WolfSSL
/
wolfssl-examples
mirror of https://github.com/wolfSSL/wolfssl-examples.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #306 from dgarske/pk_tls

pull/308/head
Anthony Hu 2022-03-24 12:40:53 -04:00 committed by GitHub
parent e7e908329c 0cfab1d5e4
commit 67371e3413
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 353 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
certs/ecc-client-keyPub.pem 100644
View File

@ -0,0 +1,4 @@
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEVb/0D0RQmj3Om7fwxU31cHvU7CSO
GYDsWkyiJANiLJva76I1EkOEdhbGVpUGzAGpvfZ1GkL3vamyNiJfx11/tA==
-----END PUBLIC KEY-----

9
certs/server-keyPub.pem 100644
View File

@ -0,0 +1,9 @@
-----BEGIN RSA PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwJUI4VdB8nFtt9JFQScB
ZcZFrvK8JDC4lc4vTtb2HIi8fJ/7qGd//lycUXX3isoH5zUvj+G9e8AvfKtkqBf8
yl17uuAh5XIuby6G2JVz2qwbU7lfP9cZDSVP4WNjUYsLZD+tQ7ilHFw0s64AoGPF
9n8LWWh4c6aMGKkCba/DGQEuuBDjxsxAtGmjRjNph27Euxem8+jdrXO8ey8htf1m
UQy9VLPhbV8cvCNz0QkDiRTSELlkwyrQoZZKvOHUGlvHoMDBY3gPRDcwMpaAMiOV
oXe6E9KXc+JdJclqDcM5YKS0sGlCQgnp2Ai8MyCzWCKnquvE4eZhg8XSlt/Z0E+t
1wIDAQAB
-----END RSA PUBLIC KEY-----

189
tls/client-tls-pkcallback.c
View File

@ -39,6 +39,8 @@
#include <wolfssl/wolfcrypt/sha256.h> #include <wolfssl/wolfcrypt/sha256.h>
#include <wolfssl/wolfcrypt/cryptocb.h> #include <wolfssl/wolfcrypt/cryptocb.h>
#include <wolfssl/wolfcrypt/ecc.h> #include <wolfssl/wolfcrypt/ecc.h>
#include <wolfssl/wolfcrypt/rsa.h>
#include <wolfssl/wolfcrypt/asn.h>
#include <wolfssl/wolfcrypt/error-crypt.h> #include <wolfssl/wolfcrypt/error-crypt.h>
#define DEFAULT_PORT 11111 #define DEFAULT_PORT 11111
@ -47,18 +49,25 @@
#define USE_TLSV13 #define USE_TLSV13
#ifdef USE_ECDHE_ECDSA #ifdef USE_ECDHE_ECDSA
#define CERT_FILE "../certs/client-ecc-cert.pem" #define CERT_FILE "../certs/client-ecc-cert.pem"
#define KEY_FILE "../certs/ecc-client-key.pem" #define KEY_FILE "../certs/ecc-client-key.pem"
#define CA_FILE "../certs/ca-ecc-cert.pem" #define KEYPUB_FILE "../certs/ecc-client-keyPub.pem"
#define CA_FILE "../certs/ca-ecc-cert.pem"
#else #else
#define CERT_FILE "../certs/client-cert.pem" #define CERT_FILE "../certs/client-cert.pem"
#define KEY_FILE "../certs/client-key.pem" #define KEY_FILE "../certs/client-key.pem"
#define CA_FILE "../certs/ca-cert.pem" #define KEYPUB_FILE "../certs/client-keyPub.pem"
#define CA_FILE "../certs/ca-cert.pem"
#endif #endif
typedef struct { typedef struct {
const char* keyFile; const char* keyFile;
ecc_key key; #ifdef HAVE_ECC
ecc_key keyEcc;
#endif
#ifndef NO_RSA
RsaKey keyRsa;
#endif
int state; int state;
} PkCbInfo; } PkCbInfo;
@ -137,6 +146,7 @@ static int load_key_file(const char* fname, byte** derBuf, word32* derLen)
return 0; return 0;
} }
#ifdef HAVE_ECC
/* This function is performing a sign using a private key for testing. In a /* This function is performing a sign using a private key for testing. In a
* real-world use case this would be sent to HSM / TPM hardware for processing * real-world use case this would be sent to HSM / TPM hardware for processing
* and return WC_PENDING_E to give this thread time to do other work */ * and return WC_PENDING_E to give this thread time to do other work */
@ -159,17 +169,18 @@ static int myEccSign(WOLFSSL* ssl, const byte* in, word32 inSz,
ret = load_key_file(cbInfo->keyFile, &keyBuf, &keySz); ret = load_key_file(cbInfo->keyFile, &keyBuf, &keySz);
if (ret == 0) { if (ret == 0) {
ret = wc_ecc_init(&cbInfo->key); ret = wc_ecc_init(&cbInfo->keyEcc);
if (ret == 0) { if (ret == 0) {
word32 idx = 0; word32 idx = 0;
ret = wc_EccPrivateKeyDecode(keyBuf, &idx, &cbInfo->key, keySz); ret = wc_EccPrivateKeyDecode(keyBuf, &idx, &cbInfo->keyEcc, keySz);
if (ret == 0) { if (ret == 0) {
WC_RNG *rng = wolfSSL_GetRNG(ssl); WC_RNG *rng = wolfSSL_GetRNG(ssl);
printf("PK ECC Sign: Curve ID %d\n", cbInfo->key.dp->id); printf("PK ECC Sign: Curve ID %d\n", cbInfo->keyEcc.dp->id);
ret = wc_ecc_sign_hash(in, inSz, out, outSz, rng, &cbInfo->key); ret = wc_ecc_sign_hash(in, inSz, out, outSz, rng,
&cbInfo->keyEcc);
} }
wc_ecc_free(&cbInfo->key); wc_ecc_free(&cbInfo->keyEcc);
} }
} }
free(keyBuf); free(keyBuf);
@ -182,6 +193,122 @@ static int myEccSign(WOLFSSL* ssl, const byte* in, word32 inSz,
return ret; return ret;
} }
#endif
#ifndef NO_RSA
static int myRsaSign(WOLFSSL* ssl, const byte* in, word32 inSz,
byte* out, word32* outSz, const byte* key, word32 keySz, void* ctx)
{
int ret;
word32 idx = 0;
byte* keyBuf = (byte*)key;
PkCbInfo* cbInfo = (PkCbInfo*)ctx;
(void)ssl;
(void)cbInfo;
printf("PK RSA Sign: inSz %u, keySz %u\n", inSz, keySz);
#ifdef WOLFSSL_ASYNC_CRYPT
if (cbInfo->state == 0) {
cbInfo->state++;
printf("PK ECC Sign: Async Simulate\n");
return WC_PENDING_E;
}
#endif
ret = load_key_file(cbInfo->keyFile, &keyBuf, &keySz);
if (ret != 0)
return ret;
ret = wc_InitRsaKey(&cbInfo->keyRsa, NULL);
if (ret == 0) {
ret = wc_RsaPrivateKeyDecode(keyBuf, &idx, &cbInfo->keyRsa, keySz);
if (ret == 0) {
WC_RNG *rng = wolfSSL_GetRNG(ssl);
ret = wc_RsaSSL_Sign(in, inSz, out, *outSz, &cbInfo->keyRsa, rng);
}
if (ret > 0) { /* save and convert to 0 success */
*outSz = ret;
ret = 0;
}
wc_FreeRsaKey(&cbInfo->keyRsa);
}
free(keyBuf);
#ifdef WOLFSSL_ASYNC_CRYPT
cbInfo->state = 0;
#endif
printf("PK RSA Sign: ret %d, outSz %u\n", ret, *outSz);
return ret;
}
#ifdef WC_RSA_PSS
static int myRsaPssSign(WOLFSSL* ssl, const byte* in, word32 inSz,
byte* out, word32* outSz, int hash, int mgf, const byte* key,
word32 keySz, void* ctx)
{
enum wc_HashType hashType = WC_HASH_TYPE_NONE;
int ret;
word32 idx = 0;
byte* keyBuf = (byte*)key;
PkCbInfo* cbInfo = (PkCbInfo*)ctx;
(void)ssl;
(void)cbInfo;
printf("PK RSA PSS Sign: inSz %u, hash %d, mgf %d, keySz %u\n",
inSz, hash, mgf, keySz);
ret = load_key_file(cbInfo->keyFile, &keyBuf, &keySz);
if (ret != 0)
return ret;
switch (hash) {
#ifndef NO_SHA256
case SHA256h:
hashType = WC_HASH_TYPE_SHA256;
break;
#endif
#ifdef WOLFSSL_SHA384
case SHA384h:
hashType = WC_HASH_TYPE_SHA384;
break;
#endif
#ifdef WOLFSSL_SHA512
case SHA512h:
hashType = WC_HASH_TYPE_SHA512;
break;
#endif
default:
hashType = WC_HASH_TYPE_NONE;
break;
}
ret = wc_InitRsaKey(&cbInfo->keyRsa, NULL);
if (ret == 0) {
ret = wc_RsaPrivateKeyDecode(keyBuf, &idx, &cbInfo->keyRsa, keySz);
if (ret == 0) {
WC_RNG *rng = wolfSSL_GetRNG(ssl);
ret = wc_RsaPSS_Sign(in, inSz, out, *outSz, hashType, mgf,
&cbInfo->keyRsa, rng);
}
if (ret > 0) { /* save and convert to 0 success */
*outSz = ret;
ret = 0;
}
wc_FreeRsaKey(&cbInfo->keyRsa);
}
free(keyBuf);
printf("PK RSA PSS Sign: ret %d, outSz %u\n", ret, *outSz);
return ret;
}
#endif
#endif
#endif /* HAVE_PK_CALLBACKS */ #endif /* HAVE_PK_CALLBACKS */
int main(int argc, char** argv) int main(int argc, char** argv)
@ -207,6 +334,13 @@ int main(int argc, char** argv)
return 0; return 0;
} }
#ifndef HAVE_PK_CALLBACKS
printf("Warning: PK not compiled in! Please configure wolfSSL with "
" --enable-pkcallbacks and try again\n");
ret = -1;
goto exit;
#endif
/* Create a socket that uses an internet IPv4 address, /* Create a socket that uses an internet IPv4 address,
* Sets the socket to be stream based (TCP), * Sets the socket to be stream based (TCP),
* 0 means choose the default protocol. */ * 0 means choose the default protocol. */
@ -263,27 +397,32 @@ int main(int argc, char** argv)
} }
#ifdef HAVE_PK_CALLBACKS #ifdef HAVE_PK_CALLBACKS
/* register an ECC sign callback for the long term key */ /* register sign callbacks for the long term key */
#ifdef HAVE_ECC
wolfSSL_CTX_SetEccSignCb(ctx, myEccSign); wolfSSL_CTX_SetEccSignCb(ctx, myEccSign);
#else #endif
printf("Warning: PK not compiled in! Please configure wolfSSL with " #ifndef NO_RSA
" --enable-pkcallbacks and try again\n"); wolfSSL_CTX_SetRsaSignCb(ctx, myRsaSign);
#ifdef WC_RSA_PSS
wolfSSL_CTX_SetRsaPssSignCb(ctx, myRsaPssSign);
#endif
#endif
#endif #endif
/* Mutual Authentication */ /* Mutual Authentication */
/* Load client certificate into WOLFSSL_CTX */ /* Load client certificate into WOLFSSL_CTX */
if ((ret = wolfSSL_CTX_use_certificate_file(ctx, CERT_FILE, WOLFSSL_FILETYPE_PEM)) if ((ret = wolfSSL_CTX_use_certificate_file(ctx, CERT_FILE,
!= WOLFSSL_SUCCESS) { WOLFSSL_FILETYPE_PEM)) != WOLFSSL_SUCCESS) {
fprintf(stderr, "ERROR: failed to load %s, please check the file.\n", fprintf(stderr, "ERROR: failed to load %s, please check the file.\n",
CERT_FILE); CERT_FILE);
goto exit; goto exit;
} }
/* Load client key into WOLFSSL_CTX */ /* Load client key into WOLFSSL_CTX */
if ((ret = wolfSSL_CTX_use_PrivateKey_file(ctx, KEY_FILE, WOLFSSL_FILETYPE_PEM)) if ((ret = wolfSSL_CTX_use_PrivateKey_file(ctx, KEYPUB_FILE,
!= WOLFSSL_SUCCESS) { WOLFSSL_FILETYPE_PEM)) != WOLFSSL_SUCCESS) {
fprintf(stderr, "ERROR: failed to load %s, please check the file.\n", fprintf(stderr, "ERROR: failed to load %s, please check the file.\n",
KEY_FILE); KEYPUB_FILE);
goto exit; goto exit;
} }
@ -313,7 +452,15 @@ int main(int argc, char** argv)
#ifdef HAVE_PK_CALLBACKS #ifdef HAVE_PK_CALLBACKS
/* setup the PK context */ /* setup the PK context */
#ifdef HAVE_ECC
wolfSSL_SetEccSignCtx(ssl, &myCtx); wolfSSL_SetEccSignCtx(ssl, &myCtx);
#endif
#ifndef NO_RSA
wolfSSL_SetRsaSignCtx(ssl, &myCtx);
#ifdef WC_RSA_PSS
wolfSSL_SetRsaPssSignCtx(ssl, &myCtx);
#endif
#endif
#else #else
(void)myCtx; /* not used */ (void)myCtx; /* not used */
#endif #endif

198
tls/server-tls-pkcallback.c
View File

@ -39,6 +39,8 @@
#include <wolfssl/wolfcrypt/sha256.h> #include <wolfssl/wolfcrypt/sha256.h>
#include <wolfssl/wolfcrypt/cryptocb.h> #include <wolfssl/wolfcrypt/cryptocb.h>
#include <wolfssl/wolfcrypt/ecc.h> #include <wolfssl/wolfcrypt/ecc.h>
#include <wolfssl/wolfcrypt/rsa.h>
#include <wolfssl/wolfcrypt/asn.h>
#include <wolfssl/wolfcrypt/error-crypt.h> #include <wolfssl/wolfcrypt/error-crypt.h>
#define DEFAULT_PORT 11111 #define DEFAULT_PORT 11111
@ -47,18 +49,25 @@
#define USE_TLSV13 #define USE_TLSV13
#ifdef USE_ECDHE_ECDSA #ifdef USE_ECDHE_ECDSA
#define CERT_FILE "../certs/server-ecc.pem" #define CERT_FILE "../certs/server-ecc.pem"
#define KEY_FILE "../certs/ecc-key.pem" #define KEY_FILE "../certs/ecc-key.pem"
#define CA_FILE "../certs/client-ecc-cert.pem" #define KEYPUB_FILE "../certs/ecc-keyPub.pem"
#define CA_FILE "../certs/client-ecc-cert.pem"
#else #else
#define CERT_FILE "../certs/server-cert.pem" #define CERT_FILE "../certs/server-cert.pem"
#define KEY_FILE "../certs/server-key.pem" #define KEY_FILE "../certs/server-key.pem"
#define CA_FILE "../certs/client-cert.pem" #define KEYPUB_FILE "../certs/server-keyPub.pem"
#define CA_FILE "../certs/client-cert.pem"
#endif #endif
typedef struct { typedef struct {
const char* keyFile; const char* keyFile;
ecc_key key; #ifdef HAVE_ECC
ecc_key keyEcc;
#endif
#ifndef NO_RSA
RsaKey keyRsa;
#endif
int state; int state;
} PkCbInfo; } PkCbInfo;
@ -137,6 +146,7 @@ static int load_key_file(const char* fname, byte** derBuf, word32* derLen)
return 0; return 0;
} }
#ifdef HAVE_ECC
/* This function is performing a sign using a private key for testing. In a /* This function is performing a sign using a private key for testing. In a
* real-world use case this would be sent to HSM / TPM hardware for processing * real-world use case this would be sent to HSM / TPM hardware for processing
* and return WC_PENDING_E to give this thread time to do other work */ * and return WC_PENDING_E to give this thread time to do other work */
@ -159,17 +169,18 @@ static int myEccSign(WOLFSSL* ssl, const byte* in, word32 inSz,
ret = load_key_file(cbInfo->keyFile, &keyBuf, &keySz); ret = load_key_file(cbInfo->keyFile, &keyBuf, &keySz);
if (ret == 0) { if (ret == 0) {
ret = wc_ecc_init(&cbInfo->key); ret = wc_ecc_init(&cbInfo->keyEcc);
if (ret == 0) { if (ret == 0) {
word32 idx = 0; word32 idx = 0;
ret = wc_EccPrivateKeyDecode(keyBuf, &idx, &cbInfo->key, keySz); ret = wc_EccPrivateKeyDecode(keyBuf, &idx, &cbInfo->keyEcc, keySz);
if (ret == 0) { if (ret == 0) {
WC_RNG *rng = wolfSSL_GetRNG(ssl); WC_RNG *rng = wolfSSL_GetRNG(ssl);
printf("PK ECC Sign: Curve ID %d\n", cbInfo->key.dp->id); printf("PK ECC Sign: Curve ID %d\n", cbInfo->keyEcc.dp->id);
ret = wc_ecc_sign_hash(in, inSz, out, outSz, rng, &cbInfo->key); ret = wc_ecc_sign_hash(in, inSz, out, outSz, rng,
&cbInfo->keyEcc);
} }
wc_ecc_free(&cbInfo->key); wc_ecc_free(&cbInfo->keyEcc);
} }
} }
free(keyBuf); free(keyBuf);
@ -181,6 +192,122 @@ static int myEccSign(WOLFSSL* ssl, const byte* in, word32 inSz,
return ret; return ret;
} }
#endif
#ifndef NO_RSA
static int myRsaSign(WOLFSSL* ssl, const byte* in, word32 inSz,
byte* out, word32* outSz, const byte* key, word32 keySz, void* ctx)
{
int ret;
word32 idx = 0;
byte* keyBuf = (byte*)key;
PkCbInfo* cbInfo = (PkCbInfo*)ctx;
(void)ssl;
(void)cbInfo;
printf("PK RSA Sign: inSz %u, keySz %u\n", inSz, keySz);
#ifdef WOLFSSL_ASYNC_CRYPT
if (cbInfo->state == 0) {
cbInfo->state++;
printf("PK ECC Sign: Async Simulate\n");
return WC_PENDING_E;
}
#endif
ret = load_key_file(cbInfo->keyFile, &keyBuf, &keySz);
if (ret != 0)
return ret;
ret = wc_InitRsaKey(&cbInfo->keyRsa, NULL);
if (ret == 0) {
ret = wc_RsaPrivateKeyDecode(keyBuf, &idx, &cbInfo->keyRsa, keySz);
if (ret == 0) {
WC_RNG *rng = wolfSSL_GetRNG(ssl);
ret = wc_RsaSSL_Sign(in, inSz, out, *outSz, &cbInfo->keyRsa, rng);
}
if (ret > 0) { /* save and convert to 0 success */
*outSz = ret;
ret = 0;
}
wc_FreeRsaKey(&cbInfo->keyRsa);
}
free(keyBuf);
#ifdef WOLFSSL_ASYNC_CRYPT
cbInfo->state = 0;
#endif
printf("PK RSA Sign: ret %d, outSz %u\n", ret, *outSz);
return ret;
}
#ifdef WC_RSA_PSS
static int myRsaPssSign(WOLFSSL* ssl, const byte* in, word32 inSz,
byte* out, word32* outSz, int hash, int mgf, const byte* key,
word32 keySz, void* ctx)
{
enum wc_HashType hashType = WC_HASH_TYPE_NONE;
int ret;
word32 idx = 0;
byte* keyBuf = (byte*)key;
PkCbInfo* cbInfo = (PkCbInfo*)ctx;
(void)ssl;
(void)cbInfo;
printf("PK RSA PSS Sign: inSz %u, hash %d, mgf %d, keySz %u\n",
inSz, hash, mgf, keySz);
ret = load_key_file(cbInfo->keyFile, &keyBuf, &keySz);
if (ret != 0)
return ret;
switch (hash) {
#ifndef NO_SHA256
case SHA256h:
hashType = WC_HASH_TYPE_SHA256;
break;
#endif
#ifdef WOLFSSL_SHA384
case SHA384h:
hashType = WC_HASH_TYPE_SHA384;
break;
#endif
#ifdef WOLFSSL_SHA512
case SHA512h:
hashType = WC_HASH_TYPE_SHA512;
break;
#endif
default:
hashType = WC_HASH_TYPE_NONE;
break;
}
ret = wc_InitRsaKey(&cbInfo->keyRsa, NULL);
if (ret == 0) {
ret = wc_RsaPrivateKeyDecode(keyBuf, &idx, &cbInfo->keyRsa, keySz);
if (ret == 0) {
WC_RNG *rng = wolfSSL_GetRNG(ssl);
ret = wc_RsaPSS_Sign(in, inSz, out, *outSz, hashType, mgf,
&cbInfo->keyRsa, rng);
}
if (ret > 0) { /* save and convert to 0 success */
*outSz = ret;
ret = 0;
}
wc_FreeRsaKey(&cbInfo->keyRsa);
}
free(keyBuf);
printf("PK RSA PSS Sign: ret %d, outSz %u\n", ret, *outSz);
return ret;
}
#endif
#endif
#endif /* HAVE_PK_CALLBACKS */ #endif /* HAVE_PK_CALLBACKS */
int main(int argc, char** argv) int main(int argc, char** argv)
@ -206,6 +333,13 @@ int main(int argc, char** argv)
WOLFSSL_CTX* ctx = NULL; WOLFSSL_CTX* ctx = NULL;
WOLFSSL* ssl = NULL; WOLFSSL* ssl = NULL;
#ifndef HAVE_PK_CALLBACKS
printf("Warning: PK not compiled in! Please configure wolfSSL with "
" --enable-pkcallbacks and try again\n");
ret = -1;
goto exit;
#endif
/* Initialize the server address struct with zeros */ /* Initialize the server address struct with zeros */
memset(&servAddr, 0, sizeof(servAddr)); memset(&servAddr, 0, sizeof(servAddr));
@ -271,19 +405,32 @@ int main(int argc, char** argv)
goto exit; goto exit;
} }
#ifdef HAVE_PK_CALLBACKS
/* register sign callbacks for the long term key */
#ifdef HAVE_ECC
wolfSSL_CTX_SetEccSignCb(ctx, myEccSign);
#endif
#ifndef NO_RSA
wolfSSL_CTX_SetRsaSignCb(ctx, myRsaSign);
#ifdef WC_RSA_PSS
wolfSSL_CTX_SetRsaPssSignCb(ctx, myRsaPssSign);
#endif
#endif
#endif
/* Load server certificates into WOLFSSL_CTX */ /* Load server certificates into WOLFSSL_CTX */
if ((ret = wolfSSL_CTX_use_certificate_file(ctx, CERT_FILE, SSL_FILETYPE_PEM)) if ((ret = wolfSSL_CTX_use_certificate_file(ctx, CERT_FILE,
!= WOLFSSL_SUCCESS) { WOLFSSL_FILETYPE_PEM)) != WOLFSSL_SUCCESS) {
fprintf(stderr, "ERROR: failed to load %s, please check the file.\n", fprintf(stderr, "ERROR: failed to load %s, please check the file.\n",
CERT_FILE); CERT_FILE);
goto exit; goto exit;
} }
/* Load server key into WOLFSSL_CTX */ /* Load server key into WOLFSSL_CTX */
if ((ret = wolfSSL_CTX_use_PrivateKey_file(ctx, KEY_FILE, SSL_FILETYPE_PEM)) if ((ret = wolfSSL_CTX_use_PrivateKey_file(ctx, KEYPUB_FILE,
!= WOLFSSL_SUCCESS) { WOLFSSL_FILETYPE_PEM)) != WOLFSSL_SUCCESS) {
fprintf(stderr, "ERROR: failed to load %s, please check the file.\n", fprintf(stderr, "ERROR: failed to load %s, please check the file.\n",
KEY_FILE); KEYPUB_FILE);
goto exit; goto exit;
} }
@ -299,15 +446,6 @@ int main(int argc, char** argv)
wolfSSL_CTX_set_verify(ctx, wolfSSL_CTX_set_verify(ctx,
WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL); WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL);
#ifdef HAVE_PK_CALLBACKS
/* register an ECC sign callback for the long term key */
wolfSSL_CTX_SetEccSignCb(ctx, myEccSign);
#else
printf("Warning: PK not compiled in! Please configure wolfSSL with "
" --enable-pkcallbacks and try again\n");
#endif
/* Continue to accept clients until shutdown is issued */ /* Continue to accept clients until shutdown is issued */
while (!shutdown) { while (!shutdown) {
printf("Waiting for a connection...\n"); printf("Waiting for a connection...\n");
@ -332,7 +470,15 @@ int main(int argc, char** argv)
#ifdef HAVE_PK_CALLBACKS #ifdef HAVE_PK_CALLBACKS
/* setup the PK context */ /* setup the PK context */
#ifdef HAVE_ECC
wolfSSL_SetEccSignCtx(ssl, &myCtx); wolfSSL_SetEccSignCtx(ssl, &myCtx);
#endif
#ifndef NO_RSA
wolfSSL_SetRsaSignCtx(ssl, &myCtx);
#ifdef WC_RSA_PSS
wolfSSL_SetRsaPssSignCtx(ssl, &myCtx);
#endif
#endif
#else #else
(void)myCtx; /* not used */ (void)myCtx; /* not used */
#endif #endif