strlen(sendBuff)) != strlen(sendBuff)) {
if (wolfSSL_write(ssl, sendBuff, strlen(sendBuff)) != strlen(sendBuff)) {
/* the message is not able to send, or error trying */
ret = CyaSSL_get_error(ssl, 0);
ret = wolfSSL_get_error(ssl, 0);
printf("Write error: Error: %d\n", ret);
return EXIT_FAILURE;
}
ret = CyaSSL_read(ssl, rcvBuff, MAXDATASIZE);
ret = wolfSSL_read(ssl, rcvBuff, MAXDATASIZE);
if (ret <= 0) {
/* the server failed to send data, or error trying */
ret = CyaSSL_get_error(ssl, 0);
ret = wolfSSL_get_error(ssl, 0);
while (ret == SSL_ERROR_WANT_READ) {
count++;
ret = CyaSSL_read(ssl, rcvBuff, MAXDATASIZE);
ret = CyaSSL_get_error(ssl, 0);
ret = wolfSSL_read(ssl, rcvBuff, MAXDATASIZE);
ret = wolfSSL_get_error(ssl, 0);
}
printf("counter %d\n", count);
if (ret < 0) {
ret = CyaSSL_get_error(ssl, 0);
ret = wolfSSL_get_error(ssl, 0);
printf("Read error. Error: %d\n", ret);
return EXIT_FAILURE;
}
@ -151,40 +151,40 @@ printf("counter %d\n", count);
*/
int Security(int sock)
{
CYASSL_CTX* ctx;
CYASSL* ssl; /* create CYASSL object */
WOLFSSL_CTX* ctx;
WOLFSSL* ssl; /* create WOLFSSL object */
int ret = 0;
CyaSSL_Init(); /* initialize CyaSSL */
wolfSSL_Init(); /* initialize wolfSSL */
/* create and initiLize CYASSL_CTX structure */
if ((ctx = CyaSSL_CTX_new(CyaTLSv1_2_client_method())) == NULL) {
/* create and initiLize WOLFSSL_CTX structure */
if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL) {
printf("SSL_CTX_new error.\n");
return EXIT_FAILURE;
}
/* load CA certificates into CyaSSL_CTX. which will verify the server */
if (CyaSSL_CTX_load_verify_locations(ctx, cert, 0) !=
/* load CA certificates into wolfSSL_CTX. which will verify the server */
if (wolfSSL_CTX_load_verify_locations(ctx, cert, 0) !=
SSL_SUCCESS) {
printf("Error loading %s. Please check the file.\n", cert);
return EXIT_FAILURE;
}
if ((ssl = CyaSSL_new(ctx)) == NULL) {
printf("CyaSSL_new error.\n");
if ((ssl = wolfSSL_new(ctx)) == NULL) {
printf("wolfSSL_new error.\n");
return EXIT_FAILURE;
}
CyaSSL_set_fd(ssl, sock);
CyaSSL_set_using_nonblock(ssl, 1);
wolfSSL_set_fd(ssl, sock);
wolfSSL_set_using_nonblock(ssl, 1);
ret = NonBlockConnect(ssl);
if (ret == SSL_SUCCESS) {
ret = ClientGreet(ssl);
}
/* frees all data before client termination */
CyaSSL_free(ssl);
CyaSSL_CTX_free(ctx);
CyaSSL_Cleanup();
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
wolfSSL_Cleanup();
return ret;
}

72
tls/client-tls-resume.c
View File

@ -1,15 +1,15 @@
/* client-tls-resume.c
*
* Copyright (C) 2006-2014 wolfSSL Inc.
* Copyright (C) 2006-2015 wolfSSL Inc.
*
* This file is part of CyaSSL.
* This file is part of wolfSSL. (formerly known as CyaSSL)
*
* CyaSSL is free software; you can redistribute it and/or modify
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* CyaSSL is distributed in the hope that it will be useful,
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
@ -24,7 +24,7 @@
#include <string.h>
#include <errno.h>
#include <arpa/inet.h>
#include <cyassl/ssl.h> /* CyaSSL security library */
#include <wolfssl/ssl.h> /* wolfSSL security library */
#define MAXDATASIZE 4096 /* maximum acceptable amount of data */
#define SERV_PORT 11111 /* define default port number */
@ -34,7 +34,7 @@ const char* cert = "../certs/ca-cert.pem";
/*
* clients initial contact with server. (socket to connect, security layer)
*/
int ClientGreet(int sock, CYASSL* ssl)
int ClientGreet(int sock, WOLFSSL* ssl)
{
/* data to send to the server, data recieved from the server */
char sendBuff[MAXDATASIZE], rcvBuff[MAXDATASIZE] = {0};
@ -43,16 +43,16 @@ int ClientGreet(int sock, CYASSL* ssl)
printf("Message for server:\t");
fgets(sendBuff, MAXDATASIZE, stdin);
if (CyaSSL_write(ssl, sendBuff, strlen(sendBuff)) != strlen(sendBuff)) {
if (wolfSSL_write(ssl, sendBuff, strlen(sendBuff)) != strlen(sendBuff)) {
/* the message is not able to send, or error trying */
ret = CyaSSL_get_error(ssl, 0);
ret = wolfSSL_get_error(ssl, 0);
printf("Write error: Error: %i\n", ret);
return EXIT_FAILURE;
}
if (CyaSSL_read(ssl, rcvBuff, MAXDATASIZE) == 0) {
if (wolfSSL_read(ssl, rcvBuff, MAXDATASIZE) == 0) {
/* the server failed to send data, or error trying */
ret = CyaSSL_get_error(ssl, 0);
ret = wolfSSL_get_error(ssl, 0);
printf("Read error. Error: %i\n", ret);
return EXIT_FAILURE;
}
@ -66,35 +66,35 @@ int ClientGreet(int sock, CYASSL* ssl)
*/
int Security(int sock, struct sockaddr_in addr)
{
CYASSL_CTX* ctx; /* cyassl context */
CYASSL* ssl; /* create CYASSL object */
CYASSL_SESSION* session = 0;/* cyassl session */
CYASSL* sslResume; /* create CYASSL object for connection loss */
WOLFSSL_CTX* ctx; /* wolfssl context */
WOLFSSL* ssl; /* create WOLFSSL object */
WOLFSSL_SESSION* session = 0;/* wolfssl session */
WOLFSSL* sslResume; /* create WOLFSSL object for connection loss */
int ret;
CyaSSL_Init(); /* initialize CyaSSL (must be done first) */
wolfSSL_Init(); /* initialize wolfSSL (must be done first) */
/* create and initiLize CYASSL_CTX structure */
if ((ctx = CyaSSL_CTX_new(CyaTLSv1_2_client_method())) == NULL) {
/* create and initiLize WOLFSSL_CTX structure */
if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL) {
printf("SSL_CTX_new error.\n");
return EXIT_FAILURE;
}
/* load CA certificates into CyaSSL_CTX. which will verify the server */
if (CyaSSL_CTX_load_verify_locations(ctx, cert, 0) != SSL_SUCCESS) {
/* load CA certificates into wolfSSL_CTX. which will verify the server */
if (wolfSSL_CTX_load_verify_locations(ctx, cert, 0) != SSL_SUCCESS) {
printf("Error loading %s. Please check the file.\n", cert);
return EXIT_FAILURE;
}
if ((ssl = CyaSSL_new(ctx)) == NULL) {
printf("CyaSSL_new error.\n");
if ((ssl = wolfSSL_new(ctx)) == NULL) {
printf("wolfSSL_new error.\n");
return EXIT_FAILURE;
}
CyaSSL_set_fd(ssl, sock);
wolfSSL_set_fd(ssl, sock);
/* connects to CyaSSL */
ret = CyaSSL_connect(ssl);
/* connects to wolfSSL */
ret = wolfSSL_connect(ssl);
if (ret != SSL_SUCCESS) {
return ret;
}
@ -102,40 +102,40 @@ int Security(int sock, struct sockaddr_in addr)
ret = ClientGreet(sock, ssl);
/* saves the session */
session = CyaSSL_get_session(ssl);
CyaSSL_free(ssl);
session = wolfSSL_get_session(ssl);
wolfSSL_free(ssl);
/* closes the connection */
close(sock);
/* new ssl to reconnect to */
sslResume = CyaSSL_new(ctx);
sslResume = wolfSSL_new(ctx);
/* makes a new socket to connect to */
sock = socket(AF_INET, SOCK_STREAM, 0);
/* sets session to old session */
CyaSSL_set_session(sslResume, session);
wolfSSL_set_session(sslResume, session);
/* connects to new socket */
if (connect(sock, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
/* if socket fails to connect to the server*/
ret = CyaSSL_get_error(ssl, 0);
ret = wolfSSL_get_error(ssl, 0);
printf("Connect error. Error: %i\n", ret);
return EXIT_FAILURE;
}
/* sets new file discriptior */
CyaSSL_set_fd(sslResume, sock);
wolfSSL_set_fd(sslResume, sock);
/* reconects to CyaSSL */
ret = CyaSSL_connect(sslResume);
/* reconects to wolfSSL */
ret = wolfSSL_connect(sslResume);
if (ret != SSL_SUCCESS) {
return ret;
}
/* checks to see if the new session is the same as the old session */
if (CyaSSL_session_reused(sslResume))
if (wolfSSL_session_reused(sslResume))
printf("Re-used session ID\n");
else
printf("Did not re-use session ID\n");
@ -147,9 +147,9 @@ int Security(int sock, struct sockaddr_in addr)
close(sock);
/* frees all data before client termination */
CyaSSL_free(sslResume);
CyaSSL_CTX_free(ctx);
CyaSSL_Cleanup();
wolfSSL_free(sslResume);
wolfSSL_CTX_free(ctx);
wolfSSL_Cleanup();
return ret;
}

48
tls/client-tls.c
View File

@ -1,15 +1,15 @@
/* client-tls.c
*
* Copyright (C) 2006-2014 wolfSSL Inc.
* Copyright (C) 2006-2015 wolfSSL Inc.
*
* This file is part of CyaSSL.
* This file is part of wolfSSL. (formerly known as CyaSSL)
*
* CyaSSL is free software; you can redistribute it and/or modify
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* CyaSSL is distributed in the hope that it will be useful,
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
@ -23,7 +23,7 @@
#include <string.h>
#include <errno.h>
#include <arpa/inet.h>
#include <cyassl/ssl.h> /* CyaSSL security library */
#include <wolfssl/ssl.h> /* wolfSSL security library */
#define MAXDATASIZE 4096 /* maximum acceptable amount of data */
#define SERV_PORT 11111 /* define default port number */
@ -33,7 +33,7 @@ const char* cert = "../certs/ca-cert.pem";
/*
* clients initial contact with server. (socket to connect, security layer)
*/
int ClientGreet(int sock, CYASSL* ssl)
int ClientGreet(int sock, WOLFSSL* ssl)
{
/* data to send to the server, data recieved from the server */
char sendBuff[MAXDATASIZE], rcvBuff[MAXDATASIZE] = {0};
@ -42,16 +42,16 @@ int ClientGreet(int sock, CYASSL* ssl)
printf("Message for server:\t");
fgets(sendBuff, MAXDATASIZE, stdin);
if (CyaSSL_write(ssl, sendBuff, strlen(sendBuff)) != strlen(sendBuff)) {
if (wolfSSL_write(ssl, sendBuff, strlen(sendBuff)) != strlen(sendBuff)) {
/* the message is not able to send, or error trying */
ret = CyaSSL_get_error(ssl, 0);
ret = wolfSSL_get_error(ssl, 0);
printf("Write error: Error: %i\n", ret);
return EXIT_FAILURE;
}
if (CyaSSL_read(ssl, rcvBuff, MAXDATASIZE) < 0) {
if (wolfSSL_read(ssl, rcvBuff, MAXDATASIZE) < 0) {
/* the server failed to send data, or error trying */
ret = CyaSSL_get_error(ssl, 0);
ret = wolfSSL_get_error(ssl, 0);
printf("Read error. Error: %i\n", ret);
return EXIT_FAILURE;
}
@ -65,38 +65,38 @@ int ClientGreet(int sock, CYASSL* ssl)
*/
int Security(int sock)
{
CYASSL_CTX* ctx;
CYASSL* ssl; /* create CYASSL object */
WOLFSSL_CTX* ctx;
WOLFSSL* ssl; /* create WOLFSSL object */
int ret = 0;
CyaSSL_Init(); /* initialize CyaSSL */
wolfSSL_Init(); /* initialize wolfSSL */
/* create and initiLize CYASSL_CTX structure */
if ((ctx = CyaSSL_CTX_new(CyaTLSv1_2_client_method())) == NULL) {
/* create and initiLize WOLFSSL_CTX structure */
if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL) {
printf("SSL_CTX_new error.\n");
return EXIT_FAILURE;
}
/* load CA certificates into CyaSSL_CTX. which will verify the server */
if (CyaSSL_CTX_load_verify_locations(ctx, cert, 0) != SSL_SUCCESS) {
/* load CA certificates into wolfSSL_CTX. which will verify the server */
if (wolfSSL_CTX_load_verify_locations(ctx, cert, 0) != SSL_SUCCESS) {
printf("Error loading %s. Please check the file.\n", cert);
return EXIT_FAILURE;
}
if ((ssl = CyaSSL_new(ctx)) == NULL) {
printf("CyaSSL_new error.\n");
if ((ssl = wolfSSL_new(ctx)) == NULL) {
printf("wolfSSL_new error.\n");
return EXIT_FAILURE;
}
CyaSSL_set_fd(ssl, sock);
wolfSSL_set_fd(ssl, sock);
ret = CyaSSL_connect(ssl);
ret = wolfSSL_connect(ssl);
if (ret == SSL_SUCCESS) {
ret = ClientGreet(sock, ssl);
}
/* frees all data before client termination */
CyaSSL_free(ssl);
CyaSSL_CTX_free(ctx);
CyaSSL_Cleanup();
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
wolfSSL_Cleanup();
return ret;
}

96
tls/server-callback.c
View File

@ -1,15 +1,15 @@
/* server.c
/* server-callback.c
*
* Copyright (C) 2006-2014 wolfSSL Inc.
* Copyright (C) 2006-2015 wolfSSL Inc.
*
* This file is part of CyaSSL.
* This file is part of wolfSSL. (formerly known as CyaSSL)
*
* CyaSSL is free software; you can redistribute it and/or modify
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* CyaSSL is distributed in the hope that it will be useful,
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
@ -23,11 +23,11 @@
#include <config.h>
#endif
#include <cyassl/ctaocrypt/settings.h>
#include <cyassl/options.h>
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/options.h>
#include <cyassl/ssl.h>
#include <cyassl/test.h>
#include <wolfssl/ssl.h>
#include <wolfssl/test.h>
#include <stdio.h>
#include <stdlib.h>
@ -61,7 +61,7 @@
* function with specific parameters : inbetween process of receiving msg
* based from embeded receive in src/io.c
*/
int CbIORecv(CYASSL *ssl, char *buf, int sz, void *ctx)
int CbIORecv(WOLFSSL *ssl, char *buf, int sz, void *ctx)
{
int recvd;
int sd = *(int*)ctx;
@ -70,39 +70,39 @@ int CbIORecv(CYASSL *ssl, char *buf, int sz, void *ctx)
if (recvd < 0) {
if (errno == SOCKET_EWOULDBLOCK || errno == SOCKET_EAGAIN) {
if (!CyaSSL_dtls(ssl) || CyaSSL_get_using_nonblock(ssl)) {
if (!wolfSSL_dtls(ssl) || wolfSSL_get_using_nonblock(ssl)) {
printf(" Would block\n");
return CYASSL_CBIO_ERR_WANT_READ;
return WOLFSSL_CBIO_ERR_WANT_READ;
}
else {
printf("Socket timeout\n");
return CYASSL_CBIO_ERR_TIMEOUT;
return WOLFSSL_CBIO_ERR_TIMEOUT;
}
}
else if (errno == SOCKET_ECONNRESET) {
printf("Connection reset\n");
return CYASSL_CBIO_ERR_CONN_RST;
return WOLFSSL_CBIO_ERR_CONN_RST;
}
else if (errno == SOCKET_EINTR) {
printf("Socket interrupted\n");
return CYASSL_CBIO_ERR_ISR;
return WOLFSSL_CBIO_ERR_ISR;
}
else if (errno == SOCKET_ECONNREFUSED) {
printf("Connection refused\n");
return CYASSL_CBIO_ERR_WANT_READ;
return WOLFSSL_CBIO_ERR_WANT_READ;
}
else if (errno == SOCKET_ECONNABORTED) {
printf("Connection aborted\n");
return CYASSL_CBIO_ERR_CONN_CLOSE;
return WOLFSSL_CBIO_ERR_CONN_CLOSE;
}
else {
printf("General error\n");
return CYASSL_CBIO_ERR_GENERAL;
return WOLFSSL_CBIO_ERR_GENERAL;
}
}
else if (recvd == 0) {
printf("Embed receive connection closed\n");
return CYASSL_CBIO_ERR_CONN_CLOSE;
return WOLFSSL_CBIO_ERR_CONN_CLOSE;
}
printf("Received %d bytes\n", sz);
@ -114,7 +114,7 @@ int CbIORecv(CYASSL *ssl, char *buf, int sz, void *ctx)
* function with specific parameters : inbetween process of sending out msg
* based from embeded receive in src/io.c
*/
int CbIOSend(CYASSL *ssl, char *buf, int sz, void *ctx)
int CbIOSend(WOLFSSL *ssl, char *buf, int sz, void *ctx)
{
int sd = *(int*)ctx;
int sent;
@ -126,23 +126,23 @@ int CbIOSend(CYASSL *ssl, char *buf, int sz, void *ctx)
printf("IO Send error\n");
if (errno == SOCKET_EWOULDBLOCK || errno == SOCKET_EAGAIN) {
printf("Would Block\n");
return CYASSL_CBIO_ERR_WANT_WRITE;
return WOLFSSL_CBIO_ERR_WANT_WRITE;
}
else if (errno == SOCKET_ECONNRESET) {
printf("Connection reset\n");
return CYASSL_CBIO_ERR_CONN_RST;
return WOLFSSL_CBIO_ERR_CONN_RST;
}
else if (errno == SOCKET_EINTR) {
printf("Socket interrupted\n");
return CYASSL_CBIO_ERR_ISR;
return WOLFSSL_CBIO_ERR_ISR;
}
else if (errno == SOCKET_EPIPE) {
printf("Socket EPIPE\n");
return CYASSL_CBIO_ERR_CONN_CLOSE;
return WOLFSSL_CBIO_ERR_CONN_CLOSE;
}
else {
printf("General error\n");
return CYASSL_CBIO_ERR_GENERAL;
return WOLFSSL_CBIO_ERR_GENERAL;
}
}
@ -156,28 +156,28 @@ int Server(word16 port)
char msg[MAXSZ];
const char reply[] = "I hear ya fa shizzle!\n";
int n, listenfd, connfd;
CYASSL_CTX* ctx;
CYASSL* ssl;
WOLFSSL_CTX* ctx;
WOLFSSL* ssl;
CyaSSL_Init();
wolfSSL_Init();
/* create ctx and configure certificates */
if ((ctx = CyaSSL_CTX_new(CyaTLSv1_2_server_method())) == NULL)
err_sys("Fatal error : CyaSSL_CTX_new error");
if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method())) == NULL)
err_sys("Fatal error : wolfSSL_CTX_new error");
if (CyaSSL_CTX_use_certificate_file(ctx, svrCert, SSL_FILETYPE_PEM)
if (wolfSSL_CTX_use_certificate_file(ctx, svrCert, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("can't load server cert file,"
"Please run from CyaSSL home dir");
"Please run from wolfSSL home dir");
if (CyaSSL_CTX_use_PrivateKey_file(ctx, svrKey, SSL_FILETYPE_PEM)
if (wolfSSL_CTX_use_PrivateKey_file(ctx, svrKey, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("can't load server key file, "
"Please run from CyaSSL home dir");
"Please run from wolfSSL home dir");
/*sets the IO callback methods*/
CyaSSL_SetIORecv(ctx, CbIORecv);
CyaSSL_SetIOSend(ctx, CbIOSend);
wolfSSL_SetIORecv(ctx, CbIORecv);
wolfSSL_SetIOSend(ctx, CbIOSend);
tcp_accept(&listenfd, &connfd, NULL, port, 1, 0, 0);
@ -185,18 +185,18 @@ int Server(word16 port)
err_sys("Fatal error : accept error");
}
else {
/* create CYASSL object and respond */
if ((ssl = CyaSSL_new(ctx)) == NULL)
err_sys("Fatal error : CyaSSL_new error");
/* create WOLFSSL object and respond */
if ((ssl = wolfSSL_new(ctx)) == NULL)
err_sys("Fatal error : wolfSSL_new error");
CyaSSL_set_fd(ssl, connfd);
wolfSSL_set_fd(ssl, connfd);
memset(msg, 0, MAXSZ);
n = CyaSSL_read(ssl, msg, MAXSZ - 1);
n = wolfSSL_read(ssl, msg, MAXSZ - 1);
if (n > 0) {
msg[n] = '\0';
printf("Client sent : %s\n", msg);
if (CyaSSL_write(ssl, reply, strlen(reply)) > strlen(reply))
if (wolfSSL_write(ssl, reply, strlen(reply)) > strlen(reply))
err_sys("Fatal error : respond: write error");
}
@ -204,14 +204,14 @@ int Server(word16 port)
err_sys("Fatal error :respond: read error");
/* closes the connections after responding */
CyaSSL_shutdown(ssl);
CyaSSL_free(ssl);
wolfSSL_shutdown(ssl);
wolfSSL_free(ssl);
if (close(listenfd) == -1 && close(connfd) == -1)
err_sys("Fatal error : close error");
}
/* free up memory used by CyaSSL */
CyaSSL_CTX_free(ctx);
/* free up memory used by wolfSSL */
wolfSSL_CTX_free(ctx);
return 0;
}
@ -222,7 +222,7 @@ int main(int argc, char* argv[])
return 1;
}
CyaSSL_Init();
wolfSSL_Init();
if (argc < 2) {
if (Server(YASSLPORT) != 0)
err_sys("error creating server");
@ -231,7 +231,7 @@ int main(int argc, char* argv[])
if (Server((word16)atoi(argv[1])) != 0)
err_sys("error creating server");
}
CyaSSL_Cleanup();
wolfSSL_Cleanup();
return 0;
}

12
tls/server-tcp.c
View File

@ -1,15 +1,15 @@
/* server-tcp.c
*
* Copyright (C) 2006-2014 wolfSSL Inc.
* Copyright (C) 2006-2015 wolfSSL Inc.
*
* This file is part of CyaSSL.
* This file is part of wolfSSL. (formerly known as CyaSSL)
*
* CyaSSL is free software; you can redistribute it and/or modify
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* CyaSSL is distributed in the hope that it will be useful,
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
@ -17,10 +17,6 @@
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
* =============================================================================
*
* This is a super basic example of what a TCP Server might look like that is
* not actively using any form of security.
*/
#include <stdio.h>

82
tls/server-tls-nonblocking.c
View File

@ -1,23 +1,23 @@
/* server-tls-nonblocking.c
*
* Copyright (C) 2006-2014 wolfSSL Inc.
* Copyright (C) 2006-2015 wolfSSL Inc.
*
* This file is part of CyaSSL.
* This file is part of wolfSSL. (formerly known as CyaSSL)
*
* CyaSSL is free software; you can redistribute it and/or modify
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* CyaSSL is distributed in the hope that it will be useful,
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, * USA
* =============================================================================
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*=============================================================================
*
* This is a super basic example of what a TCP Server secured with TLS 1.2
* that uses non blocking input and output.
@ -33,8 +33,8 @@
#include <sys/fcntl.h>
#include <errno.h>
/* Include the CyaSSL library for our TLS 1.2 security */
#include <cyassl/ssl.h>
/* Include the wolfSSL library for our TLS 1.2 security */
#include <wolfssl/ssl.h>
#define DEFAULT_PORT 11111
@ -43,10 +43,10 @@
*/
enum read_write_t {WRITE, READ, ACCEPT};
int AcceptAndRead(CYASSL_CTX* ctx, socklen_t socketfd,
int AcceptAndRead(WOLFSSL_CTX* ctx, socklen_t socketfd,
struct sockaddr_in clientAddr);
int TCPSelect(socklen_t socketfd);
int NonBlocking_ReadWriteAccept(CYASSL* ssl, socklen_t socketfd,
int NonBlocking_ReadWriteAccept(WOLFSSL* ssl, socklen_t socketfd,
enum read_write_t rw);
/* Check if any sockets are ready for reading and writing and set it */
@ -75,7 +75,7 @@ int TCPSelect(socklen_t socketfd)
}
/* Checks if NonBlocking I/O is wanted, if it is wanted it will
* wait until it's available on the socket before reading or writing */
int NonBlocking_ReadWriteAccept(CYASSL* ssl, socklen_t socketfd,
int NonBlocking_ReadWriteAccept(WOLFSSL* ssl, socklen_t socketfd,
enum read_write_t rw)
{
const char reply[] = "I hear ya fa shizzle!\n";
@ -90,18 +90,18 @@ int NonBlocking_ReadWriteAccept(CYASSL* ssl, socklen_t socketfd,
memset(&buff, 0, sizeof(buff));
if (rw == READ)
rwret = CyaSSL_read(ssl, buff, sizeof(buff)-1);
rwret = wolfSSL_read(ssl, buff, sizeof(buff)-1);
else if (rw == WRITE)
rwret = CyaSSL_write(ssl, reply, sizeof(reply)-1);
rwret = wolfSSL_write(ssl, reply, sizeof(reply)-1);
else if (rw == ACCEPT)
rwret = CyaSSL_accept(ssl);
rwret = wolfSSL_accept(ssl);
if (rwret == 0) {
printf("The client has closed the connection!\n");
return 0;
}
else if (rwret != SSL_SUCCESS) {
int error = CyaSSL_get_error(ssl, 0);
int error = wolfSSL_get_error(ssl, 0);
/* while I/O is not ready, keep waiting */
while ((error == SSL_ERROR_WANT_READ ||
@ -116,13 +116,13 @@ int NonBlocking_ReadWriteAccept(CYASSL* ssl, socklen_t socketfd,
if ((selectRet == 1) || (selectRet == 2)) {
if (rw == READ)
rwret = CyaSSL_read(ssl, buff, sizeof(buff)-1);
rwret = wolfSSL_read(ssl, buff, sizeof(buff)-1);
else if (rw == WRITE)
rwret = CyaSSL_write(ssl, reply, sizeof(reply)-1);
rwret = wolfSSL_write(ssl, reply, sizeof(reply)-1);
else if (rw == ACCEPT)
rwret = CyaSSL_accept(ssl);
rwret = wolfSSL_accept(ssl);
error = CyaSSL_get_error(ssl, 0);
error = wolfSSL_get_error(ssl, 0);
}
else {
error = SSL_FATAL_ERROR;
@ -134,9 +134,9 @@ int NonBlocking_ReadWriteAccept(CYASSL* ssl, socklen_t socketfd,
printf("Client: %s\n", buff);
/* Reply back to the client */
else if (rw == WRITE) {
if ((ret = CyaSSL_write(ssl, reply, sizeof(reply)-1)) < 0) {
printf("CyaSSL_write error = %d\n",
CyaSSL_get_error(ssl, ret));
if ((ret = wolfSSL_write(ssl, reply, sizeof(reply)-1)) < 0) {
printf("wolfSSL_write error = %d\n",
wolfSSL_get_error(ssl, ret));
}
}
}
@ -144,7 +144,7 @@ int NonBlocking_ReadWriteAccept(CYASSL* ssl, socklen_t socketfd,
return 1;
}
int AcceptAndRead(CYASSL_CTX* ctx, socklen_t socketfd, struct sockaddr_in clientAddr)
int AcceptAndRead(WOLFSSL_CTX* ctx, socklen_t socketfd, struct sockaddr_in clientAddr)
{
socklen_t size = sizeof(clientAddr);
@ -158,16 +158,16 @@ int AcceptAndRead(CYASSL_CTX* ctx, socklen_t socketfd, struct sockaddr_in client
/* If it connects, read in and reply to the client */
else {
printf("Client connected successfully!\n");
CYASSL* ssl;
if ( (ssl = CyaSSL_new(ctx)) == NULL) {
fprintf(stderr, "CyaSSL_new error.\n");
WOLFSSL* ssl;
if ( (ssl = wolfSSL_new(ctx)) == NULL) {
fprintf(stderr, "wolfSSL_new error.\n");
exit(EXIT_FAILURE);
}
/* Direct our ssl to our clients connection */
CyaSSL_set_fd(ssl, connd);
wolfSSL_set_fd(ssl, connd);
/* Sets CyaSSL_accept(ssl) */
/* Sets wolfSSL_accept(ssl) */
if(NonBlocking_ReadWriteAccept(ssl, socketfd, ACCEPT) < 0)
return 0;
@ -183,7 +183,7 @@ int AcceptAndRead(CYASSL_CTX* ctx, socklen_t socketfd, struct sockaddr_in client
if (NonBlocking_ReadWriteAccept(ssl, socketfd, WRITE) == 0)
break;
}
CyaSSL_free(ssl); /* Free the CYASSL object */
wolfSSL_free(ssl); /* Free the WOLFSSL object */
}
close(connd); /* close the connected socket */
@ -204,7 +204,7 @@ int main()
int on = 1;
/* Create a ctx pointer for our ssl */
CYASSL_CTX* ctx;
WOLFSSL_CTX* ctx;
/* Server and Client socket address structures */
struct sockaddr_in serverAddr, clientAddr;
@ -229,25 +229,25 @@ int main()
< 0)
printf("setsockopt SO_REUSEADDR failed\n");
/* Initialize CyaSSL */
CyaSSL_Init();
/* Initialize wolfSSL */
wolfSSL_Init();
/* Create and initialize CYASSL_CTX structure */
if ((ctx = CyaSSL_CTX_new(CyaTLSv1_2_server_method())) == NULL) {
fprintf(stderr, "CyaSSL_CTX_new error.\n");
/* Create and initialize WOLFSSL_CTX structure */
if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method())) == NULL) {
fprintf(stderr, "wolfSSL_CTX_new error.\n");
exit(EXIT_FAILURE);
}
/* Load server certificate into CYASSL_CTX */
if (CyaSSL_CTX_use_certificate_file(ctx, "../certs/server-cert.pem",
/* Load server certificate into WOLFSSL_CTX */
if (wolfSSL_CTX_use_certificate_file(ctx, "../certs/server-cert.pem",
SSL_FILETYPE_PEM) != SSL_SUCCESS) {
fprintf(stderr, "Error loading certs/server-cert.pem, please check"
"the file.\n");
exit(EXIT_FAILURE);
}
/* Load server key into CYASSL_CTX */
if (CyaSSL_CTX_use_PrivateKey_file(ctx, "../certs/server-key.pem",
/* Load server key into WOLFSSL_CTX */
if (wolfSSL_CTX_use_PrivateKey_file(ctx, "../certs/server-key.pem",
SSL_FILETYPE_PEM) != SSL_SUCCESS) {
fprintf(stderr, "Error loading certs/server-key.pem, please check"
"the file.\n");
@ -274,7 +274,7 @@ int main()
}
}
CyaSSL_CTX_free(ctx); /* Free CYASSL_CTX */
CyaSSL_Cleanup(); /* Free CyaSSL */
wolfSSL_CTX_free(ctx); /* Free WOLFSSL_CTX */
wolfSSL_Cleanup(); /* Free wolfSSL */
exit(EXIT_SUCCESS);
}

58
tls/server-tls-threaded.c
View File

@ -1,23 +1,23 @@
/* server-tls-threaded.c
*
* Copyright (C) 2006-2014 wolfSSL Inc.
* Copyright (C) 2006-2015 wolfSSL Inc.
*
* This file is part of CyaSSL.
* This file is part of wolfSSL. (formerly known as CyaSSL)
*
* CyaSSL is free software; you can redistribute it and/or modify
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* CyaSSL is distributed in the hope that it will be useful,
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, * USA
* =============================================================================
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*=============================================================================
*
* This is a super basic example of what a TCP Server secured with TLS 1.2
* might look like. This server can also resume the session if a client
@ -34,8 +34,8 @@
#include <errno.h>
#include <pthread.h>
/* Include the CyaSSL library for our TLS 1.2 security */
#include <cyassl/ssl.h>
/* Include the wolfSSL library for our TLS 1.2 security */
#include <wolfssl/ssl.h>
#define DEFAULT_PORT 11111
@ -43,24 +43,24 @@ int AcceptAndRead(socklen_t sockfd, struct sockaddr_in clientAddr);
void *ThreadHandler(void* socketDesc);
/* Create a ctx pointer for our ssl */
CYASSL_CTX* ctx;
WOLFSSL_CTX* ctx;
void *ThreadHandler(void* socketDesc)
{
int connd = *(int*)socketDesc;
CYASSL* ssl;
WOLFSSL* ssl;
/* Create our reply message */
const char reply[] = "I hear ya fa shizzle!\n";
printf("Client connected successfully\n");
if ( (ssl = CyaSSL_new(ctx)) == NULL) {
fprintf(stderr, "CyaSSL_new error.\n");
if ( (ssl = wolfSSL_new(ctx)) == NULL) {
fprintf(stderr, "wolfSSL_new error.\n");
exit(EXIT_FAILURE);
}
/* Direct our ssl to our clients connection */
CyaSSL_set_fd(ssl, connd);
wolfSSL_set_fd(ssl, connd);
for ( ; ; ) {
char buff[256];
@ -70,25 +70,25 @@ void *ThreadHandler(void* socketDesc)
memset(&buff, 0, sizeof(buff));
/* Read the client data into our buff array */
if ((ret = CyaSSL_read(ssl, buff, sizeof(buff)-1)) > 0) {
if ((ret = wolfSSL_read(ssl, buff, sizeof(buff)-1)) > 0) {
/* Print any data the client sends to the console */
printf("Client on Socket %d: %s\n", connd, buff);
/* Reply back to the client */
if ((ret = CyaSSL_write(ssl, reply, sizeof(reply)-1))
if ((ret = wolfSSL_write(ssl, reply, sizeof(reply)-1))
< 0) {
printf("CyaSSL_write error = %d\n", CyaSSL_get_error(ssl, ret));
printf("wolfSSL_write error = %d\n", wolfSSL_get_error(ssl, ret));
}
}
/* if the client disconnects break the loop */
else {
if (ret < 0)
printf("CyaSSL_read error = %d\n", CyaSSL_get_error(ssl
printf("wolfSSL_read error = %d\n", wolfSSL_get_error(ssl
,ret));
else if (ret == 0)
printf("The client has closed the connection.\n");
CyaSSL_free(ssl); /* Free the CYASSL object */
wolfSSL_free(ssl); /* Free the WOLFSSL object */
close(connd); /* close the connected socket */
break;
}
@ -145,8 +145,8 @@ int main()
serverAddr.sin_addr.s_addr = INADDR_ANY;
serverAddr.sin_port = htons(DEFAULT_PORT);
/* initialize CyaSSL */
CyaSSL_Init();
/* initialize wolfSSL */
wolfSSL_Init();
/* If positive value, the socket is valid */
if (sockfd == -1) {
@ -154,22 +154,22 @@ int main()
return EXIT_FAILURE;
}
/* Create and initialize CYASSL_CTX structure */
if ((ctx = CyaSSL_CTX_new(CyaTLSv1_2_server_method())) == NULL) {
fprintf(stderr, "CyaSSL_CTX_new error.\n");
/* Create and initialize WOLFSSL_CTX structure */
if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method())) == NULL) {
fprintf(stderr, "wolfSSL_CTX_new error.\n");
return EXIT_FAILURE;
}
/* Load server certificate into CYASSL_CTX */
if (CyaSSL_CTX_use_certificate_file(ctx, "../certs/server-cert.pem",
/* Load server certificate into WOLFSSL_CTX */
if (wolfSSL_CTX_use_certificate_file(ctx, "../certs/server-cert.pem",
SSL_FILETYPE_PEM) != SSL_SUCCESS) {
fprintf(stderr, "Error loading certs/server-cert.pem, please check"
"the file.\n");
return EXIT_FAILURE;
}
/* Load server key into CYASSL_CTX */
if (CyaSSL_CTX_use_PrivateKey_file(ctx, "../certs/server-key.pem",
/* Load server key into WOLFSSL_CTX */
if (wolfSSL_CTX_use_PrivateKey_file(ctx, "../certs/server-key.pem",
SSL_FILETYPE_PEM) != SSL_SUCCESS) {
fprintf(stderr, "Error loading certs/server-key.pem, please check"
"the file.\n");
@ -196,8 +196,8 @@ int main()
}
}
CyaSSL_CTX_free(ctx); /* Free CYASSL_CTX */
CyaSSL_Cleanup(); /* Free CyaSSL */
wolfSSL_CTX_free(ctx); /* Free WOLFSSL_CTX */
wolfSSL_Cleanup(); /* Free wolfSSL */
return EXIT_SUCCESS;
}

66
tls/server-tls.c
View File

@ -1,27 +1,27 @@
/* server-tls.c
*
* Copyright (C) 2006-2014 wolfSSL Inc.
* Copyright (C) 2006-2015 wolfSSL Inc.
*
* This file is part of CyaSSL.
* This file is part of wolfSSL. (formerly known as CyaSSL)
*
* CyaSSL is free software; you can redistribute it and/or modify
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* CyaSSL is distributed in the hope that it will be useful,
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, * USA
* =============================================================================
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*=============================================================================
*
* This is a super basic example of what a TCP Server secured with TLS 1.2
* might look like. This server can also resume the session if a client
* nadvertantly disconnects.
* inadvertantly disconnects.
*/
#include <stdio.h>
@ -33,15 +33,15 @@
#include <stdlib.h>
#include <errno.h>
/* include the CyaSSL library for our TLS 1.2 security */
#include <cyassl/ssl.h>
/* include the wolfSSL library for our TLS 1.2 security */
#include <wolfssl/ssl.h>
#define DEFAULT_PORT 11111
int AcceptAndRead(CYASSL_CTX* ctx, socklen_t sockfd, struct sockaddr_in
int AcceptAndRead(WOLFSSL_CTX* ctx, socklen_t sockfd, struct sockaddr_in
clientAddr);
int AcceptAndRead(CYASSL_CTX* ctx, socklen_t sockfd, struct sockaddr_in
int AcceptAndRead(WOLFSSL_CTX* ctx, socklen_t sockfd, struct sockaddr_in
clientAddr)
{
/* Create our reply message */
@ -58,17 +58,17 @@ int AcceptAndRead(CYASSL_CTX* ctx, socklen_t sockfd, struct sockaddr_in
/* If it connects, read in and reply to the client */
else {
printf("Client connected successfully\n");
CYASSL* ssl;
WOLFSSL* ssl;
if ( (ssl = CyaSSL_new(ctx)) == NULL) {
fprintf(stderr, "CyaSSL_new error.\n");
if ( (ssl = wolfSSL_new(ctx)) == NULL) {
fprintf(stderr, "wolfSSL_new error.\n");
exit(EXIT_FAILURE);
}
/* direct our ssl to our clients connection */
CyaSSL_set_fd(ssl, connd);
wolfSSL_set_fd(ssl, connd);
printf("Using Non-Blocking I/O: %d\n", CyaSSL_get_using_nonblock(
printf("Using Non-Blocking I/O: %d\n", wolfSSL_get_using_nonblock(
ssl));
for ( ; ; ) {
@ -79,21 +79,21 @@ int AcceptAndRead(CYASSL_CTX* ctx, socklen_t sockfd, struct sockaddr_in
memset(&buff, 0, sizeof(buff));
/* Read the client data into our buff array */
if ((ret = CyaSSL_read(ssl, buff, sizeof(buff)-1)) > 0) {
if ((ret = wolfSSL_read(ssl, buff, sizeof(buff)-1)) > 0) {
/* Print any data the client sends to the console */
printf("Client: %s\n", buff);
/* Reply back to the client */
if ((ret = CyaSSL_write(ssl, reply, sizeof(reply)-1))
if ((ret = wolfSSL_write(ssl, reply, sizeof(reply)-1))
< 0)
{
printf("CyaSSL_write error = %d\n", CyaSSL_get_error(ssl, ret));
printf("wolfSSL_write error = %d\n", wolfSSL_get_error(ssl, ret));
}
}
/* if the client disconnects break the loop */
else {
if (ret < 0)
printf("CyaSSL_read error = %d\n", CyaSSL_get_error(ssl
printf("wolfSSL_read error = %d\n", wolfSSL_get_error(ssl
,ret));
else if (ret == 0)
printf("The client has closed the connection.\n");
@ -101,7 +101,7 @@ int AcceptAndRead(CYASSL_CTX* ctx, socklen_t sockfd, struct sockaddr_in
break;
}
}
CyaSSL_free(ssl); /* Free the CYASSL object */
wolfSSL_free(ssl); /* Free the WOLFSSL object */
}
close(connd); /* close the connected socket */
@ -112,7 +112,7 @@ int AcceptAndRead(CYASSL_CTX* ctx, socklen_t sockfd, struct sockaddr_in
int main()
{
/* Create a ctx pointer for our ssl */
CYASSL_CTX* ctx;
WOLFSSL_CTX* ctx;
/*
* Creates a socket that uses an internet IP address,
@ -125,8 +125,8 @@ int main()
/* Server and client socket address structures */
struct sockaddr_in serverAddr, clientAddr;
/* Initialize CyaSSL */
CyaSSL_Init();
/* Initialize wolfSSL */
wolfSSL_Init();
/* If positive value, the socket is valid */
if (sockfd == -1) {
@ -134,22 +134,22 @@ int main()
return EXIT_FAILURE; /* Kill the server with exit status 1 */
}
/* create and initialize CYASSL_CTX structure */
if ((ctx = CyaSSL_CTX_new(CyaTLSv1_2_server_method())) == NULL) {
fprintf(stderr, "CyaSSL_CTX_new error.\n");
/* create and initialize WOLFSSL_CTX structure */
if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method())) == NULL) {
fprintf(stderr, "wolfSSL_CTX_new error.\n");
return EXIT_FAILURE;
}
/* Load server certificate into CYASSL_CTX */
if (CyaSSL_CTX_use_certificate_file(ctx, "../certs/server-cert.pem",
/* Load server certificate into WOLFSSL_CTX */
if (wolfSSL_CTX_use_certificate_file(ctx, "../certs/server-cert.pem",
SSL_FILETYPE_PEM) != SSL_SUCCESS) {
fprintf(stderr, "Error loading certs/server-cert.pem, please check"
"the file.\n");
return EXIT_FAILURE;
}
/* Load server key into CYASSL_CTX */
if (CyaSSL_CTX_use_PrivateKey_file(ctx, "../certs/server-key.pem",
/* Load server key into WOLFSSL_CTX */
if (wolfSSL_CTX_use_PrivateKey_file(ctx, "../certs/server-key.pem",
SSL_FILETYPE_PEM) != SSL_SUCCESS) {
fprintf(stderr, "Error loading certs/server-key.pem, please check"
"the file.\n");
@ -184,7 +184,7 @@ int main()
}
}
CyaSSL_CTX_free(ctx); /* Free CYASSL_CTX */
CyaSSL_Cleanup(); /* Free CyaSSL */
wolfSSL_CTX_free(ctx); /* Free WOLFSSL_CTX */
wolfSSL_Cleanup(); /* Free wolfSSL */
return EXIT_SUCCESS;
}

254
tls/tutorial-tcp-tls.md
View File

@ -1,7 +1,7 @@
Tutorial
========
This tutorial will teach you how to install and run a basic TCP Server and Client. As well as how to incorporate CyaSSL TLS and some additional features on top of these basic examples. It is expected that you have a basic understanding of a simple tcp server/client. If not, before continueing please take a moment to look over the `server-tcp.c` and `client-tcp.c` file which contains the basic tcp server that we will be expanding upon in this tutorial.
This tutorial will teach you how to install and run a basic TCP Server and Client. As well as how to incorporate wolfSSL TLS and some additional features on top of these basic examples. It is expected that you have a basic understanding of a simple tcp server/client. If not, before continueing please take a moment to look over the `server-tcp.c` and `client-tcp.c` file which contains the basic tcp server that we will be expanding upon in this tutorial.
First you will need `gcc` and `make` installed on your terminal. You can do this by opening a new terminal window and typing:
@ -9,8 +9,8 @@ First you will need `gcc` and `make` installed on your terminal. You can do this
sudo apt-get install gcc make
## Index
1. [Incorporating CyaSSL TLS](https://github.com/wolfSSL/wolfssl-examples/blob/master/tls/tutorial-tcp-tls.md#incorporating-cyassl-tls)
* [Installing CyaSSL](https://github.com/wolfSSL/wolfssl-examples/blob/master/tls/tutorial-tcp-tls.md#installing-cyassl)
1. [Incorporating wolfSSL TLS](https://github.com/wolfSSL/wolfssl-examples/blob/master/tls/tutorial-tcp-tls.md#incorporating-wolfssl-tls)
* [Installing wolfSSL](https://github.com/wolfSSL/wolfssl-examples/blob/master/tls/tutorial-tcp-tls.md#installing-wolfssl)
2. [Server TLS Tutorial](https://github.com/wolfSSL/wolfssl-examples/blob/master/tls/tutorial-tcp-tls.md#server-tls-tutorial)
* [Basic TLS Server](https://github.com/wolfSSL/wolfssl-examples/blob/master/tls/tutorial-tcp-tls.md#basic-tls-server)
* [Adding Multi-threading](https://github.com/wolfSSL/wolfssl-examples/blob/master/tls/tutorial-tcp-tls.md#adding-server-multi-threading)
@ -21,22 +21,22 @@ First you will need `gcc` and `make` installed on your terminal. You can do this
* [Adding Non-blocking I/O](https://github.com/wolfSSL/wolfssl-examples/blob/master/tls/tutorial-tcp-tls.md#adding-client-non-blocking-io)
4. [Starting the TLS Client & Server](https://github.com/wolfSSL/wolfssl-examples/blob/master/tls/tutorial-tcp-tls.md#starting-the-tls-client--server)
## Incorporating CyaSSL TLS
To incorporate CyaSSL TLS into your client or server you need to first configure and install the CyaSSL library to your linux machine. After you have done that, you can then run `make` to compile the TLS versions into an executeable.
## Incorporating wolfSSL TLS
To incorporate wolfSSL TLS into your client or server you need to first configure and install the wolfSSL library to your linux machine. After you have done that, you can then run `make` to compile the TLS versions into an executeable.
### Installing CyaSSL
+ Download and extract the CyaSSL package from [here.](http://wolfssl.com/yaSSL/Products-cyassl.html)
### Installing wolfSSL
+ Download and extract the wolfSSL package from [here.](http://wolfssl.com/yaSSL/Products-wolfssl.html)
+ In terminal, navigate to the root of the extracted folder.
+ Type `./configure` press enter. Wait until it finishes configuring.
+ Type `make` press enter.
+ Type `sudo make install`, this will install the CyaSSL libraries to your machine.
+ Type `sudo make install`, this will install the wolfSSL libraries to your machine.
CyaSSL libraries should now be installed to your machine and ready to use. You can now make and run the server and client examples.
wolfSSL libraries should now be installed to your machine and ready to use. You can now make and run the server and client examples.
## Server TLS Tutorial
### Basic TLS Server
To begin, we will be re-writing the basic `server-tcp.c` with CyaSSL. The structure of the file will be almost identical. To begin, we will need to include the cyassl libraries with the rest of our includes at the top of the file:
To begin, we will be re-writing the basic `server-tcp.c` with wolfSSL. The structure of the file will be almost identical. To begin, we will need to include the wolfssl libraries with the rest of our includes at the top of the file:
```c
#include <stdio.h>
@ -48,24 +48,24 @@ To begin, we will be re-writing the basic `server-tcp.c` with CyaSSL. The struct
#include <stdlib.h>
#include <errno.h>
/* include the CyaSSL library for our TLS 1.2 security */
#include <cyassl/ssl.h>
/* include the wolfSSL library for our TLS 1.2 security */
#include <wolfssl/ssl.h>
```
Next we will add our `#define DEFAULT_PORT 11111` and the prototype for our `AcceptAndRead` function:
```c
#define DEFAULT_PORT 11111
int AcceptAndRead(CYASSL_CTX* ctx, socklen_t sockfd, struct sockaddr_in
int AcceptAndRead(WOLFSSL_CTX* ctx, socklen_t sockfd, struct sockaddr_in
clientAddr);
```
Now we will build our `main()` function for the program. What happens here is we create a CYASSL context pointer and a socket. We then initialize CyaSSL so that it can be used. After that we tell CyaSSL where our certificate and private key files are that we want our server to use. We then attach our socket to the `DEFAULT_PORT` that we defined above. The last thing to do in the main function is to listen for a new connection on the socket that we binded to our port above. When we get a new connection, we call the `AcceptAndRead` function. The main function should look like:
Now we will build our `main()` function for the program. What happens here is we create a WOLFSSL context pointer and a socket. We then initialize wolfSSL so that it can be used. After that we tell wolfSSL where our certificate and private key files are that we want our server to use. We then attach our socket to the `DEFAULT_PORT` that we defined above. The last thing to do in the main function is to listen for a new connection on the socket that we binded to our port above. When we get a new connection, we call the `AcceptAndRead` function. The main function should look like:
```c
int main()
{
/* Create a ctx pointer for our ssl */
CYASSL_CTX* ctx;
WOLFSSL_CTX* ctx;
/*
* Creates a socket that uses an internet IP address,
@ -78,8 +78,8 @@ int main()
/* Server and client socket address structures */
struct sockaddr_in serverAddr, clientAddr;
/* Initialize CyaSSL */
CyaSSL_Init();
/* Initialize wolfSSL */
wolfSSL_Init();
/* If positive value, the socket is valid */
if (sockfd == -1) {
@ -87,22 +87,22 @@ int main()
return EXIT_FAILURE; /* Kill the server with exit status 1 */
}
/* create and initialize CYASSL_CTX structure */
if ((ctx = CyaSSL_CTX_new(CyaTLSv1_2_server_method())) == NULL) {
fprintf(stderr, "CyaSSL_CTX_new error.\n");
/* create and initialize WOLFSSL_CTX structure */
if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method())) == NULL) {
fprintf(stderr, "wolfSSL_CTX_new error.\n");
return EXIT_FAILURE;
}
/* Load server certificate into CYASSL_CTX */
if (CyaSSL_CTX_use_certificate_file(ctx, "../certs/server-cert.pem",
/* Load server certificate into WOLFSSL_CTX */
if (wolfSSL_CTX_use_certificate_file(ctx, "../certs/server-cert.pem",
SSL_FILETYPE_PEM) != SSL_SUCCESS) {
fprintf(stderr, "Error loading certs/server-cert.pem, please check"
"the file.\n");
return EXIT_FAILURE;
}
/* Load server key into CYASSL_CTX */
if (CyaSSL_CTX_use_PrivateKey_file(ctx, "../certs/server-key.pem",
/* Load server key into WOLFSSL_CTX */
if (wolfSSL_CTX_use_PrivateKey_file(ctx, "../certs/server-key.pem",
SSL_FILETYPE_PEM) != SSL_SUCCESS) {
fprintf(stderr, "Error loading certs/server-key.pem, please check"
"the file.\n");
@ -137,17 +137,17 @@ int main()
}
}
CyaSSL_CTX_free(ctx); /* Free CYASSL_CTX */
CyaSSL_Cleanup(); /* Free CyaSSL */
wolfSSL_CTX_free(ctx); /* Free WOLFSSL_CTX */
wolfSSL_Cleanup(); /* Free wolfSSL */
return EXIT_SUCCESS;
}
```
Now all that is left is the `AcceptAndRead` function. This function accepts the new connection and passes it off to its on file descriptor `connd`. We then create our ssl object and direct it to our clients connection. Once thats done we jump into a `for ( ; ; )` loop and do a `CyaSSL_read` which will decrypt and send any data the client sends to our `buff` array. Once that happens we print the data to the console and then send a reply back to the client letting the client know that we reicieved their message. We then break out of the loop, free our ssl and close the `connd` connection since it's no longer used. We then `return 0` which tells our loop in main that it was successful and to continue listening for new connections.
Now all that is left is the `AcceptAndRead` function. This function accepts the new connection and passes it off to its on file descriptor `connd`. We then create our ssl object and direct it to our clients connection. Once thats done we jump into a `for ( ; ; )` loop and do a `wolfSSL_read` which will decrypt and send any data the client sends to our `buff` array. Once that happens we print the data to the console and then send a reply back to the client letting the client know that we reicieved their message. We then break out of the loop, free our ssl and close the `connd` connection since it's no longer used. We then `return 0` which tells our loop in main that it was successful and to continue listening for new connections.
Here is the `AcceptAndRead` with more detailed comments on what's happening.
```c
int AcceptAndRead(CYASSL_CTX* ctx, socklen_t sockfd, struct sockaddr_in
int AcceptAndRead(WOLFSSL_CTX* ctx, socklen_t sockfd, struct sockaddr_in
clientAddr)
{
/* Create our reply message */
@ -164,17 +164,17 @@ int AcceptAndRead(CYASSL_CTX* ctx, socklen_t sockfd, struct sockaddr_in
/* If it connects, read in and reply to the client */
else {
printf("Client connected successfully\n");
CYASSL* ssl;
WOLFSSL* ssl;
if ( (ssl = CyaSSL_new(ctx)) == NULL) {
fprintf(stderr, "CyaSSL_new error.\n");
if ( (ssl = wolfSSL_new(ctx)) == NULL) {
fprintf(stderr, "wolfSSL_new error.\n");
exit(EXIT_FAILURE);
}
/* direct our ssl to our clients connection */
CyaSSL_set_fd(ssl, connd);
wolfSSL_set_fd(ssl, connd);
printf("Using Non-Blocking I/O: %d\n", CyaSSL_get_using_nonblock(
printf("Using Non-Blocking I/O: %d\n", wolfSSL_get_using_nonblock(
ssl));
for ( ; ; ) {
@ -185,21 +185,21 @@ int AcceptAndRead(CYASSL_CTX* ctx, socklen_t sockfd, struct sockaddr_in
memset(&buff, 0, sizeof(buff));
/* Read the client data into our buff array */
if ((ret = CyaSSL_read(ssl, buff, sizeof(buff)-1)) > 0) {
if ((ret = wolfSSL_read(ssl, buff, sizeof(buff)-1)) > 0) {
/* Print any data the client sends to the console */
printf("Client: %s\n", buff);
/* Reply back to the client */
if ((ret = CyaSSL_write(ssl, reply, sizeof(reply)-1))
if ((ret = wolfSSL_write(ssl, reply, sizeof(reply)-1))
< 0)
{
printf("CyaSSL_write error = %d\n", CyaSSL_get_error(ssl, ret));
printf("wolfSSL_write error = %d\n", wolfSSL_get_error(ssl, ret));
}
}
/* if the client disconnects break the loop */
else {
if (ret < 0)
printf("CyaSSL_read error = %d\n", CyaSSL_get_error(ssl
printf("wolfSSL_read error = %d\n", wolfSSL_get_error(ssl
,ret));
else if (ret == 0)
printf("The client has closed the connection.\n");
@ -207,7 +207,7 @@ int AcceptAndRead(CYASSL_CTX* ctx, socklen_t sockfd, struct sockaddr_in
break;
}
}
CyaSSL_free(ssl); /* Free the CYASSL object */
wolfSSL_free(ssl); /* Free the WOLFSSL object */
}
close(connd); /* close the connected socket */
@ -221,7 +221,7 @@ And with that, you should now have a basic TLS server that accepts a connection,
### Adding Server Multi-threading
To add multi-threading support to the basic `tls-server.c` that we created above, we will be using pthreads. Multi-threading will allow the server to handle multiple client connections at the same time. It will pass each new connection off into it's own thread. To do this we will create a new function called `ThreadHandler`. This function will be passed off to its own thread when a new client connection is accepted. We will also be making some minor changes to our `main()` and `AcceptAndRead` functions.
We will start by adding a `#include <pthread.h>` followed by removing our `CYASSL_CTX* ctx` from our main() function and making it global. This will allow our threads to have access to it. Because we are no long passing it into the `AcceptAndRead` function, we need to modify the prototype function to no longer take a `CyaSSL_CTX` parameter. The top of your file should now look like:
We will start by adding a `#include <pthread.h>` followed by removing our `WOLFSSL_CTX* ctx` from our main() function and making it global. This will allow our threads to have access to it. Because we are no long passing it into the `AcceptAndRead` function, we need to modify the prototype function to no longer take a `wolfSSL_CTX` parameter. The top of your file should now look like:
```c
#include <stdio.h>
@ -234,8 +234,8 @@ We will start by adding a `#include <pthread.h>` followed by removing our `CYASS
#include <errno.h>
#include <pthread.h>
/* Include the CyaSSL library for our TLS 1.2 security */
#include <cyassl/ssl.h>
/* Include the wolfSSL library for our TLS 1.2 security */
#include <wolfssl/ssl.h>
#define DEFAULT_PORT 11111
@ -243,9 +243,9 @@ int AcceptAndRead(socklen_t sockfd, struct sockaddr_in clientAddr);
void *ThreadHandler(void* socketDesc);
/* Create a ctx pointer for our ssl */
CYASSL_CTX* ctx;
WOLFSSL_CTX* ctx;
```
Moving down to our `main()` function, we need to now remove `CYASSL_CTX* ctx` from the top of the function since it is now a global variable. Lastly we need modify the `while` loop at the bottom of `main()` to look like:
Moving down to our `main()` function, we need to now remove `WOLFSSL_CTX* ctx` from the top of the function since it is now a global variable. Lastly we need modify the `while` loop at the bottom of `main()` to look like:
```c
printf("Waiting for a connection...\n");
@ -262,7 +262,7 @@ Moving down to our `main()` function, we need to now remove `CYASSL_CTX* ctx` fr
```
As you can tell, when we call
loopExit = AcceptAndRead(sockfd, clientAddr);
we are no longer passing in our `CYASSL_CTX` pointer since it's now global.
we are no longer passing in our `WOLFSSL_CTX` pointer since it's now global.
Moving on, we can now modify our `AcceptAndRead` function. This function will now pass accepted connections off into their own thread using `pthreads`. This new thread will then loop, reading and writing to the connected client. Because of this most of this function will be moved into the 'ThreadHandler' function. The `AcceptAndRead` function will now look like:
@ -298,19 +298,19 @@ Now that we have that passing client connections to their own threads, we need t
void *ThreadHandler(void* socketDesc)
{
int connd = *(int*)socketDesc;
CYASSL* ssl;
WOLFSSL* ssl;
/* Create our reply message */
const char reply[] = "I hear ya fa shizzle!\n";
printf("Client connected successfully\n");
if ( (ssl = CyaSSL_new(ctx)) == NULL) {
fprintf(stderr, "CyaSSL_new error.\n");
if ( (ssl = wolfSSL_new(ctx)) == NULL) {
fprintf(stderr, "wolfSSL_new error.\n");
exit(EXIT_FAILURE);
}
/* Direct our ssl to our clients connection */
CyaSSL_set_fd(ssl, connd);
wolfSSL_set_fd(ssl, connd);
for ( ; ; ) {
char buff[256];
@ -320,25 +320,25 @@ void *ThreadHandler(void* socketDesc)
memset(&buff, 0, sizeof(buff));
/* Read the client data into our buff array */
if ((ret = CyaSSL_read(ssl, buff, sizeof(buff)-1)) > 0) {
if ((ret = wolfSSL_read(ssl, buff, sizeof(buff)-1)) > 0) {
/* Print any data the client sends to the console */
printf("Client on Socket %d: %s\n", connd, buff);
/* Reply back to the client */
if ((ret = CyaSSL_write(ssl, reply, sizeof(reply)-1))
if ((ret = wolfSSL_write(ssl, reply, sizeof(reply)-1))
< 0) {
printf("CyaSSL_write error = %d\n", CyaSSL_get_error(ssl, ret));
printf("wolfSSL_write error = %d\n", wolfSSL_get_error(ssl, ret));
}
}
/* if the client disconnects break the loop */
else {
if (ret < 0)
printf("CyaSSL_read error = %d\n", CyaSSL_get_error(ssl
printf("wolfSSL_read error = %d\n", wolfSSL_get_error(ssl
,ret));
else if (ret == 0)
printf("The client has closed the connection.\n");
CyaSSL_free(ssl); /* Free the CYASSL object */
wolfSSL_free(ssl); /* Free the WOLFSSL object */
close(connd); /* close the connected socket */
break;
}
@ -370,8 +370,8 @@ To start, let's create our enumerator and prototype functions. The top of your f
#include <sys/fcntl.h>
#include <errno.h>
/* Include the CyaSSL library for our TLS 1.2 security */
#include <cyassl/ssl.h>
/* Include the wolfSSL library for our TLS 1.2 security */
#include <wolfssl/ssl.h>
#define DEFAULT_PORT 11111
@ -380,14 +380,14 @@ To start, let's create our enumerator and prototype functions. The top of your f
*/
enum read_write_t {WRITE, READ, ACCEPT};
int AcceptAndRead(CYASSL_CTX* ctx, socklen_t socketfd,
int AcceptAndRead(WOLFSSL_CTX* ctx, socklen_t socketfd,
struct sockaddr_in clientAddr);
int TCPSelect(socklen_t socketfd);
int NonBlocking_ReadWriteAccept(CYASSL* ssl, socklen_t socketfd,
int NonBlocking_ReadWriteAccept(WOLFSSL* ssl, socklen_t socketfd,
enum read_write_t rw);
```
We will start by modifying our `main()` function. Because we are using non-blocking we need to give our socket specific options. To do this, we will make a `setsockopt()` call just above our `CyaSSL_init()` call. It should look something like the following:
We will start by modifying our `main()` function. Because we are using non-blocking we need to give our socket specific options. To do this, we will make a `setsockopt()` call just above our `wolfSSL_init()` call. It should look something like the following:
```c
/* If positive value, the socket is valid */
@ -400,8 +400,8 @@ We will start by modifying our `main()` function. Because we are using non-block
< 0)
printf("setsockopt SO_REUSEADDR failed\n");
/* Initialize CyaSSL */
CyaSSL_Init();
/* Initialize wolfSSL */
wolfSSL_Init();
```
Now we are going to re-write our `AcceptAndRead()` function such that it now takes into consideration non-blocking I/O. This function will be directing our `ssl` object to our client. we will then use a `for ( ; ; )` loop to call our `NonBlocking_ReadWriteAccept()` function passing our `READ` and `WRITE` enums in respectively. This tells our `NonBlocking_ReadWriteAccept()` function what we currently want it to do; read or write.
@ -409,7 +409,7 @@ Now we are going to re-write our `AcceptAndRead()` function such that it now tak
The function, with more detailed comments should now look like:
```c
int AcceptAndRead(CYASSL_CTX* ctx, socklen_t socketfd, struct sockaddr_in clientAddr)
int AcceptAndRead(WOLFSSL_CTX* ctx, socklen_t socketfd, struct sockaddr_in clientAddr)
{
socklen_t size = sizeof(clientAddr);
@ -423,16 +423,16 @@ int AcceptAndRead(CYASSL_CTX* ctx, socklen_t socketfd, struct sockaddr_in client
/* If it connects, read in and reply to the client */
else {
printf("Client connected successfully!\n");
CYASSL* ssl;
if ( (ssl = CyaSSL_new(ctx)) == NULL) {
fprintf(stderr, "CyaSSL_new error.\n");
WOLFSSL* ssl;
if ( (ssl = wolfSSL_new(ctx)) == NULL) {
fprintf(stderr, "wolfSSL_new error.\n");
exit(EXIT_FAILURE);
}
/* Direct our ssl to our clients connection */
CyaSSL_set_fd(ssl, connd);
wolfSSL_set_fd(ssl, connd);
/* Sets CyaSSL_accept(ssl) */
/* Sets wolfSSL_accept(ssl) */
if(NonBlocking_ReadWriteAccept(ssl, socketfd, ACCEPT) < 0)
return 0;
@ -448,7 +448,7 @@ int AcceptAndRead(CYASSL_CTX* ctx, socklen_t socketfd, struct sockaddr_in client
if (NonBlocking_ReadWriteAccept(ssl, socketfd, WRITE) == 0)
break;
}
CyaSSL_free(ssl); /* Free the CYASSL object */
wolfSSL_free(ssl); /* Free the WOLFSSL object */
}
close(connd); /* close the connected socket */
@ -456,12 +456,12 @@ int AcceptAndRead(CYASSL_CTX* ctx, socklen_t socketfd, struct sockaddr_in client
}
```
Next we will write the `NonBlocking_ReadWriteAccept()` function. This function in short swtiches between doing `CyaSSL_accept()`, `CyaSSL_read()`, and `CyaSSL_write()`. It uses a while loop to loop on the socket and assign new client connections to the next available socket using the `TCPSelect()` function we will be writing soon. It then asks each socket if it wants read or wants write. This function should look like:
Next we will write the `NonBlocking_ReadWriteAccept()` function. This function in short swtiches between doing `wolfSSL_accept()`, `wolfSSL_read()`, and `wolfSSL_write()`. It uses a while loop to loop on the socket and assign new client connections to the next available socket using the `TCPSelect()` function we will be writing soon. It then asks each socket if it wants read or wants write. This function should look like:
```c
/* Checks if NonBlocking I/O is wanted, if it is wanted it will
* wait until it's available on the socket before reading or writing */
int NonBlocking_ReadWriteAccept(CYASSL* ssl, socklen_t socketfd,
int NonBlocking_ReadWriteAccept(WOLFSSL* ssl, socklen_t socketfd,
enum read_write_t rw)
{
const char reply[] = "I hear ya fa shizzle!\n";
@ -476,18 +476,18 @@ int NonBlocking_ReadWriteAccept(CYASSL* ssl, socklen_t socketfd,
memset(&buff, 0, sizeof(buff));
if (rw == READ)
rwret = CyaSSL_read(ssl, buff, sizeof(buff)-1);
rwret = wolfSSL_read(ssl, buff, sizeof(buff)-1);
else if (rw == WRITE)
rwret = CyaSSL_write(ssl, reply, sizeof(reply)-1);
rwret = wolfSSL_write(ssl, reply, sizeof(reply)-1);
else if (rw == ACCEPT)
rwret = CyaSSL_accept(ssl);
rwret = wolfSSL_accept(ssl);
if (rwret == 0) {
printf("The client has closed the connection!\n");
return 0;
}
else if (rwret != SSL_SUCCESS) {
int error = CyaSSL_get_error(ssl, 0);
int error = wolfSSL_get_error(ssl, 0);
/* while I/O is not ready, keep waiting */
while ((error == SSL_ERROR_WANT_READ ||
@ -502,13 +502,13 @@ int NonBlocking_ReadWriteAccept(CYASSL* ssl, socklen_t socketfd,
if ((selectRet == 1) || (selectRet == 2)) {
if (rw == READ)
rwret = CyaSSL_read(ssl, buff, sizeof(buff)-1);
rwret = wolfSSL_read(ssl, buff, sizeof(buff)-1);
else if (rw == WRITE)
rwret = CyaSSL_write(ssl, reply, sizeof(reply)-1);
rwret = wolfSSL_write(ssl, reply, sizeof(reply)-1);
else if (rw == ACCEPT)
rwret = CyaSSL_accept(ssl);
rwret = wolfSSL_accept(ssl);
error = CyaSSL_get_error(ssl, 0);
error = wolfSSL_get_error(ssl, 0);
}
else {
error = SSL_FATAL_ERROR;
@ -520,9 +520,9 @@ int NonBlocking_ReadWriteAccept(CYASSL* ssl, socklen_t socketfd,
printf("Client: %s\n", buff);
/* Reply back to the client */
else if (rw == WRITE) {
if ((ret = CyaSSL_write(ssl, reply, sizeof(reply)-1)) < 0) {
printf("CyaSSL_write error = %d\n",
CyaSSL_get_error(ssl, ret));
if ((ret = wolfSSL_write(ssl, reply, sizeof(reply)-1)) < 0) {
printf("wolfSSL_write error = %d\n",
wolfSSL_get_error(ssl, ret));
}
}
}
@ -574,11 +574,11 @@ const char* cert = "../certs/ca-cert.pem";
Now comes changing the `ClientGreet()` function so its arguments and functions incorporate the security library.
```c
void ClientGreet(int sock, CYASSL* ssl)
void ClientGreet(int sock, WOLFSSL* ssl)
if (CyaSSL_write(ssl, send, strlen(send)) != strlen(send)) {
if (wolfSSL_write(ssl, send, strlen(send)) != strlen(send)) {
if (CyaSSL_read(ssl, receive, MAXDATASIZE) == 0) {
if (wolfSSL_read(ssl, receive, MAXDATASIZE) == 0) {
```
You can think of this as, instead of just a normal read and write, it is now a “secure” read and write. We also need to change the call to `ClientGreet()` in `main()`. Instead of calling directly to it, we should make a call to a `Security()` that will then check the server for the correct `certs`. To do this, change:
@ -601,38 +601,38 @@ Now we just have to make the `Security()` function. It should look something lik
*/
int Security(int sock)
{
CYASSL_CTX* ctx;
CYASSL* ssl; /* create CYASSL object */
WOLFSSL_CTX* ctx;
WOLFSSL* ssl; /* create WOLFSSL object */
int ret = 0;
CyaSSL_Init(); /* initialize CyaSSL */
wolfSSL_Init(); /* initialize wolfSSL */
/* create and initiLize CYASSL_CTX structure */
if ((ctx = CyaSSL_CTX_new(CyaTLSv1_2_client_method())) == NULL) {
/* create and initiLize WOLFSSL_CTX structure */
if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL) {
printf("SSL_CTX_new error.\n");
return EXIT_FAILURE;
}
/* load CA certificates into CyaSSL_CTX. which will verify the server */
if (CyaSSL_CTX_load_verify_locations(ctx, cert, 0) != SSL_SUCCESS) {
/* load CA certificates into wolfSSL_CTX. which will verify the server */
if (wolfSSL_CTX_load_verify_locations(ctx, cert, 0) != SSL_SUCCESS) {
printf("Error loading %s. Please check the file.\n", cert);
return EXIT_FAILURE;
}
if ((ssl = CyaSSL_new(ctx)) == NULL) {
printf("CyaSSL_new error.\n");
if ((ssl = wolfSSL_new(ctx)) == NULL) {
printf("wolfSSL_new error.\n");
return EXIT_FAILURE;
}
CyaSSL_set_fd(ssl, sock);
wolfSSL_set_fd(ssl, sock);
ret = CyaSSL_connect(ssl);
ret = wolfSSL_connect(ssl);
if (ret == SSL_SUCCESS) {
ret = ClientGreet(sock, ssl);
}
/* frees all data before client termination */
CyaSSL_free(ssl);
CyaSSL_CTX_free(ctx);
CyaSSL_Cleanup();
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
wolfSSL_Cleanup();
return ret;
}
@ -647,48 +647,48 @@ As you can see, this is where we make the call to “greet” the server. This
In case the connection to the server gets lost, and you want to save time, youll want to be able to resume the connection. In this example, we disconnect from the server, then reconnect to the same session afterwards, bypassing the handshake process and ultimately saving time. To accomplish this, youll need to add some variable declarations in `Security()`.
```c
CYASSL_SESSION* session = 0;/* cyassl session */
CYASSL* sslResume; /* create CYASSL object for connection loss */
WOLFSSL_SESSION* session = 0;/* wolfssl session */
WOLFSSL* sslResume; /* create WOLFSSL object for connection loss */
```
Next we'll have to add some code to disconnect and then reconnect to the server. This should be added after your `ClientGreet()` call in `Security()`.
```c
/* saves the session */
session = CyaSSL_get_session(ssl);
CyaSSL_free(ssl);
session = wolfSSL_get_session(ssl);
wolfSSL_free(ssl);
/* closes the connection */
close(sock);
/* new ssl to reconnect to */
sslResume = CyaSSL_new(ctx);
sslResume = wolfSSL_new(ctx);
/* makes a new socket to connect to */
sock = socket(AF_INET, SOCK_STREAM, 0);
/* sets session to old session */
CyaSSL_set_session(sslResume, session);
wolfSSL_set_session(sslResume, session);
/* connects to new socket */
if (connect(sock, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
/* if socket fails to connect to the server*/
ret = CyaSSL_get_error(ssl, 0);
ret = wolfSSL_get_error(ssl, 0);
printf("Connect error. Error: %i\n", ret);
return EXIT_FAILURE;
}
/* sets new file discriptior */
CyaSSL_set_fd(sslResume, sock);
wolfSSL_set_fd(sslResume, sock);
/* reconects to CyaSSL */
ret = CyaSSL_connect(sslResume);
/* reconects to wolfSSL */
ret = wolfSSL_connect(sslResume);
if (ret != SSL_SUCCESS) {
return ret;
}
/* checks to see if the new session is the same as the old session */
if (CyaSSL_session_reused(sslResume))
if (wolfSSL_session_reused(sslResume))
printf("Re-used session ID\n");
else
printf("Did not re-use session ID\n");
@ -697,7 +697,7 @@ else
ret = ClientGreet(sock, sslResume);
```
We will aslo have to slightly alter our last `CyaSSL_free()` call. Instead of `CyaSSL_free(ssl);` it needs to state `CyaSSL_free(sslResume);`
We will aslo have to slightly alter our last `wolfSSL_free()` call. Instead of `wolfSSL_free(ssl);` it needs to state `wolfSSL_free(sslResume);`
**The finished source code for this can be [found here.](https://github.com/wolfSSL/wolfssl-examples/blob/master/tls/client-tls-resume.c)**
@ -747,12 +747,12 @@ static inline int tcp_select(int socketfd, int to_sec)
return TEST_SELECT_FAIL;
}
int NonBlockConnect(CYASSL* ssl)
int NonBlockConnect(WOLFSSL* ssl)
{
int ret = CyaSSL_connect(ssl);
int ret = wolfSSL_connect(ssl);
int error = CyaSSL_get_error(ssl, 0);
int sockfd = (int)CyaSSL_get_fd(ssl);
int error = wolfSSL_get_error(ssl, 0);
int sockfd = (int)wolfSSL_get_fd(ssl);
int select_ret;
while (ret != SSL_SUCCESS && (error == SSL_ERROR_WANT_READ ||
@ -768,8 +768,8 @@ int NonBlockConnect(CYASSL* ssl)
if ((select_ret == TEST_RECV_READY) ||
(select_ret == TEST_ERROR_READY)) {
ret = CyaSSL_connect(ssl);
error = CyaSSL_get_error(ssl, 0);
ret = wolfSSL_connect(ssl);
error = wolfSSL_get_error(ssl, 0);
}
else if (select_ret == TEST_TIMEOUT) {
error = SSL_ERROR_WANT_READ;
@ -792,7 +792,7 @@ We will also need to make some chances to `ClientGreet()` which should now look
/*
* clients initial contact with server. (socket to connect, security layer)
*/
int ClientGreet(CYASSL* ssl)
int ClientGreet(WOLFSSL* ssl)
{
/* data to send to the server, data recieved from the server */
char sendBuff[MAXDATASIZE], rcvBuff[MAXDATASIZE] = {0};
@ -801,23 +801,23 @@ int ClientGreet(CYASSL* ssl)
printf("Message for server:\t");
fgets(sendBuff, MAXDATASIZE, stdin);
if (CyaSSL_write(ssl, sendBuff, strlen(sendBuff)) != strlen(sendBuff)) {
if (wolfSSL_write(ssl, sendBuff, strlen(sendBuff)) != strlen(sendBuff)) {
/* the message is not able to send, or error trying */
ret = CyaSSL_get_error(ssl, 0);
ret = wolfSSL_get_error(ssl, 0);
printf("Write error: Error: %d\n", ret);
return EXIT_FAILURE;
}
ret = CyaSSL_read(ssl, rcvBuff, MAXDATASIZE);
ret = wolfSSL_read(ssl, rcvBuff, MAXDATASIZE);
if (ret <= 0) {
/* the server failed to send data, or error trying */
ret = CyaSSL_get_error(ssl, 0);
ret = wolfSSL_get_error(ssl, 0);
while (ret == SSL_ERROR_WANT_READ) {
ret = CyaSSL_read(ssl, rcvBuff, MAXDATASIZE);
ret = CyaSSL_get_error(ssl, 0);
ret = wolfSSL_read(ssl, rcvBuff, MAXDATASIZE);
ret = wolfSSL_get_error(ssl, 0);
}
if (ret < 0) {
ret = CyaSSL_get_error(ssl, 0);
ret = wolfSSL_get_error(ssl, 0);
printf("Read error. Error: %d\n", ret);
return EXIT_FAILURE;
}
@ -830,17 +830,17 @@ int ClientGreet(CYASSL* ssl)
Now we need to check for non-blocking in our `Security()` function. To do this, we change:
```c
CyaSSL_set_fd(ssl, sock);
wolfSSL_set_fd(ssl, sock);
ret = CyaSSL_connect(ssl);
ret = wolfSSL_connect(ssl);
if (ret == SSL_SUCCESS) {
ret = ClientGreet(sock, ssl);
}
```
to
```c
CyaSSL_set_fd(ssl, sock);
CyaSSL_set_using_nonblock(ssl, 1);
wolfSSL_set_fd(ssl, sock);
wolfSSL_set_using_nonblock(ssl, 1);
ret = NonBlockConnect(ssl);
if (ret == SSL_SUCCESS) {
ret = ClientGreet(ssl);