WolfSSL
/
wolfssl-examples
mirror of https://github.com/wolfSSL/wolfssl-examples.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #8 from NickolasLapp/tls 

(NickolasLapp) Updated tls from cyassl to wolfssl, updating headers
pull/11/head
Kaleb Joseph Himes 2015-06-27 19:27:00 -06:00
parent b42f9bc864 336ba1515d
commit 8318b22d28
11 changed files with 423 additions and 427 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

88
tls/client-callback.c
View File

@ -1,15 +1,15 @@
/* client.c /* client-callback.c
* *
* Copyright (C) 2006-2014 wolfSSL Inc. * Copyright (C) 2006-2015 wolfSSL Inc.
* *
* This file is part of CyaSSL. * This file is part of wolfSSL. (formerly known as CyaSSL)
* *
* CyaSSL is free software; you can redistribute it and/or modify * wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version. * (at your option) any later version.
* *
* CyaSSL is distributed in the hope that it will be useful, * wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of * but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details. * GNU General Public License for more details.
@ -23,11 +23,11 @@
#include <config.h> #include <config.h>
#endif #endif
#include <cyassl/ctaocrypt/settings.h> #include <wolfssl/wolfcrypt/settings.h>
#include <cyassl/options.h> #include <wolfssl/options.h>
#include <cyassl/ssl.h> #include <wolfssl/ssl.h>
#include <cyassl/test.h> #include <wolfssl/test.h>
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
@ -64,7 +64,7 @@
* function with specific parameters : inbetween process of receiving msg * function with specific parameters : inbetween process of receiving msg
* based from embeded receive in src/io.c * based from embeded receive in src/io.c
*/ */
int CbIORecv(CYASSL *ssl, char *buf, int sz, void *ctx) int CbIORecv(WOLFSSL *ssl, char *buf, int sz, void *ctx)
{ {
int recvd; int recvd;
int sd = *(int*)ctx; int sd = *(int*)ctx;
@ -73,39 +73,39 @@ int CbIORecv(CYASSL *ssl, char *buf, int sz, void *ctx)
if (recvd < 0) { if (recvd < 0) {
if (errno == SOCKET_EWOULDBLOCK || errno == SOCKET_EAGAIN) { if (errno == SOCKET_EWOULDBLOCK || errno == SOCKET_EAGAIN) {
if (!CyaSSL_dtls(ssl) || CyaSSL_get_using_nonblock(ssl)) { if (!wolfSSL_dtls(ssl) || wolfSSL_get_using_nonblock(ssl)) {
printf(" Would block\n"); printf(" Would block\n");
return CYASSL_CBIO_ERR_WANT_READ; return WOLFSSL_CBIO_ERR_WANT_READ;
} }
else { else {
printf("Socket timeout\n"); printf("Socket timeout\n");
return CYASSL_CBIO_ERR_TIMEOUT; return WOLFSSL_CBIO_ERR_TIMEOUT;
} }
} }
else if (errno == SOCKET_ECONNRESET) { else if (errno == SOCKET_ECONNRESET) {
printf("Connection reset\n"); printf("Connection reset\n");
return CYASSL_CBIO_ERR_CONN_RST; return WOLFSSL_CBIO_ERR_CONN_RST;
} }
else if (errno == SOCKET_EINTR) { else if (errno == SOCKET_EINTR) {
printf("Socket interrupted\n"); printf("Socket interrupted\n");
return CYASSL_CBIO_ERR_ISR; return WOLFSSL_CBIO_ERR_ISR;
} }
else if (errno == SOCKET_ECONNREFUSED) { else if (errno == SOCKET_ECONNREFUSED) {
printf("Connection refused\n"); printf("Connection refused\n");
return CYASSL_CBIO_ERR_WANT_READ; return WOLFSSL_CBIO_ERR_WANT_READ;
} }
else if (errno == SOCKET_ECONNABORTED) { else if (errno == SOCKET_ECONNABORTED) {
printf("Connection aborted\n"); printf("Connection aborted\n");
return CYASSL_CBIO_ERR_CONN_CLOSE; return WOLFSSL_CBIO_ERR_CONN_CLOSE;
} }
else { else {
printf("General error\n"); printf("General error\n");
return CYASSL_CBIO_ERR_GENERAL; return WOLFSSL_CBIO_ERR_GENERAL;
} }
} }
else if (recvd == 0) { else if (recvd == 0) {
printf("Embed receive connection closed\n"); printf("Embed receive connection closed\n");
return CYASSL_CBIO_ERR_CONN_CLOSE; return WOLFSSL_CBIO_ERR_CONN_CLOSE;
} }
printf("Received %d bytes\n", sz); printf("Received %d bytes\n", sz);
@ -118,7 +118,7 @@ int CbIORecv(CYASSL *ssl, char *buf, int sz, void *ctx)
*function with specific parameters : inbetween process of sending out msg *function with specific parameters : inbetween process of sending out msg
*based from embeded receive in src/io.c *based from embeded receive in src/io.c
*/ */
int CbIOSend(CYASSL *ssl, char *buf, int sz, void *ctx) int CbIOSend(WOLFSSL *ssl, char *buf, int sz, void *ctx)
{ {
int sd = *(int*)ctx; int sd = *(int*)ctx;
int sent; int sent;
@ -130,23 +130,23 @@ int CbIOSend(CYASSL *ssl, char *buf, int sz, void *ctx)
printf("IO Send error\n"); printf("IO Send error\n");
if (errno == SOCKET_EWOULDBLOCK || errno == SOCKET_EAGAIN) { if (errno == SOCKET_EWOULDBLOCK || errno == SOCKET_EAGAIN) {
printf("Would Block\n"); printf("Would Block\n");
return CYASSL_CBIO_ERR_WANT_WRITE; return WOLFSSL_CBIO_ERR_WANT_WRITE;
} }
else if (errno == SOCKET_ECONNRESET) { else if (errno == SOCKET_ECONNRESET) {
printf("Connection reset\n"); printf("Connection reset\n");
return CYASSL_CBIO_ERR_CONN_RST; return WOLFSSL_CBIO_ERR_CONN_RST;
} }
else if (errno == SOCKET_EINTR) { else if (errno == SOCKET_EINTR) {
printf("Socket interrupted\n"); printf("Socket interrupted\n");
return CYASSL_CBIO_ERR_ISR; return WOLFSSL_CBIO_ERR_ISR;
} }
else if (errno == SOCKET_EPIPE) { else if (errno == SOCKET_EPIPE) {
printf("Socket EPIPE\n"); printf("Socket EPIPE\n");
return CYASSL_CBIO_ERR_CONN_CLOSE; return WOLFSSL_CBIO_ERR_CONN_CLOSE;
} }
else { else {
printf("General error\n"); printf("General error\n");
return CYASSL_CBIO_ERR_GENERAL; return WOLFSSL_CBIO_ERR_GENERAL;
} }
} }
@ -159,42 +159,42 @@ int CbIOSend(CYASSL *ssl, char *buf, int sz, void *ctx)
int Client(const char* ip, word16 port) int Client(const char* ip, word16 port)
{ {
int n; int n;
char msg[] = "hello cyassl"; char msg[] = "hello wolfssl";
char reply[MAXSZ]; char reply[MAXSZ];
int msgSz = strlen(msg); int msgSz = strlen(msg);
SOCKET_T fd; SOCKET_T fd;
CYASSL_CTX* ctx; WOLFSSL_CTX* ctx;
CYASSL* ssl; WOLFSSL* ssl;
if ((ctx = CyaSSL_CTX_new(CyaTLSv1_2_client_method())) == NULL) if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL)
err_sys("Error in setting client ctx\n"); err_sys("Error in setting client ctx\n");
if (CyaSSL_CTX_load_verify_locations(ctx, caCert, 0) != SSL_SUCCESS) if (wolfSSL_CTX_load_verify_locations(ctx, caCert, 0) != SSL_SUCCESS)
err_sys("trouble loading client cert"); err_sys("trouble loading client cert");
if (CyaSSL_CTX_use_certificate_file(ctx, cliCert, SSL_FILETYPE_PEM) if (wolfSSL_CTX_use_certificate_file(ctx, cliCert, SSL_FILETYPE_PEM)
!= SSL_SUCCESS) != SSL_SUCCESS)
err_sys("trouble loading client cert"); err_sys("trouble loading client cert");
if (CyaSSL_CTX_use_PrivateKey_file(ctx, cliKey, SSL_FILETYPE_PEM) if (wolfSSL_CTX_use_PrivateKey_file(ctx, cliKey, SSL_FILETYPE_PEM)
!= SSL_SUCCESS) != SSL_SUCCESS)
err_sys("trouble loading client cert"); err_sys("trouble loading client cert");
/*sets the IO callback methods*/ /*sets the IO callback methods*/
CyaSSL_SetIORecv(ctx, CbIORecv); wolfSSL_SetIORecv(ctx, CbIORecv);
CyaSSL_SetIOSend(ctx, CbIOSend); wolfSSL_SetIOSend(ctx, CbIOSend);
if ((ssl = CyaSSL_new(ctx)) == NULL) if ((ssl = wolfSSL_new(ctx)) == NULL)
err_sys("issue when creating ssl"); err_sys("issue when creating ssl");
tcp_connect(&fd, ip, port, 0); tcp_connect(&fd, ip, port, 0);
CyaSSL_set_fd(ssl, fd); wolfSSL_set_fd(ssl, fd);
if (CyaSSL_connect(ssl) != SSL_SUCCESS) if (wolfSSL_connect(ssl) != SSL_SUCCESS)
err_sys("client connect failed"); err_sys("client connect failed");
if (CyaSSL_write(ssl, msg, msgSz) != msgSz) if (wolfSSL_write(ssl, msg, msgSz) != msgSz)
err_sys("client write failed"); err_sys("client write failed");
memset(reply, 0, MAXSZ); memset(reply, 0, MAXSZ);
if ((n = CyaSSL_read(ssl, reply, MAXSZ - 1)) > 0) { if ((n = wolfSSL_read(ssl, reply, MAXSZ - 1)) > 0) {
reply[n] = '\0'; reply[n] = '\0';
} }
else { else {
@ -203,9 +203,9 @@ int Client(const char* ip, word16 port)
} }
printf("Server sent : %s\n", reply); printf("Server sent : %s\n", reply);
CyaSSL_shutdown(ssl); wolfSSL_shutdown(ssl);
CyaSSL_free(ssl); wolfSSL_free(ssl);
CyaSSL_CTX_free(ctx); wolfSSL_CTX_free(ctx);
return 0; return 0;
} }
@ -220,7 +220,7 @@ int main(int argc, char* argv[])
return 1; return 1;
} }
CyaSSL_Init(); wolfSSL_Init();
if (argc < 3) { if (argc < 3) {
if (Client(argv[1], YASSLPORT) != 0) if (Client(argv[1], YASSLPORT) != 0)
err_sys("error creating client"); err_sys("error creating client");
@ -229,7 +229,7 @@ int main(int argc, char* argv[])
if (Client(argv[1], (word16)atoi(argv[2])) != 0) if (Client(argv[1], (word16)atoi(argv[2])) != 0)
err_sys("error creating client"); err_sys("error creating client");
} }
CyaSSL_Cleanup(); wolfSSL_Cleanup();
return 0; return 0;
} }

8
tls/client-tcp.c
View File

@ -1,15 +1,15 @@
/* client-tcp.c /* client-tcp.c
* *
* Copyright (C) 2006-2014 wolfSSL Inc. * Copyright (C) 2006-2015 wolfSSL Inc.
* *
* This file is part of CyaSSL. * This file is part of wolfSSL. (formerly known as CyaSSL)
* *
* CyaSSL is free software; you can redistribute it and/or modify * wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version. * (at your option) any later version.
* *
* CyaSSL is distributed in the hope that it will be useful, * wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of * but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details. * GNU General Public License for more details.

66
tls/client-tls-nonblocking.c
View File

@ -1,15 +1,15 @@
/* client-tls-nonblocking.c /* client-tls-nonblocking.c
* *
* Copyright (C) 2006-2014 wolfSSL Inc. * Copyright (C) 2006-2015 wolfSSL Inc.
* *
* This file is part of CyaSSL. * This file is part of wolfSSL. (formerly known as CyaSSL)
* *
* CyaSSL is free software; you can redistribute it and/or modify * wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version. * (at your option) any later version.
* *
* CyaSSL is distributed in the hope that it will be useful, * wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of * but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details. * GNU General Public License for more details.
@ -23,7 +23,7 @@
#include <string.h> #include <string.h>
#include <errno.h> #include <errno.h>
#include <arpa/inet.h> #include <arpa/inet.h>
#include <cyassl/ssl.h> /* CyaSSL security library */ #include <wolfssl/ssl.h> /* wolfSSL security library */
#include <fcntl.h> /* nonblocking I/O library */ #include <fcntl.h> /* nonblocking I/O library */
#include <sys/select.h> #include <sys/select.h>
@ -67,12 +67,12 @@ static inline int tcp_select(int socketfd, int to_sec)
return TEST_SELECT_FAIL; return TEST_SELECT_FAIL;
} }
int NonBlockConnect(CYASSL* ssl) int NonBlockConnect(WOLFSSL* ssl)
{ {
int ret = CyaSSL_connect(ssl); int ret = wolfSSL_connect(ssl);
int error = CyaSSL_get_error(ssl, 0); int error = wolfSSL_get_error(ssl, 0);
int sockfd = (int)CyaSSL_get_fd(ssl); int sockfd = (int)wolfSSL_get_fd(ssl);
int select_ret; int select_ret;
while (ret != SSL_SUCCESS && (error == SSL_ERROR_WANT_READ || while (ret != SSL_SUCCESS && (error == SSL_ERROR_WANT_READ ||
@ -88,8 +88,8 @@ int NonBlockConnect(CYASSL* ssl)
if ((select_ret == TEST_RECV_READY) || if ((select_ret == TEST_RECV_READY) ||
(select_ret == TEST_ERROR_READY)) { (select_ret == TEST_ERROR_READY)) {
ret = CyaSSL_connect(ssl); ret = wolfSSL_connect(ssl);
error = CyaSSL_get_error(ssl, 0); error = wolfSSL_get_error(ssl, 0);
} }
else if (select_ret == TEST_TIMEOUT) { else if (select_ret == TEST_TIMEOUT) {
error = SSL_ERROR_WANT_READ; error = SSL_ERROR_WANT_READ;
@ -108,7 +108,7 @@ int NonBlockConnect(CYASSL* ssl)
/* /*
* clients initial contact with server. (socket to connect, security layer) * clients initial contact with server. (socket to connect, security layer)
*/ */
int ClientGreet(CYASSL* ssl) int ClientGreet(WOLFSSL* ssl)
{ {
/* data to send to the server, data recieved from the server */ /* data to send to the server, data recieved from the server */
char sendBuff[MAXDATASIZE], rcvBuff[MAXDATASIZE] = {0}; char sendBuff[MAXDATASIZE], rcvBuff[MAXDATASIZE] = {0};
@ -118,25 +118,25 @@ int count = 0;
printf("Message for server:\t"); printf("Message for server:\t");
fgets(sendBuff, MAXDATASIZE, stdin); fgets(sendBuff, MAXDATASIZE, stdin);
if (CyaSSL_write(ssl, sendBuff, strlen(sendBuff)) != strlen(sendBuff)) { if (wolfSSL_write(ssl, sendBuff, strlen(sendBuff)) != strlen(sendBuff)) {
/* the message is not able to send, or error trying */ /* the message is not able to send, or error trying */
ret = CyaSSL_get_error(ssl, 0); ret = wolfSSL_get_error(ssl, 0);
printf("Write error: Error: %d\n", ret); printf("Write error: Error: %d\n", ret);
return EXIT_FAILURE; return EXIT_FAILURE;
} }
ret = CyaSSL_read(ssl, rcvBuff, MAXDATASIZE); ret = wolfSSL_read(ssl, rcvBuff, MAXDATASIZE);
if (ret <= 0) { if (ret <= 0) {
/* the server failed to send data, or error trying */ /* the server failed to send data, or error trying */
ret = CyaSSL_get_error(ssl, 0); ret = wolfSSL_get_error(ssl, 0);
while (ret == SSL_ERROR_WANT_READ) { while (ret == SSL_ERROR_WANT_READ) {
count++; count++;
ret = CyaSSL_read(ssl, rcvBuff, MAXDATASIZE); ret = wolfSSL_read(ssl, rcvBuff, MAXDATASIZE);
ret = CyaSSL_get_error(ssl, 0); ret = wolfSSL_get_error(ssl, 0);
} }
printf("counter %d\n", count); printf("counter %d\n", count);
if (ret < 0) { if (ret < 0) {
ret = CyaSSL_get_error(ssl, 0); ret = wolfSSL_get_error(ssl, 0);
printf("Read error. Error: %d\n", ret); printf("Read error. Error: %d\n", ret);
return EXIT_FAILURE; return EXIT_FAILURE;
} }
@ -151,40 +151,40 @@ printf("counter %d\n", count);
*/ */
int Security(int sock) int Security(int sock)
{ {
CYASSL_CTX* ctx; WOLFSSL_CTX* ctx;
CYASSL* ssl; /* create CYASSL object */ WOLFSSL* ssl; /* create WOLFSSL object */
int ret = 0; int ret = 0;
CyaSSL_Init(); /* initialize CyaSSL */ wolfSSL_Init(); /* initialize wolfSSL */
/* create and initiLize CYASSL_CTX structure */ /* create and initiLize WOLFSSL_CTX structure */
if ((ctx = CyaSSL_CTX_new(CyaTLSv1_2_client_method())) == NULL) { if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL) {
printf("SSL_CTX_new error.\n"); printf("SSL_CTX_new error.\n");
return EXIT_FAILURE; return EXIT_FAILURE;
} }
/* load CA certificates into CyaSSL_CTX. which will verify the server */ /* load CA certificates into wolfSSL_CTX. which will verify the server */
if (CyaSSL_CTX_load_verify_locations(ctx, cert, 0) != if (wolfSSL_CTX_load_verify_locations(ctx, cert, 0) !=
SSL_SUCCESS) { SSL_SUCCESS) {
printf("Error loading %s. Please check the file.\n", cert); printf("Error loading %s. Please check the file.\n", cert);
return EXIT_FAILURE; return EXIT_FAILURE;
} }
if ((ssl = CyaSSL_new(ctx)) == NULL) { if ((ssl = wolfSSL_new(ctx)) == NULL) {
printf("CyaSSL_new error.\n"); printf("wolfSSL_new error.\n");
return EXIT_FAILURE; return EXIT_FAILURE;
} }
CyaSSL_set_fd(ssl, sock); wolfSSL_set_fd(ssl, sock);
CyaSSL_set_using_nonblock(ssl, 1); wolfSSL_set_using_nonblock(ssl, 1);
ret = NonBlockConnect(ssl); ret = NonBlockConnect(ssl);
if (ret == SSL_SUCCESS) { if (ret == SSL_SUCCESS) {
ret = ClientGreet(ssl); ret = ClientGreet(ssl);
} }
/* frees all data before client termination */ /* frees all data before client termination */
CyaSSL_free(ssl); wolfSSL_free(ssl);
CyaSSL_CTX_free(ctx); wolfSSL_CTX_free(ctx);
CyaSSL_Cleanup(); wolfSSL_Cleanup();
return ret; return ret;
} }

72
tls/client-tls-resume.c
View File

@ -1,15 +1,15 @@
/* client-tls-resume.c /* client-tls-resume.c
* *
* Copyright (C) 2006-2014 wolfSSL Inc. * Copyright (C) 2006-2015 wolfSSL Inc.
* *
* This file is part of CyaSSL. * This file is part of wolfSSL. (formerly known as CyaSSL)
* *
* CyaSSL is free software; you can redistribute it and/or modify * wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version. * (at your option) any later version.
* *
* CyaSSL is distributed in the hope that it will be useful, * wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of * but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details. * GNU General Public License for more details.
@ -24,7 +24,7 @@
#include <string.h> #include <string.h>
#include <errno.h> #include <errno.h>
#include <arpa/inet.h> #include <arpa/inet.h>
#include <cyassl/ssl.h> /* CyaSSL security library */ #include <wolfssl/ssl.h> /* wolfSSL security library */
#define MAXDATASIZE 4096 /* maximum acceptable amount of data */ #define MAXDATASIZE 4096 /* maximum acceptable amount of data */
#define SERV_PORT 11111 /* define default port number */ #define SERV_PORT 11111 /* define default port number */
@ -34,7 +34,7 @@ const char* cert = "../certs/ca-cert.pem";
/* /*
* clients initial contact with server. (socket to connect, security layer) * clients initial contact with server. (socket to connect, security layer)
*/ */
int ClientGreet(int sock, CYASSL* ssl) int ClientGreet(int sock, WOLFSSL* ssl)
{ {
/* data to send to the server, data recieved from the server */ /* data to send to the server, data recieved from the server */
char sendBuff[MAXDATASIZE], rcvBuff[MAXDATASIZE] = {0}; char sendBuff[MAXDATASIZE], rcvBuff[MAXDATASIZE] = {0};
@ -43,16 +43,16 @@ int ClientGreet(int sock, CYASSL* ssl)
printf("Message for server:\t"); printf("Message for server:\t");
fgets(sendBuff, MAXDATASIZE, stdin); fgets(sendBuff, MAXDATASIZE, stdin);
if (CyaSSL_write(ssl, sendBuff, strlen(sendBuff)) != strlen(sendBuff)) { if (wolfSSL_write(ssl, sendBuff, strlen(sendBuff)) != strlen(sendBuff)) {
/* the message is not able to send, or error trying */ /* the message is not able to send, or error trying */
ret = CyaSSL_get_error(ssl, 0); ret = wolfSSL_get_error(ssl, 0);
printf("Write error: Error: %i\n", ret); printf("Write error: Error: %i\n", ret);
return EXIT_FAILURE; return EXIT_FAILURE;
} }
if (CyaSSL_read(ssl, rcvBuff, MAXDATASIZE) == 0) { if (wolfSSL_read(ssl, rcvBuff, MAXDATASIZE) == 0) {
/* the server failed to send data, or error trying */ /* the server failed to send data, or error trying */
ret = CyaSSL_get_error(ssl, 0); ret = wolfSSL_get_error(ssl, 0);
printf("Read error. Error: %i\n", ret); printf("Read error. Error: %i\n", ret);
return EXIT_FAILURE; return EXIT_FAILURE;
} }
@ -66,35 +66,35 @@ int ClientGreet(int sock, CYASSL* ssl)
*/ */
int Security(int sock, struct sockaddr_in addr) int Security(int sock, struct sockaddr_in addr)
{ {
CYASSL_CTX* ctx; /* cyassl context */ WOLFSSL_CTX* ctx; /* wolfssl context */
CYASSL* ssl; /* create CYASSL object */ WOLFSSL* ssl; /* create WOLFSSL object */
CYASSL_SESSION* session = 0;/* cyassl session */ WOLFSSL_SESSION* session = 0;/* wolfssl session */
CYASSL* sslResume; /* create CYASSL object for connection loss */ WOLFSSL* sslResume; /* create WOLFSSL object for connection loss */
int ret; int ret;
CyaSSL_Init(); /* initialize CyaSSL (must be done first) */ wolfSSL_Init(); /* initialize wolfSSL (must be done first) */
/* create and initiLize CYASSL_CTX structure */ /* create and initiLize WOLFSSL_CTX structure */
if ((ctx = CyaSSL_CTX_new(CyaTLSv1_2_client_method())) == NULL) { if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL) {
printf("SSL_CTX_new error.\n"); printf("SSL_CTX_new error.\n");
return EXIT_FAILURE; return EXIT_FAILURE;
} }
/* load CA certificates into CyaSSL_CTX. which will verify the server */ /* load CA certificates into wolfSSL_CTX. which will verify the server */
if (CyaSSL_CTX_load_verify_locations(ctx, cert, 0) != SSL_SUCCESS) { if (wolfSSL_CTX_load_verify_locations(ctx, cert, 0) != SSL_SUCCESS) {
printf("Error loading %s. Please check the file.\n", cert); printf("Error loading %s. Please check the file.\n", cert);
return EXIT_FAILURE; return EXIT_FAILURE;
} }
if ((ssl = CyaSSL_new(ctx)) == NULL) { if ((ssl = wolfSSL_new(ctx)) == NULL) {
printf("CyaSSL_new error.\n"); printf("wolfSSL_new error.\n");
return EXIT_FAILURE; return EXIT_FAILURE;
} }
CyaSSL_set_fd(ssl, sock); wolfSSL_set_fd(ssl, sock);
/* connects to CyaSSL */ /* connects to wolfSSL */
ret = CyaSSL_connect(ssl); ret = wolfSSL_connect(ssl);
if (ret != SSL_SUCCESS) { if (ret != SSL_SUCCESS) {
return ret; return ret;
} }
@ -102,40 +102,40 @@ int Security(int sock, struct sockaddr_in addr)
ret = ClientGreet(sock, ssl); ret = ClientGreet(sock, ssl);
/* saves the session */ /* saves the session */
session = CyaSSL_get_session(ssl); session = wolfSSL_get_session(ssl);
CyaSSL_free(ssl); wolfSSL_free(ssl);
/* closes the connection */ /* closes the connection */
close(sock); close(sock);
/* new ssl to reconnect to */ /* new ssl to reconnect to */
sslResume = CyaSSL_new(ctx); sslResume = wolfSSL_new(ctx);
/* makes a new socket to connect to */ /* makes a new socket to connect to */
sock = socket(AF_INET, SOCK_STREAM, 0); sock = socket(AF_INET, SOCK_STREAM, 0);
/* sets session to old session */ /* sets session to old session */
CyaSSL_set_session(sslResume, session); wolfSSL_set_session(sslResume, session);
/* connects to new socket */ /* connects to new socket */
if (connect(sock, (struct sockaddr *) &addr, sizeof(addr)) < 0) { if (connect(sock, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
/* if socket fails to connect to the server*/ /* if socket fails to connect to the server*/
ret = CyaSSL_get_error(ssl, 0); ret = wolfSSL_get_error(ssl, 0);
printf("Connect error. Error: %i\n", ret); printf("Connect error. Error: %i\n", ret);
return EXIT_FAILURE; return EXIT_FAILURE;
} }
/* sets new file discriptior */ /* sets new file discriptior */
CyaSSL_set_fd(sslResume, sock); wolfSSL_set_fd(sslResume, sock);
/* reconects to CyaSSL */ /* reconects to wolfSSL */
ret = CyaSSL_connect(sslResume); ret = wolfSSL_connect(sslResume);
if (ret != SSL_SUCCESS) { if (ret != SSL_SUCCESS) {
return ret; return ret;
} }
/* checks to see if the new session is the same as the old session */ /* checks to see if the new session is the same as the old session */
if (CyaSSL_session_reused(sslResume)) if (wolfSSL_session_reused(sslResume))
printf("Re-used session ID\n"); printf("Re-used session ID\n");
else else
printf("Did not re-use session ID\n"); printf("Did not re-use session ID\n");
@ -147,9 +147,9 @@ int Security(int sock, struct sockaddr_in addr)
close(sock); close(sock);
/* frees all data before client termination */ /* frees all data before client termination */
CyaSSL_free(sslResume); wolfSSL_free(sslResume);
CyaSSL_CTX_free(ctx); wolfSSL_CTX_free(ctx);
CyaSSL_Cleanup(); wolfSSL_Cleanup();
return ret; return ret;
} }

48
tls/client-tls.c
View File

@ -1,15 +1,15 @@
/* client-tls.c /* client-tls.c
* *
* Copyright (C) 2006-2014 wolfSSL Inc. * Copyright (C) 2006-2015 wolfSSL Inc.
* *
* This file is part of CyaSSL. * This file is part of wolfSSL. (formerly known as CyaSSL)
* *
* CyaSSL is free software; you can redistribute it and/or modify * wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version. * (at your option) any later version.
* *
* CyaSSL is distributed in the hope that it will be useful, * wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of * but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details. * GNU General Public License for more details.
@ -23,7 +23,7 @@
#include <string.h> #include <string.h>
#include <errno.h> #include <errno.h>
#include <arpa/inet.h> #include <arpa/inet.h>
#include <cyassl/ssl.h> /* CyaSSL security library */ #include <wolfssl/ssl.h> /* wolfSSL security library */
#define MAXDATASIZE 4096 /* maximum acceptable amount of data */ #define MAXDATASIZE 4096 /* maximum acceptable amount of data */
#define SERV_PORT 11111 /* define default port number */ #define SERV_PORT 11111 /* define default port number */
@ -33,7 +33,7 @@ const char* cert = "../certs/ca-cert.pem";
/* /*
* clients initial contact with server. (socket to connect, security layer) * clients initial contact with server. (socket to connect, security layer)
*/ */
int ClientGreet(int sock, CYASSL* ssl) int ClientGreet(int sock, WOLFSSL* ssl)
{ {
/* data to send to the server, data recieved from the server */ /* data to send to the server, data recieved from the server */
char sendBuff[MAXDATASIZE], rcvBuff[MAXDATASIZE] = {0}; char sendBuff[MAXDATASIZE], rcvBuff[MAXDATASIZE] = {0};
@ -42,16 +42,16 @@ int ClientGreet(int sock, CYASSL* ssl)
printf("Message for server:\t"); printf("Message for server:\t");
fgets(sendBuff, MAXDATASIZE, stdin); fgets(sendBuff, MAXDATASIZE, stdin);
if (CyaSSL_write(ssl, sendBuff, strlen(sendBuff)) != strlen(sendBuff)) { if (wolfSSL_write(ssl, sendBuff, strlen(sendBuff)) != strlen(sendBuff)) {
/* the message is not able to send, or error trying */ /* the message is not able to send, or error trying */
ret = CyaSSL_get_error(ssl, 0); ret = wolfSSL_get_error(ssl, 0);
printf("Write error: Error: %i\n", ret); printf("Write error: Error: %i\n", ret);
return EXIT_FAILURE; return EXIT_FAILURE;
} }
if (CyaSSL_read(ssl, rcvBuff, MAXDATASIZE) < 0) { if (wolfSSL_read(ssl, rcvBuff, MAXDATASIZE) < 0) {
/* the server failed to send data, or error trying */ /* the server failed to send data, or error trying */
ret = CyaSSL_get_error(ssl, 0); ret = wolfSSL_get_error(ssl, 0);
printf("Read error. Error: %i\n", ret); printf("Read error. Error: %i\n", ret);
return EXIT_FAILURE; return EXIT_FAILURE;
} }
@ -65,38 +65,38 @@ int ClientGreet(int sock, CYASSL* ssl)
*/ */
int Security(int sock) int Security(int sock)
{ {
CYASSL_CTX* ctx; WOLFSSL_CTX* ctx;
CYASSL* ssl; /* create CYASSL object */ WOLFSSL* ssl; /* create WOLFSSL object */
int ret = 0; int ret = 0;
CyaSSL_Init(); /* initialize CyaSSL */ wolfSSL_Init(); /* initialize wolfSSL */
/* create and initiLize CYASSL_CTX structure */ /* create and initiLize WOLFSSL_CTX structure */
if ((ctx = CyaSSL_CTX_new(CyaTLSv1_2_client_method())) == NULL) { if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL) {
printf("SSL_CTX_new error.\n"); printf("SSL_CTX_new error.\n");
return EXIT_FAILURE; return EXIT_FAILURE;
} }
/* load CA certificates into CyaSSL_CTX. which will verify the server */ /* load CA certificates into wolfSSL_CTX. which will verify the server */
if (CyaSSL_CTX_load_verify_locations(ctx, cert, 0) != SSL_SUCCESS) { if (wolfSSL_CTX_load_verify_locations(ctx, cert, 0) != SSL_SUCCESS) {
printf("Error loading %s. Please check the file.\n", cert); printf("Error loading %s. Please check the file.\n", cert);
return EXIT_FAILURE; return EXIT_FAILURE;
} }
if ((ssl = CyaSSL_new(ctx)) == NULL) { if ((ssl = wolfSSL_new(ctx)) == NULL) {
printf("CyaSSL_new error.\n"); printf("wolfSSL_new error.\n");
return EXIT_FAILURE; return EXIT_FAILURE;
} }
CyaSSL_set_fd(ssl, sock); wolfSSL_set_fd(ssl, sock);
ret = CyaSSL_connect(ssl); ret = wolfSSL_connect(ssl);
if (ret == SSL_SUCCESS) { if (ret == SSL_SUCCESS) {
ret = ClientGreet(sock, ssl); ret = ClientGreet(sock, ssl);
} }
/* frees all data before client termination */ /* frees all data before client termination */
CyaSSL_free(ssl); wolfSSL_free(ssl);
CyaSSL_CTX_free(ctx); wolfSSL_CTX_free(ctx);
CyaSSL_Cleanup(); wolfSSL_Cleanup();
return ret; return ret;
} }

96
tls/server-callback.c
View File

@ -1,15 +1,15 @@
/* server.c /* server-callback.c
* *
* Copyright (C) 2006-2014 wolfSSL Inc. * Copyright (C) 2006-2015 wolfSSL Inc.
* *
* This file is part of CyaSSL. * This file is part of wolfSSL. (formerly known as CyaSSL)
* *
* CyaSSL is free software; you can redistribute it and/or modify * wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version. * (at your option) any later version.
* *
* CyaSSL is distributed in the hope that it will be useful, * wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of * but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details. * GNU General Public License for more details.
@ -23,11 +23,11 @@
#include <config.h> #include <config.h>
#endif #endif
#include <cyassl/ctaocrypt/settings.h> #include <wolfssl/wolfcrypt/settings.h>
#include <cyassl/options.h> #include <wolfssl/options.h>
#include <cyassl/ssl.h> #include <wolfssl/ssl.h>
#include <cyassl/test.h> #include <wolfssl/test.h>
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
@ -61,7 +61,7 @@
* function with specific parameters : inbetween process of receiving msg * function with specific parameters : inbetween process of receiving msg
* based from embeded receive in src/io.c * based from embeded receive in src/io.c
*/ */
int CbIORecv(CYASSL *ssl, char *buf, int sz, void *ctx) int CbIORecv(WOLFSSL *ssl, char *buf, int sz, void *ctx)
{ {
int recvd; int recvd;
int sd = *(int*)ctx; int sd = *(int*)ctx;
@ -70,39 +70,39 @@ int CbIORecv(CYASSL *ssl, char *buf, int sz, void *ctx)
if (recvd < 0) { if (recvd < 0) {
if (errno == SOCKET_EWOULDBLOCK || errno == SOCKET_EAGAIN) { if (errno == SOCKET_EWOULDBLOCK || errno == SOCKET_EAGAIN) {
if (!CyaSSL_dtls(ssl) || CyaSSL_get_using_nonblock(ssl)) { if (!wolfSSL_dtls(ssl) || wolfSSL_get_using_nonblock(ssl)) {
printf(" Would block\n"); printf(" Would block\n");
return CYASSL_CBIO_ERR_WANT_READ; return WOLFSSL_CBIO_ERR_WANT_READ;
} }
else { else {
printf("Socket timeout\n"); printf("Socket timeout\n");
return CYASSL_CBIO_ERR_TIMEOUT; return WOLFSSL_CBIO_ERR_TIMEOUT;
} }
} }
else if (errno == SOCKET_ECONNRESET) { else if (errno == SOCKET_ECONNRESET) {
printf("Connection reset\n"); printf("Connection reset\n");
return CYASSL_CBIO_ERR_CONN_RST; return WOLFSSL_CBIO_ERR_CONN_RST;
} }
else if (errno == SOCKET_EINTR) { else if (errno == SOCKET_EINTR) {
printf("Socket interrupted\n"); printf("Socket interrupted\n");
return CYASSL_CBIO_ERR_ISR; return WOLFSSL_CBIO_ERR_ISR;
} }
else if (errno == SOCKET_ECONNREFUSED) { else if (errno == SOCKET_ECONNREFUSED) {
printf("Connection refused\n"); printf("Connection refused\n");
return CYASSL_CBIO_ERR_WANT_READ; return WOLFSSL_CBIO_ERR_WANT_READ;
} }
else if (errno == SOCKET_ECONNABORTED) { else if (errno == SOCKET_ECONNABORTED) {
printf("Connection aborted\n"); printf("Connection aborted\n");
return CYASSL_CBIO_ERR_CONN_CLOSE; return WOLFSSL_CBIO_ERR_CONN_CLOSE;
} }
else { else {
printf("General error\n"); printf("General error\n");
return CYASSL_CBIO_ERR_GENERAL; return WOLFSSL_CBIO_ERR_GENERAL;
} }
} }
else if (recvd == 0) { else if (recvd == 0) {
printf("Embed receive connection closed\n"); printf("Embed receive connection closed\n");
return CYASSL_CBIO_ERR_CONN_CLOSE; return WOLFSSL_CBIO_ERR_CONN_CLOSE;
} }
printf("Received %d bytes\n", sz); printf("Received %d bytes\n", sz);
@ -114,7 +114,7 @@ int CbIORecv(CYASSL *ssl, char *buf, int sz, void *ctx)
* function with specific parameters : inbetween process of sending out msg * function with specific parameters : inbetween process of sending out msg
* based from embeded receive in src/io.c * based from embeded receive in src/io.c
*/ */
int CbIOSend(CYASSL *ssl, char *buf, int sz, void *ctx) int CbIOSend(WOLFSSL *ssl, char *buf, int sz, void *ctx)
{ {
int sd = *(int*)ctx; int sd = *(int*)ctx;
int sent; int sent;
@ -126,23 +126,23 @@ int CbIOSend(CYASSL *ssl, char *buf, int sz, void *ctx)
printf("IO Send error\n"); printf("IO Send error\n");
if (errno == SOCKET_EWOULDBLOCK || errno == SOCKET_EAGAIN) { if (errno == SOCKET_EWOULDBLOCK || errno == SOCKET_EAGAIN) {
printf("Would Block\n"); printf("Would Block\n");
return CYASSL_CBIO_ERR_WANT_WRITE; return WOLFSSL_CBIO_ERR_WANT_WRITE;
} }
else if (errno == SOCKET_ECONNRESET) { else if (errno == SOCKET_ECONNRESET) {
printf("Connection reset\n"); printf("Connection reset\n");
return CYASSL_CBIO_ERR_CONN_RST; return WOLFSSL_CBIO_ERR_CONN_RST;
} }
else if (errno == SOCKET_EINTR) { else if (errno == SOCKET_EINTR) {
printf("Socket interrupted\n"); printf("Socket interrupted\n");
return CYASSL_CBIO_ERR_ISR; return WOLFSSL_CBIO_ERR_ISR;
} }
else if (errno == SOCKET_EPIPE) { else if (errno == SOCKET_EPIPE) {
printf("Socket EPIPE\n"); printf("Socket EPIPE\n");
return CYASSL_CBIO_ERR_CONN_CLOSE; return WOLFSSL_CBIO_ERR_CONN_CLOSE;
} }
else { else {
printf("General error\n"); printf("General error\n");
return CYASSL_CBIO_ERR_GENERAL; return WOLFSSL_CBIO_ERR_GENERAL;
} }
} }
@ -156,28 +156,28 @@ int Server(word16 port)
char msg[MAXSZ]; char msg[MAXSZ];
const char reply[] = "I hear ya fa shizzle!\n"; const char reply[] = "I hear ya fa shizzle!\n";
int n, listenfd, connfd; int n, listenfd, connfd;
CYASSL_CTX* ctx; WOLFSSL_CTX* ctx;
CYASSL* ssl; WOLFSSL* ssl;
CyaSSL_Init(); wolfSSL_Init();
/* create ctx and configure certificates */ /* create ctx and configure certificates */
if ((ctx = CyaSSL_CTX_new(CyaTLSv1_2_server_method())) == NULL) if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method())) == NULL)
err_sys("Fatal error : CyaSSL_CTX_new error"); err_sys("Fatal error : wolfSSL_CTX_new error");
if (CyaSSL_CTX_use_certificate_file(ctx, svrCert, SSL_FILETYPE_PEM) if (wolfSSL_CTX_use_certificate_file(ctx, svrCert, SSL_FILETYPE_PEM)
!= SSL_SUCCESS) != SSL_SUCCESS)
err_sys("can't load server cert file," err_sys("can't load server cert file,"
"Please run from CyaSSL home dir"); "Please run from wolfSSL home dir");
if (CyaSSL_CTX_use_PrivateKey_file(ctx, svrKey, SSL_FILETYPE_PEM) if (wolfSSL_CTX_use_PrivateKey_file(ctx, svrKey, SSL_FILETYPE_PEM)
!= SSL_SUCCESS) != SSL_SUCCESS)
err_sys("can't load server key file, " err_sys("can't load server key file, "
"Please run from CyaSSL home dir"); "Please run from wolfSSL home dir");
/*sets the IO callback methods*/ /*sets the IO callback methods*/
CyaSSL_SetIORecv(ctx, CbIORecv); wolfSSL_SetIORecv(ctx, CbIORecv);
CyaSSL_SetIOSend(ctx, CbIOSend); wolfSSL_SetIOSend(ctx, CbIOSend);
tcp_accept(&listenfd, &connfd, NULL, port, 1, 0, 0); tcp_accept(&listenfd, &connfd, NULL, port, 1, 0, 0);
@ -185,18 +185,18 @@ int Server(word16 port)
err_sys("Fatal error : accept error"); err_sys("Fatal error : accept error");
} }
else { else {
/* create CYASSL object and respond */ /* create WOLFSSL object and respond */
if ((ssl = CyaSSL_new(ctx)) == NULL) if ((ssl = wolfSSL_new(ctx)) == NULL)
err_sys("Fatal error : CyaSSL_new error"); err_sys("Fatal error : wolfSSL_new error");
CyaSSL_set_fd(ssl, connfd); wolfSSL_set_fd(ssl, connfd);
memset(msg, 0, MAXSZ); memset(msg, 0, MAXSZ);
n = CyaSSL_read(ssl, msg, MAXSZ - 1); n = wolfSSL_read(ssl, msg, MAXSZ - 1);
if (n > 0) { if (n > 0) {
msg[n] = '\0'; msg[n] = '\0';
printf("Client sent : %s\n", msg); printf("Client sent : %s\n", msg);
if (CyaSSL_write(ssl, reply, strlen(reply)) > strlen(reply)) if (wolfSSL_write(ssl, reply, strlen(reply)) > strlen(reply))
err_sys("Fatal error : respond: write error"); err_sys("Fatal error : respond: write error");
} }
@ -204,14 +204,14 @@ int Server(word16 port)
err_sys("Fatal error :respond: read error"); err_sys("Fatal error :respond: read error");
/* closes the connections after responding */ /* closes the connections after responding */
CyaSSL_shutdown(ssl); wolfSSL_shutdown(ssl);
CyaSSL_free(ssl); wolfSSL_free(ssl);
if (close(listenfd) == -1 && close(connfd) == -1) if (close(listenfd) == -1 && close(connfd) == -1)
err_sys("Fatal error : close error"); err_sys("Fatal error : close error");
} }
/* free up memory used by CyaSSL */ /* free up memory used by wolfSSL */
CyaSSL_CTX_free(ctx); wolfSSL_CTX_free(ctx);
return 0; return 0;
} }
@ -222,7 +222,7 @@ int main(int argc, char* argv[])
return 1; return 1;
} }
CyaSSL_Init(); wolfSSL_Init();
if (argc < 2) { if (argc < 2) {
if (Server(YASSLPORT) != 0) if (Server(YASSLPORT) != 0)
err_sys("error creating server"); err_sys("error creating server");
@ -231,7 +231,7 @@ int main(int argc, char* argv[])
if (Server((word16)atoi(argv[1])) != 0) if (Server((word16)atoi(argv[1])) != 0)
err_sys("error creating server"); err_sys("error creating server");
} }
CyaSSL_Cleanup(); wolfSSL_Cleanup();
return 0; return 0;
} }

12
tls/server-tcp.c
View File

@ -1,15 +1,15 @@
/* server-tcp.c /* server-tcp.c
* *
* Copyright (C) 2006-2014 wolfSSL Inc. * Copyright (C) 2006-2015 wolfSSL Inc.
* *
* This file is part of CyaSSL. * This file is part of wolfSSL. (formerly known as CyaSSL)
* *
* CyaSSL is free software; you can redistribute it and/or modify * wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version. * (at your option) any later version.
* *
* CyaSSL is distributed in the hope that it will be useful, * wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of * but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details. * GNU General Public License for more details.
@ -17,10 +17,6 @@
* You should have received a copy of the GNU General Public License * You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software * along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
* =============================================================================
*
* This is a super basic example of what a TCP Server might look like that is
* not actively using any form of security.
*/ */
#include <stdio.h> #include <stdio.h>

80
tls/server-tls-nonblocking.c
View File

@ -1,22 +1,22 @@
/* server-tls-nonblocking.c /* server-tls-nonblocking.c
* *
* Copyright (C) 2006-2014 wolfSSL Inc. * Copyright (C) 2006-2015 wolfSSL Inc.
* *
* This file is part of CyaSSL. * This file is part of wolfSSL. (formerly known as CyaSSL)
* *
* CyaSSL is free software; you can redistribute it and/or modify * wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version. * (at your option) any later version.
* *
* CyaSSL is distributed in the hope that it will be useful, * wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of * but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details. * GNU General Public License for more details.
* *
* You should have received a copy of the GNU General Public License * You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software * along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, * USA * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*============================================================================= *=============================================================================
* *
* This is a super basic example of what a TCP Server secured with TLS 1.2 * This is a super basic example of what a TCP Server secured with TLS 1.2
@ -33,8 +33,8 @@
#include <sys/fcntl.h> #include <sys/fcntl.h>
#include <errno.h> #include <errno.h>
/* Include the CyaSSL library for our TLS 1.2 security */ /* Include the wolfSSL library for our TLS 1.2 security */
#include <cyassl/ssl.h> #include <wolfssl/ssl.h>
#define DEFAULT_PORT 11111 #define DEFAULT_PORT 11111
@ -43,10 +43,10 @@
*/ */
enum read_write_t {WRITE, READ, ACCEPT}; enum read_write_t {WRITE, READ, ACCEPT};
int AcceptAndRead(CYASSL_CTX* ctx, socklen_t socketfd, int AcceptAndRead(WOLFSSL_CTX* ctx, socklen_t socketfd,
struct sockaddr_in clientAddr); struct sockaddr_in clientAddr);
int TCPSelect(socklen_t socketfd); int TCPSelect(socklen_t socketfd);
int NonBlocking_ReadWriteAccept(CYASSL* ssl, socklen_t socketfd, int NonBlocking_ReadWriteAccept(WOLFSSL* ssl, socklen_t socketfd,
enum read_write_t rw); enum read_write_t rw);
/* Check if any sockets are ready for reading and writing and set it */ /* Check if any sockets are ready for reading and writing and set it */
@ -75,7 +75,7 @@ int TCPSelect(socklen_t socketfd)
} }
/* Checks if NonBlocking I/O is wanted, if it is wanted it will /* Checks if NonBlocking I/O is wanted, if it is wanted it will
* wait until it's available on the socket before reading or writing */ * wait until it's available on the socket before reading or writing */
int NonBlocking_ReadWriteAccept(CYASSL* ssl, socklen_t socketfd, int NonBlocking_ReadWriteAccept(WOLFSSL* ssl, socklen_t socketfd,
enum read_write_t rw) enum read_write_t rw)
{ {
const char reply[] = "I hear ya fa shizzle!\n"; const char reply[] = "I hear ya fa shizzle!\n";
@ -90,18 +90,18 @@ int NonBlocking_ReadWriteAccept(CYASSL* ssl, socklen_t socketfd,
memset(&buff, 0, sizeof(buff)); memset(&buff, 0, sizeof(buff));
if (rw == READ) if (rw == READ)
rwret = CyaSSL_read(ssl, buff, sizeof(buff)-1); rwret = wolfSSL_read(ssl, buff, sizeof(buff)-1);
else if (rw == WRITE) else if (rw == WRITE)
rwret = CyaSSL_write(ssl, reply, sizeof(reply)-1); rwret = wolfSSL_write(ssl, reply, sizeof(reply)-1);
else if (rw == ACCEPT) else if (rw == ACCEPT)
rwret = CyaSSL_accept(ssl); rwret = wolfSSL_accept(ssl);
if (rwret == 0) { if (rwret == 0) {
printf("The client has closed the connection!\n"); printf("The client has closed the connection!\n");
return 0; return 0;
} }
else if (rwret != SSL_SUCCESS) { else if (rwret != SSL_SUCCESS) {
int error = CyaSSL_get_error(ssl, 0); int error = wolfSSL_get_error(ssl, 0);
/* while I/O is not ready, keep waiting */ /* while I/O is not ready, keep waiting */
while ((error == SSL_ERROR_WANT_READ || while ((error == SSL_ERROR_WANT_READ ||
@ -116,13 +116,13 @@ int NonBlocking_ReadWriteAccept(CYASSL* ssl, socklen_t socketfd,
if ((selectRet == 1) || (selectRet == 2)) { if ((selectRet == 1) || (selectRet == 2)) {
if (rw == READ) if (rw == READ)
rwret = CyaSSL_read(ssl, buff, sizeof(buff)-1); rwret = wolfSSL_read(ssl, buff, sizeof(buff)-1);
else if (rw == WRITE) else if (rw == WRITE)
rwret = CyaSSL_write(ssl, reply, sizeof(reply)-1); rwret = wolfSSL_write(ssl, reply, sizeof(reply)-1);
else if (rw == ACCEPT) else if (rw == ACCEPT)
rwret = CyaSSL_accept(ssl); rwret = wolfSSL_accept(ssl);
error = CyaSSL_get_error(ssl, 0); error = wolfSSL_get_error(ssl, 0);
} }
else { else {
error = SSL_FATAL_ERROR; error = SSL_FATAL_ERROR;
@ -134,9 +134,9 @@ int NonBlocking_ReadWriteAccept(CYASSL* ssl, socklen_t socketfd,
printf("Client: %s\n", buff); printf("Client: %s\n", buff);
/* Reply back to the client */ /* Reply back to the client */
else if (rw == WRITE) { else if (rw == WRITE) {
if ((ret = CyaSSL_write(ssl, reply, sizeof(reply)-1)) < 0) { if ((ret = wolfSSL_write(ssl, reply, sizeof(reply)-1)) < 0) {
printf("CyaSSL_write error = %d\n", printf("wolfSSL_write error = %d\n",
CyaSSL_get_error(ssl, ret)); wolfSSL_get_error(ssl, ret));
} }
} }
} }
@ -144,7 +144,7 @@ int NonBlocking_ReadWriteAccept(CYASSL* ssl, socklen_t socketfd,
return 1; return 1;
} }
int AcceptAndRead(CYASSL_CTX* ctx, socklen_t socketfd, struct sockaddr_in clientAddr) int AcceptAndRead(WOLFSSL_CTX* ctx, socklen_t socketfd, struct sockaddr_in clientAddr)
{ {
socklen_t size = sizeof(clientAddr); socklen_t size = sizeof(clientAddr);
@ -158,16 +158,16 @@ int AcceptAndRead(CYASSL_CTX* ctx, socklen_t socketfd, struct sockaddr_in client
/* If it connects, read in and reply to the client */ /* If it connects, read in and reply to the client */
else { else {
printf("Client connected successfully!\n"); printf("Client connected successfully!\n");
CYASSL* ssl; WOLFSSL* ssl;
if ( (ssl = CyaSSL_new(ctx)) == NULL) { if ( (ssl = wolfSSL_new(ctx)) == NULL) {
fprintf(stderr, "CyaSSL_new error.\n"); fprintf(stderr, "wolfSSL_new error.\n");
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
/* Direct our ssl to our clients connection */ /* Direct our ssl to our clients connection */
CyaSSL_set_fd(ssl, connd); wolfSSL_set_fd(ssl, connd);
/* Sets CyaSSL_accept(ssl) */ /* Sets wolfSSL_accept(ssl) */
if(NonBlocking_ReadWriteAccept(ssl, socketfd, ACCEPT) < 0) if(NonBlocking_ReadWriteAccept(ssl, socketfd, ACCEPT) < 0)
return 0; return 0;
@ -183,7 +183,7 @@ int AcceptAndRead(CYASSL_CTX* ctx, socklen_t socketfd, struct sockaddr_in client
if (NonBlocking_ReadWriteAccept(ssl, socketfd, WRITE) == 0) if (NonBlocking_ReadWriteAccept(ssl, socketfd, WRITE) == 0)
break; break;
} }
CyaSSL_free(ssl); /* Free the CYASSL object */ wolfSSL_free(ssl); /* Free the WOLFSSL object */
} }
close(connd); /* close the connected socket */ close(connd); /* close the connected socket */
@ -204,7 +204,7 @@ int main()
int on = 1; int on = 1;
/* Create a ctx pointer for our ssl */ /* Create a ctx pointer for our ssl */
CYASSL_CTX* ctx; WOLFSSL_CTX* ctx;
/* Server and Client socket address structures */ /* Server and Client socket address structures */
struct sockaddr_in serverAddr, clientAddr; struct sockaddr_in serverAddr, clientAddr;
@ -229,25 +229,25 @@ int main()
< 0) < 0)
printf("setsockopt SO_REUSEADDR failed\n"); printf("setsockopt SO_REUSEADDR failed\n");
/* Initialize CyaSSL */ /* Initialize wolfSSL */
CyaSSL_Init(); wolfSSL_Init();
/* Create and initialize CYASSL_CTX structure */ /* Create and initialize WOLFSSL_CTX structure */
if ((ctx = CyaSSL_CTX_new(CyaTLSv1_2_server_method())) == NULL) { if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method())) == NULL) {
fprintf(stderr, "CyaSSL_CTX_new error.\n"); fprintf(stderr, "wolfSSL_CTX_new error.\n");
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
/* Load server certificate into CYASSL_CTX */ /* Load server certificate into WOLFSSL_CTX */
if (CyaSSL_CTX_use_certificate_file(ctx, "../certs/server-cert.pem", if (wolfSSL_CTX_use_certificate_file(ctx, "../certs/server-cert.pem",
SSL_FILETYPE_PEM) != SSL_SUCCESS) { SSL_FILETYPE_PEM) != SSL_SUCCESS) {
fprintf(stderr, "Error loading certs/server-cert.pem, please check" fprintf(stderr, "Error loading certs/server-cert.pem, please check"
"the file.\n"); "the file.\n");
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
/* Load server key into CYASSL_CTX */ /* Load server key into WOLFSSL_CTX */
if (CyaSSL_CTX_use_PrivateKey_file(ctx, "../certs/server-key.pem", if (wolfSSL_CTX_use_PrivateKey_file(ctx, "../certs/server-key.pem",
SSL_FILETYPE_PEM) != SSL_SUCCESS) { SSL_FILETYPE_PEM) != SSL_SUCCESS) {
fprintf(stderr, "Error loading certs/server-key.pem, please check" fprintf(stderr, "Error loading certs/server-key.pem, please check"
"the file.\n"); "the file.\n");
@ -274,7 +274,7 @@ int main()
} }
} }
CyaSSL_CTX_free(ctx); /* Free CYASSL_CTX */ wolfSSL_CTX_free(ctx); /* Free WOLFSSL_CTX */
CyaSSL_Cleanup(); /* Free CyaSSL */ wolfSSL_Cleanup(); /* Free wolfSSL */
exit(EXIT_SUCCESS); exit(EXIT_SUCCESS);
} }

56
tls/server-tls-threaded.c
View File

@ -1,22 +1,22 @@
/* server-tls-threaded.c /* server-tls-threaded.c
* *
* Copyright (C) 2006-2014 wolfSSL Inc. * Copyright (C) 2006-2015 wolfSSL Inc.
* *
* This file is part of CyaSSL. * This file is part of wolfSSL. (formerly known as CyaSSL)
* *
* CyaSSL is free software; you can redistribute it and/or modify * wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version. * (at your option) any later version.
* *
* CyaSSL is distributed in the hope that it will be useful, * wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of * but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details. * GNU General Public License for more details.
* *
* You should have received a copy of the GNU General Public License * You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software * along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, * USA * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*============================================================================= *=============================================================================
* *
* This is a super basic example of what a TCP Server secured with TLS 1.2 * This is a super basic example of what a TCP Server secured with TLS 1.2
@ -34,8 +34,8 @@
#include <errno.h> #include <errno.h>
#include <pthread.h> #include <pthread.h>
/* Include the CyaSSL library for our TLS 1.2 security */ /* Include the wolfSSL library for our TLS 1.2 security */
#include <cyassl/ssl.h> #include <wolfssl/ssl.h>
#define DEFAULT_PORT 11111 #define DEFAULT_PORT 11111
@ -43,24 +43,24 @@ int AcceptAndRead(socklen_t sockfd, struct sockaddr_in clientAddr);
void *ThreadHandler(void* socketDesc); void *ThreadHandler(void* socketDesc);
/* Create a ctx pointer for our ssl */ /* Create a ctx pointer for our ssl */
CYASSL_CTX* ctx; WOLFSSL_CTX* ctx;
void *ThreadHandler(void* socketDesc) void *ThreadHandler(void* socketDesc)
{ {
int connd = *(int*)socketDesc; int connd = *(int*)socketDesc;
CYASSL* ssl; WOLFSSL* ssl;
/* Create our reply message */ /* Create our reply message */
const char reply[] = "I hear ya fa shizzle!\n"; const char reply[] = "I hear ya fa shizzle!\n";
printf("Client connected successfully\n"); printf("Client connected successfully\n");
if ( (ssl = CyaSSL_new(ctx)) == NULL) { if ( (ssl = wolfSSL_new(ctx)) == NULL) {
fprintf(stderr, "CyaSSL_new error.\n"); fprintf(stderr, "wolfSSL_new error.\n");
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
/* Direct our ssl to our clients connection */ /* Direct our ssl to our clients connection */
CyaSSL_set_fd(ssl, connd); wolfSSL_set_fd(ssl, connd);
for ( ; ; ) { for ( ; ; ) {
char buff[256]; char buff[256];
@ -70,25 +70,25 @@ void *ThreadHandler(void* socketDesc)
memset(&buff, 0, sizeof(buff)); memset(&buff, 0, sizeof(buff));
/* Read the client data into our buff array */ /* Read the client data into our buff array */
if ((ret = CyaSSL_read(ssl, buff, sizeof(buff)-1)) > 0) { if ((ret = wolfSSL_read(ssl, buff, sizeof(buff)-1)) > 0) {
/* Print any data the client sends to the console */ /* Print any data the client sends to the console */
printf("Client on Socket %d: %s\n", connd, buff); printf("Client on Socket %d: %s\n", connd, buff);
/* Reply back to the client */ /* Reply back to the client */
if ((ret = CyaSSL_write(ssl, reply, sizeof(reply)-1)) if ((ret = wolfSSL_write(ssl, reply, sizeof(reply)-1))
< 0) { < 0) {
printf("CyaSSL_write error = %d\n", CyaSSL_get_error(ssl, ret)); printf("wolfSSL_write error = %d\n", wolfSSL_get_error(ssl, ret));
} }
} }
/* if the client disconnects break the loop */ /* if the client disconnects break the loop */
else { else {
if (ret < 0) if (ret < 0)
printf("CyaSSL_read error = %d\n", CyaSSL_get_error(ssl printf("wolfSSL_read error = %d\n", wolfSSL_get_error(ssl
,ret)); ,ret));
else if (ret == 0) else if (ret == 0)
printf("The client has closed the connection.\n"); printf("The client has closed the connection.\n");
CyaSSL_free(ssl); /* Free the CYASSL object */ wolfSSL_free(ssl); /* Free the WOLFSSL object */
close(connd); /* close the connected socket */ close(connd); /* close the connected socket */
break; break;
} }
@ -145,8 +145,8 @@ int main()
serverAddr.sin_addr.s_addr = INADDR_ANY; serverAddr.sin_addr.s_addr = INADDR_ANY;
serverAddr.sin_port = htons(DEFAULT_PORT); serverAddr.sin_port = htons(DEFAULT_PORT);
/* initialize CyaSSL */ /* initialize wolfSSL */
CyaSSL_Init(); wolfSSL_Init();
/* If positive value, the socket is valid */ /* If positive value, the socket is valid */
if (sockfd == -1) { if (sockfd == -1) {
@ -154,22 +154,22 @@ int main()
return EXIT_FAILURE; return EXIT_FAILURE;
} }
/* Create and initialize CYASSL_CTX structure */ /* Create and initialize WOLFSSL_CTX structure */
if ((ctx = CyaSSL_CTX_new(CyaTLSv1_2_server_method())) == NULL) { if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method())) == NULL) {
fprintf(stderr, "CyaSSL_CTX_new error.\n"); fprintf(stderr, "wolfSSL_CTX_new error.\n");
return EXIT_FAILURE; return EXIT_FAILURE;
} }
/* Load server certificate into CYASSL_CTX */ /* Load server certificate into WOLFSSL_CTX */
if (CyaSSL_CTX_use_certificate_file(ctx, "../certs/server-cert.pem", if (wolfSSL_CTX_use_certificate_file(ctx, "../certs/server-cert.pem",
SSL_FILETYPE_PEM) != SSL_SUCCESS) { SSL_FILETYPE_PEM) != SSL_SUCCESS) {
fprintf(stderr, "Error loading certs/server-cert.pem, please check" fprintf(stderr, "Error loading certs/server-cert.pem, please check"
"the file.\n"); "the file.\n");
return EXIT_FAILURE; return EXIT_FAILURE;
} }
/* Load server key into CYASSL_CTX */ /* Load server key into WOLFSSL_CTX */
if (CyaSSL_CTX_use_PrivateKey_file(ctx, "../certs/server-key.pem", if (wolfSSL_CTX_use_PrivateKey_file(ctx, "../certs/server-key.pem",
SSL_FILETYPE_PEM) != SSL_SUCCESS) { SSL_FILETYPE_PEM) != SSL_SUCCESS) {
fprintf(stderr, "Error loading certs/server-key.pem, please check" fprintf(stderr, "Error loading certs/server-key.pem, please check"
"the file.\n"); "the file.\n");
@ -196,8 +196,8 @@ int main()
} }
} }
CyaSSL_CTX_free(ctx); /* Free CYASSL_CTX */ wolfSSL_CTX_free(ctx); /* Free WOLFSSL_CTX */
CyaSSL_Cleanup(); /* Free CyaSSL */ wolfSSL_Cleanup(); /* Free wolfSSL */
return EXIT_SUCCESS; return EXIT_SUCCESS;
} }

64
tls/server-tls.c
View File

@ -1,27 +1,27 @@
/* server-tls.c /* server-tls.c
* *
* Copyright (C) 2006-2014 wolfSSL Inc. * Copyright (C) 2006-2015 wolfSSL Inc.
* *
* This file is part of CyaSSL. * This file is part of wolfSSL. (formerly known as CyaSSL)
* *
* CyaSSL is free software; you can redistribute it and/or modify * wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version. * (at your option) any later version.
* *
* CyaSSL is distributed in the hope that it will be useful, * wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of * but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details. * GNU General Public License for more details.
* *
* You should have received a copy of the GNU General Public License * You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software * along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, * USA * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*============================================================================= *=============================================================================
* *
* This is a super basic example of what a TCP Server secured with TLS 1.2 * This is a super basic example of what a TCP Server secured with TLS 1.2
* might look like. This server can also resume the session if a client * might look like. This server can also resume the session if a client
* nadvertantly disconnects. * inadvertantly disconnects.
*/ */
#include <stdio.h> #include <stdio.h>
@ -33,15 +33,15 @@
#include <stdlib.h> #include <stdlib.h>
#include <errno.h> #include <errno.h>
/* include the CyaSSL library for our TLS 1.2 security */ /* include the wolfSSL library for our TLS 1.2 security */
#include <cyassl/ssl.h> #include <wolfssl/ssl.h>
#define DEFAULT_PORT 11111 #define DEFAULT_PORT 11111
int AcceptAndRead(CYASSL_CTX* ctx, socklen_t sockfd, struct sockaddr_in int AcceptAndRead(WOLFSSL_CTX* ctx, socklen_t sockfd, struct sockaddr_in
clientAddr); clientAddr);
int AcceptAndRead(CYASSL_CTX* ctx, socklen_t sockfd, struct sockaddr_in int AcceptAndRead(WOLFSSL_CTX* ctx, socklen_t sockfd, struct sockaddr_in
clientAddr) clientAddr)
{ {
/* Create our reply message */ /* Create our reply message */
@ -58,17 +58,17 @@ int AcceptAndRead(CYASSL_CTX* ctx, socklen_t sockfd, struct sockaddr_in
/* If it connects, read in and reply to the client */ /* If it connects, read in and reply to the client */
else { else {
printf("Client connected successfully\n"); printf("Client connected successfully\n");
CYASSL* ssl; WOLFSSL* ssl;
if ( (ssl = CyaSSL_new(ctx)) == NULL) { if ( (ssl = wolfSSL_new(ctx)) == NULL) {
fprintf(stderr, "CyaSSL_new error.\n"); fprintf(stderr, "wolfSSL_new error.\n");
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
/* direct our ssl to our clients connection */ /* direct our ssl to our clients connection */
CyaSSL_set_fd(ssl, connd); wolfSSL_set_fd(ssl, connd);
printf("Using Non-Blocking I/O: %d\n", CyaSSL_get_using_nonblock( printf("Using Non-Blocking I/O: %d\n", wolfSSL_get_using_nonblock(
ssl)); ssl));
for ( ; ; ) { for ( ; ; ) {
@ -79,21 +79,21 @@ int AcceptAndRead(CYASSL_CTX* ctx, socklen_t sockfd, struct sockaddr_in
memset(&buff, 0, sizeof(buff)); memset(&buff, 0, sizeof(buff));
/* Read the client data into our buff array */ /* Read the client data into our buff array */
if ((ret = CyaSSL_read(ssl, buff, sizeof(buff)-1)) > 0) { if ((ret = wolfSSL_read(ssl, buff, sizeof(buff)-1)) > 0) {
/* Print any data the client sends to the console */ /* Print any data the client sends to the console */
printf("Client: %s\n", buff); printf("Client: %s\n", buff);
/* Reply back to the client */ /* Reply back to the client */
if ((ret = CyaSSL_write(ssl, reply, sizeof(reply)-1)) if ((ret = wolfSSL_write(ssl, reply, sizeof(reply)-1))
< 0) < 0)
{ {
printf("CyaSSL_write error = %d\n", CyaSSL_get_error(ssl, ret)); printf("wolfSSL_write error = %d\n", wolfSSL_get_error(ssl, ret));
} }
} }
/* if the client disconnects break the loop */ /* if the client disconnects break the loop */
else { else {
if (ret < 0) if (ret < 0)
printf("CyaSSL_read error = %d\n", CyaSSL_get_error(ssl printf("wolfSSL_read error = %d\n", wolfSSL_get_error(ssl
,ret)); ,ret));
else if (ret == 0) else if (ret == 0)
printf("The client has closed the connection.\n"); printf("The client has closed the connection.\n");
@ -101,7 +101,7 @@ int AcceptAndRead(CYASSL_CTX* ctx, socklen_t sockfd, struct sockaddr_in
break; break;
} }
} }
CyaSSL_free(ssl); /* Free the CYASSL object */ wolfSSL_free(ssl); /* Free the WOLFSSL object */
} }
close(connd); /* close the connected socket */ close(connd); /* close the connected socket */
@ -112,7 +112,7 @@ int AcceptAndRead(CYASSL_CTX* ctx, socklen_t sockfd, struct sockaddr_in
int main() int main()
{ {
/* Create a ctx pointer for our ssl */ /* Create a ctx pointer for our ssl */
CYASSL_CTX* ctx; WOLFSSL_CTX* ctx;
/* /*
* Creates a socket that uses an internet IP address, * Creates a socket that uses an internet IP address,
@ -125,8 +125,8 @@ int main()
/* Server and client socket address structures */ /* Server and client socket address structures */
struct sockaddr_in serverAddr, clientAddr; struct sockaddr_in serverAddr, clientAddr;
/* Initialize CyaSSL */ /* Initialize wolfSSL */
CyaSSL_Init(); wolfSSL_Init();
/* If positive value, the socket is valid */ /* If positive value, the socket is valid */
if (sockfd == -1) { if (sockfd == -1) {
@ -134,22 +134,22 @@ int main()
return EXIT_FAILURE; /* Kill the server with exit status 1 */ return EXIT_FAILURE; /* Kill the server with exit status 1 */
} }
/* create and initialize CYASSL_CTX structure */ /* create and initialize WOLFSSL_CTX structure */
if ((ctx = CyaSSL_CTX_new(CyaTLSv1_2_server_method())) == NULL) { if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method())) == NULL) {
fprintf(stderr, "CyaSSL_CTX_new error.\n"); fprintf(stderr, "wolfSSL_CTX_new error.\n");
return EXIT_FAILURE; return EXIT_FAILURE;
} }
/* Load server certificate into CYASSL_CTX */ /* Load server certificate into WOLFSSL_CTX */
if (CyaSSL_CTX_use_certificate_file(ctx, "../certs/server-cert.pem", if (wolfSSL_CTX_use_certificate_file(ctx, "../certs/server-cert.pem",
SSL_FILETYPE_PEM) != SSL_SUCCESS) { SSL_FILETYPE_PEM) != SSL_SUCCESS) {
fprintf(stderr, "Error loading certs/server-cert.pem, please check" fprintf(stderr, "Error loading certs/server-cert.pem, please check"
"the file.\n"); "the file.\n");
return EXIT_FAILURE; return EXIT_FAILURE;
} }
/* Load server key into CYASSL_CTX */ /* Load server key into WOLFSSL_CTX */
if (CyaSSL_CTX_use_PrivateKey_file(ctx, "../certs/server-key.pem", if (wolfSSL_CTX_use_PrivateKey_file(ctx, "../certs/server-key.pem",
SSL_FILETYPE_PEM) != SSL_SUCCESS) { SSL_FILETYPE_PEM) != SSL_SUCCESS) {
fprintf(stderr, "Error loading certs/server-key.pem, please check" fprintf(stderr, "Error loading certs/server-key.pem, please check"
"the file.\n"); "the file.\n");
@ -184,7 +184,7 @@ int main()
} }
} }
CyaSSL_CTX_free(ctx); /* Free CYASSL_CTX */ wolfSSL_CTX_free(ctx); /* Free WOLFSSL_CTX */
CyaSSL_Cleanup(); /* Free CyaSSL */ wolfSSL_Cleanup(); /* Free wolfSSL */
return EXIT_SUCCESS; return EXIT_SUCCESS;
} }

254
tls/tutorial-tcp-tls.md
View File

@ -1,7 +1,7 @@
Tutorial Tutorial
======== ========
This tutorial will teach you how to install and run a basic TCP Server and Client. As well as how to incorporate CyaSSL TLS and some additional features on top of these basic examples. It is expected that you have a basic understanding of a simple tcp server/client. If not, before continueing please take a moment to look over the `server-tcp.c` and `client-tcp.c` file which contains the basic tcp server that we will be expanding upon in this tutorial. This tutorial will teach you how to install and run a basic TCP Server and Client. As well as how to incorporate wolfSSL TLS and some additional features on top of these basic examples. It is expected that you have a basic understanding of a simple tcp server/client. If not, before continueing please take a moment to look over the `server-tcp.c` and `client-tcp.c` file which contains the basic tcp server that we will be expanding upon in this tutorial.
First you will need `gcc` and `make` installed on your terminal. You can do this by opening a new terminal window and typing: First you will need `gcc` and `make` installed on your terminal. You can do this by opening a new terminal window and typing:
@ -9,8 +9,8 @@ First you will need `gcc` and `make` installed on your terminal. You can do this
sudo apt-get install gcc make sudo apt-get install gcc make
## Index ## Index
1. [Incorporating CyaSSL TLS](https://github.com/wolfSSL/wolfssl-examples/blob/master/tls/tutorial-tcp-tls.md#incorporating-cyassl-tls) 1. [Incorporating wolfSSL TLS](https://github.com/wolfSSL/wolfssl-examples/blob/master/tls/tutorial-tcp-tls.md#incorporating-wolfssl-tls)
* [Installing CyaSSL](https://github.com/wolfSSL/wolfssl-examples/blob/master/tls/tutorial-tcp-tls.md#installing-cyassl) * [Installing wolfSSL](https://github.com/wolfSSL/wolfssl-examples/blob/master/tls/tutorial-tcp-tls.md#installing-wolfssl)
2. [Server TLS Tutorial](https://github.com/wolfSSL/wolfssl-examples/blob/master/tls/tutorial-tcp-tls.md#server-tls-tutorial) 2. [Server TLS Tutorial](https://github.com/wolfSSL/wolfssl-examples/blob/master/tls/tutorial-tcp-tls.md#server-tls-tutorial)
* [Basic TLS Server](https://github.com/wolfSSL/wolfssl-examples/blob/master/tls/tutorial-tcp-tls.md#basic-tls-server) * [Basic TLS Server](https://github.com/wolfSSL/wolfssl-examples/blob/master/tls/tutorial-tcp-tls.md#basic-tls-server)
* [Adding Multi-threading](https://github.com/wolfSSL/wolfssl-examples/blob/master/tls/tutorial-tcp-tls.md#adding-server-multi-threading) * [Adding Multi-threading](https://github.com/wolfSSL/wolfssl-examples/blob/master/tls/tutorial-tcp-tls.md#adding-server-multi-threading)
@ -21,22 +21,22 @@ First you will need `gcc` and `make` installed on your terminal. You can do this
* [Adding Non-blocking I/O](https://github.com/wolfSSL/wolfssl-examples/blob/master/tls/tutorial-tcp-tls.md#adding-client-non-blocking-io) * [Adding Non-blocking I/O](https://github.com/wolfSSL/wolfssl-examples/blob/master/tls/tutorial-tcp-tls.md#adding-client-non-blocking-io)
4. [Starting the TLS Client & Server](https://github.com/wolfSSL/wolfssl-examples/blob/master/tls/tutorial-tcp-tls.md#starting-the-tls-client--server) 4. [Starting the TLS Client & Server](https://github.com/wolfSSL/wolfssl-examples/blob/master/tls/tutorial-tcp-tls.md#starting-the-tls-client--server)
## Incorporating CyaSSL TLS ## Incorporating wolfSSL TLS
To incorporate CyaSSL TLS into your client or server you need to first configure and install the CyaSSL library to your linux machine. After you have done that, you can then run `make` to compile the TLS versions into an executeable. To incorporate wolfSSL TLS into your client or server you need to first configure and install the wolfSSL library to your linux machine. After you have done that, you can then run `make` to compile the TLS versions into an executeable.
### Installing CyaSSL ### Installing wolfSSL
+ Download and extract the CyaSSL package from [here.](http://wolfssl.com/yaSSL/Products-cyassl.html) + Download and extract the wolfSSL package from [here.](http://wolfssl.com/yaSSL/Products-wolfssl.html)
+ In terminal, navigate to the root of the extracted folder. + In terminal, navigate to the root of the extracted folder.
+ Type `./configure` press enter. Wait until it finishes configuring. + Type `./configure` press enter. Wait until it finishes configuring.
+ Type `make` press enter. + Type `make` press enter.
+ Type `sudo make install`, this will install the CyaSSL libraries to your machine. + Type `sudo make install`, this will install the wolfSSL libraries to your machine.
CyaSSL libraries should now be installed to your machine and ready to use. You can now make and run the server and client examples. wolfSSL libraries should now be installed to your machine and ready to use. You can now make and run the server and client examples.
## Server TLS Tutorial ## Server TLS Tutorial
### Basic TLS Server ### Basic TLS Server
To begin, we will be re-writing the basic `server-tcp.c` with CyaSSL. The structure of the file will be almost identical. To begin, we will need to include the cyassl libraries with the rest of our includes at the top of the file: To begin, we will be re-writing the basic `server-tcp.c` with wolfSSL. The structure of the file will be almost identical. To begin, we will need to include the wolfssl libraries with the rest of our includes at the top of the file:
```c ```c
#include <stdio.h> #include <stdio.h>
@ -48,24 +48,24 @@ To begin, we will be re-writing the basic `server-tcp.c` with CyaSSL. The struct
#include <stdlib.h> #include <stdlib.h>
#include <errno.h> #include <errno.h>
/* include the CyaSSL library for our TLS 1.2 security */ /* include the wolfSSL library for our TLS 1.2 security */
#include <cyassl/ssl.h> #include <wolfssl/ssl.h>
``` ```
Next we will add our `#define DEFAULT_PORT 11111` and the prototype for our `AcceptAndRead` function: Next we will add our `#define DEFAULT_PORT 11111` and the prototype for our `AcceptAndRead` function:
```c ```c
#define DEFAULT_PORT 11111 #define DEFAULT_PORT 11111
int AcceptAndRead(CYASSL_CTX* ctx, socklen_t sockfd, struct sockaddr_in int AcceptAndRead(WOLFSSL_CTX* ctx, socklen_t sockfd, struct sockaddr_in
clientAddr); clientAddr);
``` ```
Now we will build our `main()` function for the program. What happens here is we create a CYASSL context pointer and a socket. We then initialize CyaSSL so that it can be used. After that we tell CyaSSL where our certificate and private key files are that we want our server to use. We then attach our socket to the `DEFAULT_PORT` that we defined above. The last thing to do in the main function is to listen for a new connection on the socket that we binded to our port above. When we get a new connection, we call the `AcceptAndRead` function. The main function should look like: Now we will build our `main()` function for the program. What happens here is we create a WOLFSSL context pointer and a socket. We then initialize wolfSSL so that it can be used. After that we tell wolfSSL where our certificate and private key files are that we want our server to use. We then attach our socket to the `DEFAULT_PORT` that we defined above. The last thing to do in the main function is to listen for a new connection on the socket that we binded to our port above. When we get a new connection, we call the `AcceptAndRead` function. The main function should look like:
```c ```c
int main() int main()
{ {
/* Create a ctx pointer for our ssl */ /* Create a ctx pointer for our ssl */
CYASSL_CTX* ctx; WOLFSSL_CTX* ctx;
/* /*
* Creates a socket that uses an internet IP address, * Creates a socket that uses an internet IP address,
@ -78,8 +78,8 @@ int main()
/* Server and client socket address structures */ /* Server and client socket address structures */
struct sockaddr_in serverAddr, clientAddr; struct sockaddr_in serverAddr, clientAddr;
/* Initialize CyaSSL */ /* Initialize wolfSSL */
CyaSSL_Init(); wolfSSL_Init();
/* If positive value, the socket is valid */ /* If positive value, the socket is valid */
if (sockfd == -1) { if (sockfd == -1) {
@ -87,22 +87,22 @@ int main()
return EXIT_FAILURE; /* Kill the server with exit status 1 */ return EXIT_FAILURE; /* Kill the server with exit status 1 */
} }
/* create and initialize CYASSL_CTX structure */ /* create and initialize WOLFSSL_CTX structure */
if ((ctx = CyaSSL_CTX_new(CyaTLSv1_2_server_method())) == NULL) { if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method())) == NULL) {
fprintf(stderr, "CyaSSL_CTX_new error.\n"); fprintf(stderr, "wolfSSL_CTX_new error.\n");
return EXIT_FAILURE; return EXIT_FAILURE;
} }
/* Load server certificate into CYASSL_CTX */ /* Load server certificate into WOLFSSL_CTX */
if (CyaSSL_CTX_use_certificate_file(ctx, "../certs/server-cert.pem", if (wolfSSL_CTX_use_certificate_file(ctx, "../certs/server-cert.pem",
SSL_FILETYPE_PEM) != SSL_SUCCESS) { SSL_FILETYPE_PEM) != SSL_SUCCESS) {
fprintf(stderr, "Error loading certs/server-cert.pem, please check" fprintf(stderr, "Error loading certs/server-cert.pem, please check"
"the file.\n"); "the file.\n");
return EXIT_FAILURE; return EXIT_FAILURE;
} }
/* Load server key into CYASSL_CTX */ /* Load server key into WOLFSSL_CTX */
if (CyaSSL_CTX_use_PrivateKey_file(ctx, "../certs/server-key.pem", if (wolfSSL_CTX_use_PrivateKey_file(ctx, "../certs/server-key.pem",
SSL_FILETYPE_PEM) != SSL_SUCCESS) { SSL_FILETYPE_PEM) != SSL_SUCCESS) {
fprintf(stderr, "Error loading certs/server-key.pem, please check" fprintf(stderr, "Error loading certs/server-key.pem, please check"
"the file.\n"); "the file.\n");
@ -137,17 +137,17 @@ int main()
} }
} }
CyaSSL_CTX_free(ctx); /* Free CYASSL_CTX */ wolfSSL_CTX_free(ctx); /* Free WOLFSSL_CTX */
CyaSSL_Cleanup(); /* Free CyaSSL */ wolfSSL_Cleanup(); /* Free wolfSSL */
return EXIT_SUCCESS; return EXIT_SUCCESS;
} }
``` ```
Now all that is left is the `AcceptAndRead` function. This function accepts the new connection and passes it off to its on file descriptor `connd`. We then create our ssl object and direct it to our clients connection. Once thats done we jump into a `for ( ; ; )` loop and do a `CyaSSL_read` which will decrypt and send any data the client sends to our `buff` array. Once that happens we print the data to the console and then send a reply back to the client letting the client know that we reicieved their message. We then break out of the loop, free our ssl and close the `connd` connection since it's no longer used. We then `return 0` which tells our loop in main that it was successful and to continue listening for new connections. Now all that is left is the `AcceptAndRead` function. This function accepts the new connection and passes it off to its on file descriptor `connd`. We then create our ssl object and direct it to our clients connection. Once thats done we jump into a `for ( ; ; )` loop and do a `wolfSSL_read` which will decrypt and send any data the client sends to our `buff` array. Once that happens we print the data to the console and then send a reply back to the client letting the client know that we reicieved their message. We then break out of the loop, free our ssl and close the `connd` connection since it's no longer used. We then `return 0` which tells our loop in main that it was successful and to continue listening for new connections.
Here is the `AcceptAndRead` with more detailed comments on what's happening. Here is the `AcceptAndRead` with more detailed comments on what's happening.
```c ```c
int AcceptAndRead(CYASSL_CTX* ctx, socklen_t sockfd, struct sockaddr_in int AcceptAndRead(WOLFSSL_CTX* ctx, socklen_t sockfd, struct sockaddr_in
clientAddr) clientAddr)
{ {
/* Create our reply message */ /* Create our reply message */
@ -164,17 +164,17 @@ int AcceptAndRead(CYASSL_CTX* ctx, socklen_t sockfd, struct sockaddr_in
/* If it connects, read in and reply to the client */ /* If it connects, read in and reply to the client */
else { else {
printf("Client connected successfully\n"); printf("Client connected successfully\n");
CYASSL* ssl; WOLFSSL* ssl;
if ( (ssl = CyaSSL_new(ctx)) == NULL) { if ( (ssl = wolfSSL_new(ctx)) == NULL) {
fprintf(stderr, "CyaSSL_new error.\n"); fprintf(stderr, "wolfSSL_new error.\n");
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
/* direct our ssl to our clients connection */ /* direct our ssl to our clients connection */
CyaSSL_set_fd(ssl, connd); wolfSSL_set_fd(ssl, connd);
printf("Using Non-Blocking I/O: %d\n", CyaSSL_get_using_nonblock( printf("Using Non-Blocking I/O: %d\n", wolfSSL_get_using_nonblock(
ssl)); ssl));
for ( ; ; ) { for ( ; ; ) {
@ -185,21 +185,21 @@ int AcceptAndRead(CYASSL_CTX* ctx, socklen_t sockfd, struct sockaddr_in
memset(&buff, 0, sizeof(buff)); memset(&buff, 0, sizeof(buff));
/* Read the client data into our buff array */ /* Read the client data into our buff array */
if ((ret = CyaSSL_read(ssl, buff, sizeof(buff)-1)) > 0) { if ((ret = wolfSSL_read(ssl, buff, sizeof(buff)-1)) > 0) {
/* Print any data the client sends to the console */ /* Print any data the client sends to the console */
printf("Client: %s\n", buff); printf("Client: %s\n", buff);
/* Reply back to the client */ /* Reply back to the client */
if ((ret = CyaSSL_write(ssl, reply, sizeof(reply)-1)) if ((ret = wolfSSL_write(ssl, reply, sizeof(reply)-1))
< 0) < 0)
{ {
printf("CyaSSL_write error = %d\n", CyaSSL_get_error(ssl, ret)); printf("wolfSSL_write error = %d\n", wolfSSL_get_error(ssl, ret));
} }
} }
/* if the client disconnects break the loop */ /* if the client disconnects break the loop */
else { else {
if (ret < 0) if (ret < 0)
printf("CyaSSL_read error = %d\n", CyaSSL_get_error(ssl printf("wolfSSL_read error = %d\n", wolfSSL_get_error(ssl
,ret)); ,ret));
else if (ret == 0) else if (ret == 0)
printf("The client has closed the connection.\n"); printf("The client has closed the connection.\n");
@ -207,7 +207,7 @@ int AcceptAndRead(CYASSL_CTX* ctx, socklen_t sockfd, struct sockaddr_in
break; break;
} }
} }
CyaSSL_free(ssl); /* Free the CYASSL object */ wolfSSL_free(ssl); /* Free the WOLFSSL object */
} }
close(connd); /* close the connected socket */ close(connd); /* close the connected socket */
@ -221,7 +221,7 @@ And with that, you should now have a basic TLS server that accepts a connection,
### Adding Server Multi-threading ### Adding Server Multi-threading
To add multi-threading support to the basic `tls-server.c` that we created above, we will be using pthreads. Multi-threading will allow the server to handle multiple client connections at the same time. It will pass each new connection off into it's own thread. To do this we will create a new function called `ThreadHandler`. This function will be passed off to its own thread when a new client connection is accepted. We will also be making some minor changes to our `main()` and `AcceptAndRead` functions. To add multi-threading support to the basic `tls-server.c` that we created above, we will be using pthreads. Multi-threading will allow the server to handle multiple client connections at the same time. It will pass each new connection off into it's own thread. To do this we will create a new function called `ThreadHandler`. This function will be passed off to its own thread when a new client connection is accepted. We will also be making some minor changes to our `main()` and `AcceptAndRead` functions.
We will start by adding a `#include <pthread.h>` followed by removing our `CYASSL_CTX* ctx` from our main() function and making it global. This will allow our threads to have access to it. Because we are no long passing it into the `AcceptAndRead` function, we need to modify the prototype function to no longer take a `CyaSSL_CTX` parameter. The top of your file should now look like: We will start by adding a `#include <pthread.h>` followed by removing our `WOLFSSL_CTX* ctx` from our main() function and making it global. This will allow our threads to have access to it. Because we are no long passing it into the `AcceptAndRead` function, we need to modify the prototype function to no longer take a `wolfSSL_CTX` parameter. The top of your file should now look like:
```c ```c
#include <stdio.h> #include <stdio.h>
@ -234,8 +234,8 @@ We will start by adding a `#include <pthread.h>` followed by removing our `CYASS
#include <errno.h> #include <errno.h>
#include <pthread.h> #include <pthread.h>
/* Include the CyaSSL library for our TLS 1.2 security */ /* Include the wolfSSL library for our TLS 1.2 security */
#include <cyassl/ssl.h> #include <wolfssl/ssl.h>
#define DEFAULT_PORT 11111 #define DEFAULT_PORT 11111
@ -243,9 +243,9 @@ int AcceptAndRead(socklen_t sockfd, struct sockaddr_in clientAddr);
void *ThreadHandler(void* socketDesc); void *ThreadHandler(void* socketDesc);
/* Create a ctx pointer for our ssl */ /* Create a ctx pointer for our ssl */
CYASSL_CTX* ctx; WOLFSSL_CTX* ctx;
``` ```
Moving down to our `main()` function, we need to now remove `CYASSL_CTX* ctx` from the top of the function since it is now a global variable. Lastly we need modify the `while` loop at the bottom of `main()` to look like: Moving down to our `main()` function, we need to now remove `WOLFSSL_CTX* ctx` from the top of the function since it is now a global variable. Lastly we need modify the `while` loop at the bottom of `main()` to look like:
```c ```c
printf("Waiting for a connection...\n"); printf("Waiting for a connection...\n");
@ -262,7 +262,7 @@ Moving down to our `main()` function, we need to now remove `CYASSL_CTX* ctx` fr
``` ```
As you can tell, when we call As you can tell, when we call
loopExit = AcceptAndRead(sockfd, clientAddr); loopExit = AcceptAndRead(sockfd, clientAddr);
we are no longer passing in our `CYASSL_CTX` pointer since it's now global. we are no longer passing in our `WOLFSSL_CTX` pointer since it's now global.
Moving on, we can now modify our `AcceptAndRead` function. This function will now pass accepted connections off into their own thread using `pthreads`. This new thread will then loop, reading and writing to the connected client. Because of this most of this function will be moved into the 'ThreadHandler' function. The `AcceptAndRead` function will now look like: Moving on, we can now modify our `AcceptAndRead` function. This function will now pass accepted connections off into their own thread using `pthreads`. This new thread will then loop, reading and writing to the connected client. Because of this most of this function will be moved into the 'ThreadHandler' function. The `AcceptAndRead` function will now look like:
@ -298,19 +298,19 @@ Now that we have that passing client connections to their own threads, we need t
void *ThreadHandler(void* socketDesc) void *ThreadHandler(void* socketDesc)
{ {
int connd = *(int*)socketDesc; int connd = *(int*)socketDesc;
CYASSL* ssl; WOLFSSL* ssl;
/* Create our reply message */ /* Create our reply message */
const char reply[] = "I hear ya fa shizzle!\n"; const char reply[] = "I hear ya fa shizzle!\n";
printf("Client connected successfully\n"); printf("Client connected successfully\n");
if ( (ssl = CyaSSL_new(ctx)) == NULL) { if ( (ssl = wolfSSL_new(ctx)) == NULL) {
fprintf(stderr, "CyaSSL_new error.\n"); fprintf(stderr, "wolfSSL_new error.\n");
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
/* Direct our ssl to our clients connection */ /* Direct our ssl to our clients connection */
CyaSSL_set_fd(ssl, connd); wolfSSL_set_fd(ssl, connd);
for ( ; ; ) { for ( ; ; ) {
char buff[256]; char buff[256];
@ -320,25 +320,25 @@ void *ThreadHandler(void* socketDesc)
memset(&buff, 0, sizeof(buff)); memset(&buff, 0, sizeof(buff));
/* Read the client data into our buff array */ /* Read the client data into our buff array */
if ((ret = CyaSSL_read(ssl, buff, sizeof(buff)-1)) > 0) { if ((ret = wolfSSL_read(ssl, buff, sizeof(buff)-1)) > 0) {
/* Print any data the client sends to the console */ /* Print any data the client sends to the console */
printf("Client on Socket %d: %s\n", connd, buff); printf("Client on Socket %d: %s\n", connd, buff);
/* Reply back to the client */ /* Reply back to the client */
if ((ret = CyaSSL_write(ssl, reply, sizeof(reply)-1)) if ((ret = wolfSSL_write(ssl, reply, sizeof(reply)-1))
< 0) { < 0) {
printf("CyaSSL_write error = %d\n", CyaSSL_get_error(ssl, ret)); printf("wolfSSL_write error = %d\n", wolfSSL_get_error(ssl, ret));
} }
} }
/* if the client disconnects break the loop */ /* if the client disconnects break the loop */
else { else {
if (ret < 0) if (ret < 0)
printf("CyaSSL_read error = %d\n", CyaSSL_get_error(ssl printf("wolfSSL_read error = %d\n", wolfSSL_get_error(ssl
,ret)); ,ret));
else if (ret == 0) else if (ret == 0)
printf("The client has closed the connection.\n"); printf("The client has closed the connection.\n");
CyaSSL_free(ssl); /* Free the CYASSL object */ wolfSSL_free(ssl); /* Free the WOLFSSL object */
close(connd); /* close the connected socket */ close(connd); /* close the connected socket */
break; break;
} }
@ -370,8 +370,8 @@ To start, let's create our enumerator and prototype functions. The top of your f
#include <sys/fcntl.h> #include <sys/fcntl.h>
#include <errno.h> #include <errno.h>
/* Include the CyaSSL library for our TLS 1.2 security */ /* Include the wolfSSL library for our TLS 1.2 security */
#include <cyassl/ssl.h> #include <wolfssl/ssl.h>
#define DEFAULT_PORT 11111 #define DEFAULT_PORT 11111
@ -380,14 +380,14 @@ To start, let's create our enumerator and prototype functions. The top of your f
*/ */
enum read_write_t {WRITE, READ, ACCEPT}; enum read_write_t {WRITE, READ, ACCEPT};
int AcceptAndRead(CYASSL_CTX* ctx, socklen_t socketfd, int AcceptAndRead(WOLFSSL_CTX* ctx, socklen_t socketfd,
struct sockaddr_in clientAddr); struct sockaddr_in clientAddr);
int TCPSelect(socklen_t socketfd); int TCPSelect(socklen_t socketfd);
int NonBlocking_ReadWriteAccept(CYASSL* ssl, socklen_t socketfd, int NonBlocking_ReadWriteAccept(WOLFSSL* ssl, socklen_t socketfd,
enum read_write_t rw); enum read_write_t rw);
``` ```
We will start by modifying our `main()` function. Because we are using non-blocking we need to give our socket specific options. To do this, we will make a `setsockopt()` call just above our `CyaSSL_init()` call. It should look something like the following: We will start by modifying our `main()` function. Because we are using non-blocking we need to give our socket specific options. To do this, we will make a `setsockopt()` call just above our `wolfSSL_init()` call. It should look something like the following:
```c ```c
/* If positive value, the socket is valid */ /* If positive value, the socket is valid */
@ -400,8 +400,8 @@ We will start by modifying our `main()` function. Because we are using non-block
< 0) < 0)
printf("setsockopt SO_REUSEADDR failed\n"); printf("setsockopt SO_REUSEADDR failed\n");
/* Initialize CyaSSL */ /* Initialize wolfSSL */
CyaSSL_Init(); wolfSSL_Init();
``` ```
Now we are going to re-write our `AcceptAndRead()` function such that it now takes into consideration non-blocking I/O. This function will be directing our `ssl` object to our client. we will then use a `for ( ; ; )` loop to call our `NonBlocking_ReadWriteAccept()` function passing our `READ` and `WRITE` enums in respectively. This tells our `NonBlocking_ReadWriteAccept()` function what we currently want it to do; read or write. Now we are going to re-write our `AcceptAndRead()` function such that it now takes into consideration non-blocking I/O. This function will be directing our `ssl` object to our client. we will then use a `for ( ; ; )` loop to call our `NonBlocking_ReadWriteAccept()` function passing our `READ` and `WRITE` enums in respectively. This tells our `NonBlocking_ReadWriteAccept()` function what we currently want it to do; read or write.
@ -409,7 +409,7 @@ Now we are going to re-write our `AcceptAndRead()` function such that it now tak
The function, with more detailed comments should now look like: The function, with more detailed comments should now look like:
```c ```c
int AcceptAndRead(CYASSL_CTX* ctx, socklen_t socketfd, struct sockaddr_in clientAddr) int AcceptAndRead(WOLFSSL_CTX* ctx, socklen_t socketfd, struct sockaddr_in clientAddr)
{ {
socklen_t size = sizeof(clientAddr); socklen_t size = sizeof(clientAddr);
@ -423,16 +423,16 @@ int AcceptAndRead(CYASSL_CTX* ctx, socklen_t socketfd, struct sockaddr_in client
/* If it connects, read in and reply to the client */ /* If it connects, read in and reply to the client */
else { else {
printf("Client connected successfully!\n"); printf("Client connected successfully!\n");
CYASSL* ssl; WOLFSSL* ssl;
if ( (ssl = CyaSSL_new(ctx)) == NULL) { if ( (ssl = wolfSSL_new(ctx)) == NULL) {
fprintf(stderr, "CyaSSL_new error.\n"); fprintf(stderr, "wolfSSL_new error.\n");
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
/* Direct our ssl to our clients connection */ /* Direct our ssl to our clients connection */
CyaSSL_set_fd(ssl, connd); wolfSSL_set_fd(ssl, connd);
/* Sets CyaSSL_accept(ssl) */ /* Sets wolfSSL_accept(ssl) */
if(NonBlocking_ReadWriteAccept(ssl, socketfd, ACCEPT) < 0) if(NonBlocking_ReadWriteAccept(ssl, socketfd, ACCEPT) < 0)
return 0; return 0;
@ -448,7 +448,7 @@ int AcceptAndRead(CYASSL_CTX* ctx, socklen_t socketfd, struct sockaddr_in client
if (NonBlocking_ReadWriteAccept(ssl, socketfd, WRITE) == 0) if (NonBlocking_ReadWriteAccept(ssl, socketfd, WRITE) == 0)
break; break;
} }
CyaSSL_free(ssl); /* Free the CYASSL object */ wolfSSL_free(ssl); /* Free the WOLFSSL object */
} }
close(connd); /* close the connected socket */ close(connd); /* close the connected socket */
@ -456,12 +456,12 @@ int AcceptAndRead(CYASSL_CTX* ctx, socklen_t socketfd, struct sockaddr_in client
} }
``` ```
Next we will write the `NonBlocking_ReadWriteAccept()` function. This function in short swtiches between doing `CyaSSL_accept()`, `CyaSSL_read()`, and `CyaSSL_write()`. It uses a while loop to loop on the socket and assign new client connections to the next available socket using the `TCPSelect()` function we will be writing soon. It then asks each socket if it wants read or wants write. This function should look like: Next we will write the `NonBlocking_ReadWriteAccept()` function. This function in short swtiches between doing `wolfSSL_accept()`, `wolfSSL_read()`, and `wolfSSL_write()`. It uses a while loop to loop on the socket and assign new client connections to the next available socket using the `TCPSelect()` function we will be writing soon. It then asks each socket if it wants read or wants write. This function should look like:
```c ```c
/* Checks if NonBlocking I/O is wanted, if it is wanted it will /* Checks if NonBlocking I/O is wanted, if it is wanted it will
* wait until it's available on the socket before reading or writing */ * wait until it's available on the socket before reading or writing */
int NonBlocking_ReadWriteAccept(CYASSL* ssl, socklen_t socketfd, int NonBlocking_ReadWriteAccept(WOLFSSL* ssl, socklen_t socketfd,
enum read_write_t rw) enum read_write_t rw)
{ {
const char reply[] = "I hear ya fa shizzle!\n"; const char reply[] = "I hear ya fa shizzle!\n";
@ -476,18 +476,18 @@ int NonBlocking_ReadWriteAccept(CYASSL* ssl, socklen_t socketfd,
memset(&buff, 0, sizeof(buff)); memset(&buff, 0, sizeof(buff));
if (rw == READ) if (rw == READ)
rwret = CyaSSL_read(ssl, buff, sizeof(buff)-1); rwret = wolfSSL_read(ssl, buff, sizeof(buff)-1);
else if (rw == WRITE) else if (rw == WRITE)
rwret = CyaSSL_write(ssl, reply, sizeof(reply)-1); rwret = wolfSSL_write(ssl, reply, sizeof(reply)-1);
else if (rw == ACCEPT) else if (rw == ACCEPT)
rwret = CyaSSL_accept(ssl); rwret = wolfSSL_accept(ssl);
if (rwret == 0) { if (rwret == 0) {
printf("The client has closed the connection!\n"); printf("The client has closed the connection!\n");
return 0; return 0;
} }
else if (rwret != SSL_SUCCESS) { else if (rwret != SSL_SUCCESS) {
int error = CyaSSL_get_error(ssl, 0); int error = wolfSSL_get_error(ssl, 0);
/* while I/O is not ready, keep waiting */ /* while I/O is not ready, keep waiting */
while ((error == SSL_ERROR_WANT_READ || while ((error == SSL_ERROR_WANT_READ ||
@ -502,13 +502,13 @@ int NonBlocking_ReadWriteAccept(CYASSL* ssl, socklen_t socketfd,
if ((selectRet == 1) || (selectRet == 2)) { if ((selectRet == 1) || (selectRet == 2)) {
if (rw == READ) if (rw == READ)
rwret = CyaSSL_read(ssl, buff, sizeof(buff)-1); rwret = wolfSSL_read(ssl, buff, sizeof(buff)-1);
else if (rw == WRITE) else if (rw == WRITE)
rwret = CyaSSL_write(ssl, reply, sizeof(reply)-1); rwret = wolfSSL_write(ssl, reply, sizeof(reply)-1);
else if (rw == ACCEPT) else if (rw == ACCEPT)
rwret = CyaSSL_accept(ssl); rwret = wolfSSL_accept(ssl);
error = CyaSSL_get_error(ssl, 0); error = wolfSSL_get_error(ssl, 0);
} }
else { else {
error = SSL_FATAL_ERROR; error = SSL_FATAL_ERROR;
@ -520,9 +520,9 @@ int NonBlocking_ReadWriteAccept(CYASSL* ssl, socklen_t socketfd,
printf("Client: %s\n", buff); printf("Client: %s\n", buff);
/* Reply back to the client */ /* Reply back to the client */
else if (rw == WRITE) { else if (rw == WRITE) {
if ((ret = CyaSSL_write(ssl, reply, sizeof(reply)-1)) < 0) { if ((ret = wolfSSL_write(ssl, reply, sizeof(reply)-1)) < 0) {
printf("CyaSSL_write error = %d\n", printf("wolfSSL_write error = %d\n",
CyaSSL_get_error(ssl, ret)); wolfSSL_get_error(ssl, ret));
} }
} }
} }
@ -574,11 +574,11 @@ const char* cert = "../certs/ca-cert.pem";
Now comes changing the `ClientGreet()` function so its arguments and functions incorporate the security library. Now comes changing the `ClientGreet()` function so its arguments and functions incorporate the security library.
```c ```c
void ClientGreet(int sock, CYASSL* ssl) void ClientGreet(int sock, WOLFSSL* ssl)
if (CyaSSL_write(ssl, send, strlen(send)) != strlen(send)) { if (wolfSSL_write(ssl, send, strlen(send)) != strlen(send)) {
if (CyaSSL_read(ssl, receive, MAXDATASIZE) == 0) { if (wolfSSL_read(ssl, receive, MAXDATASIZE) == 0) {
``` ```
You can think of this as, instead of just a normal read and write, it is now a “secure” read and write. We also need to change the call to `ClientGreet()` in `main()`. Instead of calling directly to it, we should make a call to a `Security()` that will then check the server for the correct `certs`. To do this, change: You can think of this as, instead of just a normal read and write, it is now a “secure” read and write. We also need to change the call to `ClientGreet()` in `main()`. Instead of calling directly to it, we should make a call to a `Security()` that will then check the server for the correct `certs`. To do this, change:
@ -601,38 +601,38 @@ Now we just have to make the `Security()` function. It should look something lik
*/ */
int Security(int sock) int Security(int sock)
{ {
CYASSL_CTX* ctx; WOLFSSL_CTX* ctx;
CYASSL* ssl; /* create CYASSL object */ WOLFSSL* ssl; /* create WOLFSSL object */
int ret = 0; int ret = 0;
CyaSSL_Init(); /* initialize CyaSSL */ wolfSSL_Init(); /* initialize wolfSSL */
/* create and initiLize CYASSL_CTX structure */ /* create and initiLize WOLFSSL_CTX structure */
if ((ctx = CyaSSL_CTX_new(CyaTLSv1_2_client_method())) == NULL) { if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL) {
printf("SSL_CTX_new error.\n"); printf("SSL_CTX_new error.\n");
return EXIT_FAILURE; return EXIT_FAILURE;
} }
/* load CA certificates into CyaSSL_CTX. which will verify the server */ /* load CA certificates into wolfSSL_CTX. which will verify the server */
if (CyaSSL_CTX_load_verify_locations(ctx, cert, 0) != SSL_SUCCESS) { if (wolfSSL_CTX_load_verify_locations(ctx, cert, 0) != SSL_SUCCESS) {
printf("Error loading %s. Please check the file.\n", cert); printf("Error loading %s. Please check the file.\n", cert);
return EXIT_FAILURE; return EXIT_FAILURE;
} }
if ((ssl = CyaSSL_new(ctx)) == NULL) { if ((ssl = wolfSSL_new(ctx)) == NULL) {
printf("CyaSSL_new error.\n"); printf("wolfSSL_new error.\n");
return EXIT_FAILURE; return EXIT_FAILURE;
} }
CyaSSL_set_fd(ssl, sock); wolfSSL_set_fd(ssl, sock);
ret = CyaSSL_connect(ssl); ret = wolfSSL_connect(ssl);
if (ret == SSL_SUCCESS) { if (ret == SSL_SUCCESS) {
ret = ClientGreet(sock, ssl); ret = ClientGreet(sock, ssl);
} }
/* frees all data before client termination */ /* frees all data before client termination */
CyaSSL_free(ssl); wolfSSL_free(ssl);
CyaSSL_CTX_free(ctx); wolfSSL_CTX_free(ctx);
CyaSSL_Cleanup(); wolfSSL_Cleanup();
return ret; return ret;
} }
@ -647,48 +647,48 @@ As you can see, this is where we make the call to “greet” the server. This
In case the connection to the server gets lost, and you want to save time, youll want to be able to resume the connection. In this example, we disconnect from the server, then reconnect to the same session afterwards, bypassing the handshake process and ultimately saving time. To accomplish this, youll need to add some variable declarations in `Security()`. In case the connection to the server gets lost, and you want to save time, youll want to be able to resume the connection. In this example, we disconnect from the server, then reconnect to the same session afterwards, bypassing the handshake process and ultimately saving time. To accomplish this, youll need to add some variable declarations in `Security()`.
```c ```c
CYASSL_SESSION* session = 0;/* cyassl session */ WOLFSSL_SESSION* session = 0;/* wolfssl session */
CYASSL* sslResume; /* create CYASSL object for connection loss */ WOLFSSL* sslResume; /* create WOLFSSL object for connection loss */
``` ```
Next we'll have to add some code to disconnect and then reconnect to the server. This should be added after your `ClientGreet()` call in `Security()`. Next we'll have to add some code to disconnect and then reconnect to the server. This should be added after your `ClientGreet()` call in `Security()`.
```c ```c
/* saves the session */ /* saves the session */
session = CyaSSL_get_session(ssl); session = wolfSSL_get_session(ssl);
CyaSSL_free(ssl); wolfSSL_free(ssl);
/* closes the connection */ /* closes the connection */
close(sock); close(sock);
/* new ssl to reconnect to */ /* new ssl to reconnect to */
sslResume = CyaSSL_new(ctx); sslResume = wolfSSL_new(ctx);
/* makes a new socket to connect to */ /* makes a new socket to connect to */
sock = socket(AF_INET, SOCK_STREAM, 0); sock = socket(AF_INET, SOCK_STREAM, 0);
/* sets session to old session */ /* sets session to old session */
CyaSSL_set_session(sslResume, session); wolfSSL_set_session(sslResume, session);
/* connects to new socket */ /* connects to new socket */
if (connect(sock, (struct sockaddr *) &addr, sizeof(addr)) < 0) { if (connect(sock, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
/* if socket fails to connect to the server*/ /* if socket fails to connect to the server*/
ret = CyaSSL_get_error(ssl, 0); ret = wolfSSL_get_error(ssl, 0);
printf("Connect error. Error: %i\n", ret); printf("Connect error. Error: %i\n", ret);
return EXIT_FAILURE; return EXIT_FAILURE;
} }
/* sets new file discriptior */ /* sets new file discriptior */
CyaSSL_set_fd(sslResume, sock); wolfSSL_set_fd(sslResume, sock);
/* reconects to CyaSSL */ /* reconects to wolfSSL */
ret = CyaSSL_connect(sslResume); ret = wolfSSL_connect(sslResume);
if (ret != SSL_SUCCESS) { if (ret != SSL_SUCCESS) {
return ret; return ret;
} }
/* checks to see if the new session is the same as the old session */ /* checks to see if the new session is the same as the old session */
if (CyaSSL_session_reused(sslResume)) if (wolfSSL_session_reused(sslResume))
printf("Re-used session ID\n"); printf("Re-used session ID\n");
else else
printf("Did not re-use session ID\n"); printf("Did not re-use session ID\n");
@ -697,7 +697,7 @@ else
ret = ClientGreet(sock, sslResume); ret = ClientGreet(sock, sslResume);
``` ```
We will aslo have to slightly alter our last `CyaSSL_free()` call. Instead of `CyaSSL_free(ssl);` it needs to state `CyaSSL_free(sslResume);` We will aslo have to slightly alter our last `wolfSSL_free()` call. Instead of `wolfSSL_free(ssl);` it needs to state `wolfSSL_free(sslResume);`
**The finished source code for this can be [found here.](https://github.com/wolfSSL/wolfssl-examples/blob/master/tls/client-tls-resume.c)** **The finished source code for this can be [found here.](https://github.com/wolfSSL/wolfssl-examples/blob/master/tls/client-tls-resume.c)**
@ -747,12 +747,12 @@ static inline int tcp_select(int socketfd, int to_sec)
return TEST_SELECT_FAIL; return TEST_SELECT_FAIL;
} }
int NonBlockConnect(CYASSL* ssl) int NonBlockConnect(WOLFSSL* ssl)
{ {
int ret = CyaSSL_connect(ssl); int ret = wolfSSL_connect(ssl);
int error = CyaSSL_get_error(ssl, 0); int error = wolfSSL_get_error(ssl, 0);
int sockfd = (int)CyaSSL_get_fd(ssl); int sockfd = (int)wolfSSL_get_fd(ssl);
int select_ret; int select_ret;
while (ret != SSL_SUCCESS && (error == SSL_ERROR_WANT_READ || while (ret != SSL_SUCCESS && (error == SSL_ERROR_WANT_READ ||
@ -768,8 +768,8 @@ int NonBlockConnect(CYASSL* ssl)
if ((select_ret == TEST_RECV_READY) || if ((select_ret == TEST_RECV_READY) ||
(select_ret == TEST_ERROR_READY)) { (select_ret == TEST_ERROR_READY)) {
ret = CyaSSL_connect(ssl); ret = wolfSSL_connect(ssl);
error = CyaSSL_get_error(ssl, 0); error = wolfSSL_get_error(ssl, 0);
} }
else if (select_ret == TEST_TIMEOUT) { else if (select_ret == TEST_TIMEOUT) {
error = SSL_ERROR_WANT_READ; error = SSL_ERROR_WANT_READ;
@ -792,7 +792,7 @@ We will also need to make some chances to `ClientGreet()` which should now look
/* /*
* clients initial contact with server. (socket to connect, security layer) * clients initial contact with server. (socket to connect, security layer)
*/ */
int ClientGreet(CYASSL* ssl) int ClientGreet(WOLFSSL* ssl)
{ {
/* data to send to the server, data recieved from the server */ /* data to send to the server, data recieved from the server */
char sendBuff[MAXDATASIZE], rcvBuff[MAXDATASIZE] = {0}; char sendBuff[MAXDATASIZE], rcvBuff[MAXDATASIZE] = {0};
@ -801,23 +801,23 @@ int ClientGreet(CYASSL* ssl)
printf("Message for server:\t"); printf("Message for server:\t");
fgets(sendBuff, MAXDATASIZE, stdin); fgets(sendBuff, MAXDATASIZE, stdin);
if (CyaSSL_write(ssl, sendBuff, strlen(sendBuff)) != strlen(sendBuff)) { if (wolfSSL_write(ssl, sendBuff, strlen(sendBuff)) != strlen(sendBuff)) {
/* the message is not able to send, or error trying */ /* the message is not able to send, or error trying */
ret = CyaSSL_get_error(ssl, 0); ret = wolfSSL_get_error(ssl, 0);
printf("Write error: Error: %d\n", ret); printf("Write error: Error: %d\n", ret);
return EXIT_FAILURE; return EXIT_FAILURE;
} }
ret = CyaSSL_read(ssl, rcvBuff, MAXDATASIZE); ret = wolfSSL_read(ssl, rcvBuff, MAXDATASIZE);
if (ret <= 0) { if (ret <= 0) {
/* the server failed to send data, or error trying */ /* the server failed to send data, or error trying */
ret = CyaSSL_get_error(ssl, 0); ret = wolfSSL_get_error(ssl, 0);
while (ret == SSL_ERROR_WANT_READ) { while (ret == SSL_ERROR_WANT_READ) {
ret = CyaSSL_read(ssl, rcvBuff, MAXDATASIZE); ret = wolfSSL_read(ssl, rcvBuff, MAXDATASIZE);
ret = CyaSSL_get_error(ssl, 0); ret = wolfSSL_get_error(ssl, 0);
} }
if (ret < 0) { if (ret < 0) {
ret = CyaSSL_get_error(ssl, 0); ret = wolfSSL_get_error(ssl, 0);
printf("Read error. Error: %d\n", ret); printf("Read error. Error: %d\n", ret);
return EXIT_FAILURE; return EXIT_FAILURE;
} }
@ -830,17 +830,17 @@ int ClientGreet(CYASSL* ssl)
Now we need to check for non-blocking in our `Security()` function. To do this, we change: Now we need to check for non-blocking in our `Security()` function. To do this, we change:
```c ```c
CyaSSL_set_fd(ssl, sock); wolfSSL_set_fd(ssl, sock);
ret = CyaSSL_connect(ssl); ret = wolfSSL_connect(ssl);
if (ret == SSL_SUCCESS) { if (ret == SSL_SUCCESS) {
ret = ClientGreet(sock, ssl); ret = ClientGreet(sock, ssl);
} }
``` ```
to to
```c ```c
CyaSSL_set_fd(ssl, sock); wolfSSL_set_fd(ssl, sock);
CyaSSL_set_using_nonblock(ssl, 1); wolfSSL_set_using_nonblock(ssl, 1);
ret = NonBlockConnect(ssl); ret = NonBlockConnect(ssl);
if (ret == SSL_SUCCESS) { if (ret == SSL_SUCCESS) {
ret = ClientGreet(ssl); ret = ClientGreet(ssl);