len0rd/FreeRTOS-Kernel
1
0
Fork 0
mirror of https://github.com/FreeRTOS/FreeRTOS-Kernel.git synced 2025-08-18 09:08:33 -04:00
Code Issues Projects Releases Packages Wiki Activity

Update WolfSSL library to the latest version.

Browse source
This commit is contained in:
Richard Barry 2015-08-28 13:46:22 +00:00
parent 8af1ad9bac
commit 5a6242fbd0
443 changed files with 70230 additions and 45414 deletions
Download patch file Download diff file Expand all files Collapse all files

233
FreeRTOS-Plus/Source/WolfSSL/examples/server/server.c
View file

@ -1,15 +1,15 @@
/* server.c
*
* Copyright (C) 2006-2014 wolfSSL Inc.
* Copyright (C) 2006-2015 wolfSSL Inc.
*
* This file is part of CyaSSL.
* This file is part of wolfSSL. (formerly known as CyaSSL)
*
* CyaSSL is free software; you can redistribute it and/or modify
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* CyaSSL is distributed in the hope that it will be useful,
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
@ -22,12 +22,16 @@
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <cyassl/ssl.h> /* name change portability layer */
#include <cyassl/ctaocrypt/settings.h>
#ifdef HAVE_ECC
#include <cyassl/ctaocrypt/ecc.h> /* ecc_fp_free */
#endif
#if !defined(CYASSL_TRACK_MEMORY) && !defined(NO_MAIN_DRIVER)
#if !defined(WOLFSSL_TRACK_MEMORY) && !defined(NO_MAIN_DRIVER)
/* in case memory tracker wants stats */
#define CYASSL_TRACK_MEMORY
#define WOLFSSL_TRACK_MEMORY
#endif
#if defined(CYASSL_MDK_ARM)
@ -56,6 +60,12 @@
Timeval srvTo;
#endif
#ifndef NO_HANDSHAKE_DONE_CB
int myHsDoneCb(WOLFSSL* ssl, void* user_ctx);
#endif
static void NonBlockingSSL_Accept(SSL* ssl)
{
#ifndef CYASSL_CALLBACKS
@ -112,7 +122,7 @@ static void NonBlockingSSL_Accept(SSL* ssl)
static void Usage(void)
{
printf("server " LIBCYASSL_VERSION_STRING
" NOTE: All files relative to CyaSSL home dir\n");
" NOTE: All files relative to wolfSSL home dir\n");
printf("-? Help, print this usage\n");
printf("-p <num> Port to listen on, not 0, default %d\n", yasslPort);
printf("-v <num> SSL version [0-3], SSLv3(0) - TLS1.2(3)), default %d\n",
@ -121,15 +131,23 @@ static void Usage(void)
printf("-c <file> Certificate file, default %s\n", svrCert);
printf("-k <file> Key file, default %s\n", svrKey);
printf("-A <file> Certificate Authority file, default %s\n", cliCert);
#ifndef NO_DH
printf("-D <file> Diffie-Hellman Params file, default %s\n", dhParam);
printf("-Z <num> Minimum DH key bits, default %d\n",
DEFAULT_MIN_DHKEY_BITS);
#endif
printf("-d Disable client cert check\n");
printf("-b Bind to any interface instead of localhost only\n");
printf("-s Use pre Shared keys\n");
printf("-t Track CyaSSL memory use\n");
printf("-t Track wolfSSL memory use\n");
printf("-u Use UDP DTLS,"
" add -v 2 for DTLSv1 (default), -v 3 for DTLSv1.2\n");
printf("-f Fewer packets/group messages\n");
printf("-R Create server ready file, for external monitor\n");
printf("-r Allow one client Resumption\n");
printf("-N Use Non-blocking sockets\n");
printf("-S <str> Use Host Name Indication\n");
printf("-w Wait for bidirectional shutdown\n");
#ifdef HAVE_OCSP
printf("-o Perform OCSP lookup on peer certificate\n");
printf("-O <url> Perform OCSP lookup using <url> as responder\n");
@ -137,6 +155,9 @@ static void Usage(void)
#ifdef HAVE_PK_CALLBACKS
printf("-P Public Key Callbacks\n");
#endif
#ifdef HAVE_ANON
printf("-a Anonymous server\n");
#endif
}
THREAD_RETURN CYASSL_THREAD server_test(void* args)
@ -157,16 +178,24 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
int useAnyAddr = 0;
word16 port = yasslPort;
int usePsk = 0;
int useAnon = 0;
int doDTLS = 0;
int needDH = 0;
int useNtruKey = 0;
int nonBlocking = 0;
int trackMemory = 0;
int fewerPackets = 0;
int pkCallbacks = 0;
int serverReadyFile = 0;
int wc_shutdown = 0;
int resume = 0; /* do resume, and resume count */
int minDhKeyBits = DEFAULT_MIN_DHKEY_BITS;
int ret;
char* cipherList = NULL;
const char* verifyCert = cliCert;
const char* ourCert = svrCert;
const char* ourKey = svrKey;
const char* ourDhParam = dhParam;
int argc = ((func_args*)args)->argc;
char** argv = ((func_args*)args)->argv;
@ -188,8 +217,21 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
#endif
(void)trackMemory;
(void)pkCallbacks;
(void)needDH;
(void)ourKey;
(void)ourCert;
(void)ourDhParam;
(void)verifyCert;
(void)useNtruKey;
(void)doCliCertCheck;
(void)minDhKeyBits;
while ((ch = mygetopt(argc, argv, "?dbstnNufPp:v:l:A:c:k:S:oO:")) != -1) {
#ifdef CYASSL_TIRTOS
fdOpenSession(Task_self());
#endif
while ((ch = mygetopt(argc, argv, "?dbstnNufrRawPp:v:l:A:c:k:Z:S:oO:D:"))
!= -1) {
switch (ch) {
case '?' :
Usage();
@ -208,7 +250,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
break;
case 't' :
#ifdef USE_CYASSL_MEMORY
#ifdef USE_WOLFSSL_MEMORY
trackMemory = 1;
#endif
break;
@ -225,6 +267,16 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
fewerPackets = 1;
break;
case 'R' :
serverReadyFile = 1;
break;
case 'r' :
#ifndef NO_SESSION_CACHE
resume = 1;
#endif
break;
case 'P' :
#ifdef HAVE_PK_CALLBACKS
pkCallbacks = 1;
@ -239,6 +291,10 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
#endif
break;
case 'w' :
wc_shutdown = 1;
break;
case 'v' :
version = atoi(myoptarg);
if (version < 0 || version > 3) {
@ -263,6 +319,22 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
ourKey = myoptarg;
break;
case 'D' :
#ifndef NO_DH
ourDhParam = myoptarg;
#endif
break;
case 'Z' :
#ifndef NO_DH
minDhKeyBits = atoi(myoptarg);
if (minDhKeyBits <= 0 || minDhKeyBits > 16000) {
Usage();
exit(MY_EX_USAGE);
}
#endif
break;
case 'N':
nonBlocking = 1;
break;
@ -286,6 +358,12 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
#endif
break;
case 'a' :
#ifdef HAVE_ANON
useAnon = 1;
#endif
break;
default:
Usage();
exit(MY_EX_USAGE);
@ -341,9 +419,11 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
#endif
#ifdef CYASSL_DTLS
#ifndef NO_OLD_TLS
case -1:
method = DTLSv1_server_method();
break;
#endif
case -2:
method = DTLSv1_2_server_method();
@ -361,6 +441,13 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
if (ctx == NULL)
err_sys("unable to get ctx");
#if defined(HAVE_SESSION_TICKET) && defined(HAVE_CHACHA) && \
defined(HAVE_POLY1305)
if (TicketInit() != 0)
err_sys("unable to setup Session Ticket Key context");
wolfSSL_CTX_set_TicketEncCb(ctx, myTicketEncCb);
#endif
if (cipherList)
if (SSL_CTX_set_cipher_list(ctx, cipherList) != SSL_SUCCESS)
err_sys("server can't set cipher list 1");
@ -381,29 +468,33 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
#endif
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
if (!usePsk) {
if (!usePsk && !useAnon) {
if (SSL_CTX_use_certificate_file(ctx, ourCert, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("can't load server cert file, check file and run from"
" CyaSSL home dir");
" wolfSSL home dir");
}
#endif
#ifndef NO_DH
wolfSSL_CTX_SetMinDhKey_Sz(ctx, (word16)minDhKeyBits);
#endif
#ifdef HAVE_NTRU
if (useNtruKey) {
if (CyaSSL_CTX_use_NTRUPrivateKey_file(ctx, ourKey)
!= SSL_SUCCESS)
err_sys("can't load ntru key file, "
"Please run from CyaSSL home dir");
"Please run from wolfSSL home dir");
}
#endif
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
if (!useNtruKey && !usePsk) {
if (!useNtruKey && !usePsk && !useAnon) {
if (SSL_CTX_use_PrivateKey_file(ctx, ourKey, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("can't load server private key file, check file and run "
"from CyaSSL home dir");
"from wolfSSL home dir");
}
#endif
@ -413,7 +504,10 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
SSL_CTX_use_psk_identity_hint(ctx, "cyassl server");
if (cipherList == NULL) {
const char *defaultCipherList;
#ifdef HAVE_NULL_CIPHER
#if defined(HAVE_AESGCM) && !defined(NO_DH)
defaultCipherList = "DHE-PSK-AES128-GCM-SHA256";
needDH = 1;
#elif defined(HAVE_NULL_CIPHER)
defaultCipherList = "PSK-NULL-SHA256";
#else
defaultCipherList = "PSK-AES128-CBC-SHA256";
@ -424,17 +518,27 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
#endif
}
if (useAnon) {
#ifdef HAVE_ANON
CyaSSL_CTX_allow_anon_cipher(ctx);
if (cipherList == NULL) {
if (SSL_CTX_set_cipher_list(ctx, "ADH-AES128-SHA") != SSL_SUCCESS)
err_sys("server can't set cipher list 4");
}
#endif
}
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
/* if not using PSK, verify peer with certs */
if (doCliCertCheck && usePsk == 0) {
if (doCliCertCheck && usePsk == 0 && useAnon == 0) {
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER |
SSL_VERIFY_FAIL_IF_NO_PEER_CERT,0);
if (SSL_CTX_load_verify_locations(ctx, verifyCert, 0) != SSL_SUCCESS)
err_sys("can't load ca file, Please run from CyaSSL home dir");
err_sys("can't load ca file, Please run from wolfSSL home dir");
}
#endif
#if defined(CYASSL_SNIFFER) && !defined(HAVE_NTRU) && !defined(HAVE_ECC)
#if defined(CYASSL_SNIFFER)
/* don't use EDH, can't sniff tmp keys */
if (cipherList == NULL) {
if (SSL_CTX_set_cipher_list(ctx, "AES256-SHA256") != SSL_SUCCESS)
@ -449,10 +553,31 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
err_sys("UseSNI failed");
#endif
while (1) { /* allow resume option */
if (resume > 1) { /* already did listen, just do accept */
if (doDTLS == 0) {
SOCKADDR_IN_T client;
socklen_t client_len = sizeof(client);
clientfd = accept(sockfd, (struct sockaddr*)&client,
(ACCEPT_THIRD_T)&client_len);
} else {
tcp_listen(&sockfd, &port, useAnyAddr, doDTLS);
clientfd = udp_read_connect(sockfd);
}
#ifdef USE_WINDOWS_API
if (clientfd == INVALID_SOCKET) err_sys("tcp accept failed");
#else
if (clientfd == -1) err_sys("tcp accept failed");
#endif
}
ssl = SSL_new(ctx);
if (ssl == NULL)
err_sys("unable to get SSL");
#ifndef NO_HANDSHAKE_DONE_CB
wolfSSL_SetHsDoneCb(ssl, myHsDoneCb, NULL);
#endif
#ifdef HAVE_CRL
CyaSSL_EnableCRL(ssl, 0);
CyaSSL_LoadCRL(ssl, crlPemDir, SSL_FILETYPE_PEM, CYASSL_CRL_MONITOR |
@ -475,14 +600,15 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
SetupPkCallbacks(ctx, ssl);
#endif
tcp_accept(&sockfd, &clientfd, (func_args*)args, port, useAnyAddr, doDTLS);
if (!doDTLS)
CloseSocket(sockfd);
if (resume < 2) { /* do listen and accept */
tcp_accept(&sockfd, &clientfd, (func_args*)args, port, useAnyAddr,
doDTLS, serverReadyFile);
}
SSL_set_fd(ssl, clientfd);
if (usePsk == 0 || cipherList != NULL) {
#if !defined(NO_FILESYSTEM) && !defined(NO_DH)
CyaSSL_SetTmpDH_file(ssl, dhParam, SSL_FILETYPE_PEM);
if (usePsk == 0 || useAnon == 1 || cipherList != NULL || needDH == 1) {
#if !defined(NO_FILESYSTEM) && !defined(NO_DH) && !defined(NO_ASN)
CyaSSL_SetTmpDH_file(ssl, ourDhParam, SSL_FILETYPE_PEM);
#elif !defined(NO_DH)
SetDH(ssl); /* repick suites with DHE, higher priority than PSK */
#endif
@ -521,21 +647,52 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
#if defined(CYASSL_MDK_SHELL) && defined(HAVE_MDK_RTX)
os_dly_wait(500) ;
#elif defined (CYASSL_TIRTOS)
Task_yield();
#endif
SSL_shutdown(ssl);
if (doDTLS == 0) {
ret = SSL_shutdown(ssl);
if (wc_shutdown && ret == SSL_SHUTDOWN_NOT_DONE)
SSL_shutdown(ssl); /* bidirectional shutdown */
}
SSL_free(ssl);
if (resume == 1) {
CloseSocket(clientfd);
resume++; /* only do one resume for testing */
continue;
}
break; /* out of while loop, done with normal and resume option */
}
SSL_CTX_free(ctx);
CloseSocket(clientfd);
CloseSocket(sockfd);
((func_args*)args)->return_code = 0;
#ifdef USE_CYASSL_MEMORY
#if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \
&& defined(HAVE_THREAD_LS)
ecc_fp_free(); /* free per thread cache */
#endif
#ifdef USE_WOLFSSL_MEMORY
if (trackMemory)
ShowMemoryTracker();
#endif /* USE_CYASSL_MEMORY */
#endif
#ifdef CYASSL_TIRTOS
fdCloseSession(Task_self());
#endif
#if defined(HAVE_SESSION_TICKET) && defined(HAVE_CHACHA) && \
defined(HAVE_POLY1305)
TicketCleanup();
#endif
#ifndef CYASSL_TIRTOS
return 0;
#endif
}
@ -561,7 +718,9 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
#if defined(DEBUG_CYASSL) && !defined(CYASSL_MDK_SHELL)
CyaSSL_Debugging_ON();
#endif
if (CurrentDir("server"))
if (CurrentDir("_build"))
ChangeDirBack(1);
else if (CurrentDir("server"))
ChangeDirBack(2);
else if (CurrentDir("Debug") || CurrentDir("Release"))
ChangeDirBack(3);
@ -602,3 +761,17 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
#endif
#ifndef NO_HANDSHAKE_DONE_CB
int myHsDoneCb(WOLFSSL* ssl, void* user_ctx)
{
(void)user_ctx;
(void)ssl;
/* printf("Notified HandShake done\n"); */
/* return negative number to end TLS connection now */
return 0;
}
#endif