From 8775b5c06dcf2f1fef94ab0ff68655f1295bd5fe Mon Sep 17 00:00:00 2001 From: David Garske Date: Fri, 3 Jan 2025 11:59:26 -0800 Subject: [PATCH] Minor improvements. Tested with RSA and ECC for both DTLS v1.2 and v1.3. Tested with/without calling accept/connect. Tested with calling `wolfSSL_is_init_finished`. --- .gitignore | 1 + dtls/memory-bio-dtls.c | 70 ++++++++++++++++++++++++++++++------------ 2 files changed, 52 insertions(+), 19 deletions(-) diff --git a/.gitignore b/.gitignore index a83f10cd..c591d1fe 100644 --- a/.gitignore +++ b/.gitignore @@ -56,6 +56,7 @@ android/wolfssljni-ndk-sample/proguard-project.txt /dtls/client-dtls /dtls/client-dtls13 /dtls/client-udp +/dtls/memory-bio-dtls /dtls/server-dtls-callback /dtls/server-dtls-ipv6 /dtls/server-dtls-nonblocking diff --git a/dtls/memory-bio-dtls.c b/dtls/memory-bio-dtls.c index ea0485bc..9a84b355 100644 --- a/dtls/memory-bio-dtls.c +++ b/dtls/memory-bio-dtls.c @@ -1,6 +1,6 @@ /* memory-bio-dtls.c * - * Copyright (C) 2006-2020 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. (formerly known as CyaSSL) * @@ -22,11 +22,18 @@ /* in memory TLS connection with I/O callbacks, no sockets * - gcc -Wall memory-tls.c -l wolfssl -lpthread +./configure --enable-opensslall --enable-dtls --enable-dtls13 --enable-debug +make +sudo make install +gcc -o memory-bio-dtls -Wall memory-bio-dtls.c -lwolfssl -lpthread */ + +#ifndef WOLFSSL_USER_SETTINGS #include +#endif + #include #include @@ -43,10 +50,16 @@ static void err_sys(const char* msg) exit(1); } +#ifndef NO_RSA +#define CERT_FILE "../certs/server-cert.pem" +#define KEY_FILE "../certs/server-key.pem" +#define CA_FILE "../certs/ca-cert.pem" +#else +#define CERT_FILE "../certs/server-ecc.pem" +#define KEY_FILE "../certs/ecc-key.pem" +#define CA_FILE "../certs/ca-ecc-cert.pem" +#endif -#define key "../certs/server-key.pem" -#define cert "../certs/server-cert.pem" -#define cacert "../certs/ca-cert.pem" typedef struct IO_HANDLES { WOLFSSL_BIO* rbio; @@ -64,16 +77,16 @@ static void* client_thread(void* args) /* set up client */ cli_ctx = wolfSSL_CTX_new( #ifdef WOLFSSL_DTLS13 - wolfDTLSv1_3_client_method() + wolfDTLSv1_3_client_method() #else - wolfDTLSv1_2_client_method() + wolfDTLSv1_2_client_method() #endif ); if (cli_ctx == NULL) { err_sys("bad client ctx new"); } - ret = wolfSSL_CTX_load_verify_locations(cli_ctx, cacert, NULL); + ret = wolfSSL_CTX_load_verify_locations(cli_ctx, CA_FILE, NULL); if (ret != WOLFSSL_SUCCESS) { err_sys("bad ca load"); } @@ -84,23 +97,26 @@ static void* client_thread(void* args) } wolfSSL_set_bio(cli_ssl, io->wbio, io->rbio); + +#if 1 err = 0; do { sem_wait(&io->bioSem); ret = wolfSSL_connect(cli_ssl); sem_post(&io->bioSem); - err = wolfSSL_get_error(cli_ssl, ret); - } while (ret != WOLFSSL_SUCCESS && + err = wolfSSL_get_error(cli_ssl, ret); + } while (ret != WOLFSSL_SUCCESS && ((err == WOLFSSL_ERROR_WANT_READ) || (err == WOLFSSL_ERROR_WANT_WRITE))); if (ret != WOLFSSL_SUCCESS) err_sys("bad client tls connect"); printf("wolfSSL client success!\n"); +#endif do { sem_wait(&io->bioSem); ret = wolfSSL_write(cli_ssl, "hello memory wolfSSL!", 21); sem_post(&io->bioSem); - err = wolfSSL_get_error(cli_ssl, ret); - } while (ret <= 0 && + err = wolfSSL_get_error(cli_ssl, ret); + } while (ret <= 0 && ((err == WOLFSSL_ERROR_WANT_READ) || (err == WOLFSSL_ERROR_WANT_WRITE))); /* clean up, wolfSSL_free would also free the WOLFSSL_BIO's so set as NULL @@ -120,8 +136,15 @@ int main() int ret, err; WOLFSSL_CTX* srv_ctx = NULL; WOLFSSL* srv_ssl = NULL; + WOLFSSL_CIPHER* cipher; + const char *name; pthread_t tid; +#if 0 + wolfSSL_Debugging_ON(); +#endif + wolfSSL_Init(); + io.rbio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()); io.wbio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()); sem_init(&io.bioSem, 0, 1); @@ -136,12 +159,12 @@ int main() ); if (srv_ctx == NULL) err_sys("bad server ctx new"); - ret = wolfSSL_CTX_use_PrivateKey_file(srv_ctx, key, WOLFSSL_FILETYPE_PEM); + ret = wolfSSL_CTX_use_PrivateKey_file(srv_ctx, KEY_FILE, WOLFSSL_FILETYPE_PEM); if (ret != WOLFSSL_SUCCESS) { err_sys("bad server key file load"); } - ret = wolfSSL_CTX_use_certificate_file(srv_ctx, cert, WOLFSSL_FILETYPE_PEM); + ret = wolfSSL_CTX_use_certificate_file(srv_ctx, CERT_FILE, WOLFSSL_FILETYPE_PEM); if (ret != WOLFSSL_SUCCESS) { err_sys("bad server cert file load"); } @@ -157,26 +180,34 @@ int main() /* start client thread */ pthread_create(&tid, 0, client_thread, (void*)&io); +#if 1 /* accept tls connection without tcp sockets */ err = 0; do { sem_wait(&io.bioSem); ret = wolfSSL_accept(srv_ssl); sem_post(&io.bioSem); - err = wolfSSL_get_error(srv_ssl, ret); - } while (ret != WOLFSSL_SUCCESS && + err = wolfSSL_get_error(srv_ssl, ret); + } while (ret != WOLFSSL_SUCCESS && ((err == WOLFSSL_ERROR_WANT_READ) || (err == WOLFSSL_ERROR_WANT_WRITE))); if (ret != WOLFSSL_SUCCESS) err_sys("bad server tls accept"); printf("wolfSSL accept success!\n"); + printf("Version: %s\n", wolfSSL_get_version(srv_ssl)); + cipher = wolfSSL_get_current_cipher(srv_ssl); + printf("Cipher Suite: %s\n", wolfSSL_CIPHER_get_name(cipher)); + if ((name = wolfSSL_get_curve_name(srv_ssl)) != NULL) + printf("Curve: %s\n", name); +#endif + /* read msg post handshake from client */ memset(buf, 0, sizeof(buf)); do { sem_wait(&io.bioSem); ret = wolfSSL_read(srv_ssl, buf, sizeof(buf)-1); sem_post(&io.bioSem); - err = wolfSSL_get_error(srv_ssl, ret); - } while (ret != 0 && + err = wolfSSL_get_error(srv_ssl, ret); + } while (ret != 0 && ((err == WOLFSSL_ERROR_WANT_READ) || (err == WOLFSSL_ERROR_WANT_WRITE))); if (ret >= 0) { printf("client msg = %s\n", buf); @@ -189,6 +220,7 @@ int main() wolfSSL_free(srv_ssl); /* This also does free on rbio and wbio */ wolfSSL_CTX_free(srv_ctx); + wolfSSL_Cleanup(); + return 0; } -