2017-05-11 14:01:41 +02:00
|
|
|
/* server.c
|
|
|
|
|
*
|
2018-02-19 12:29:49 +01:00
|
|
|
* Copyright (C) 2006-2017 wolfSSL Inc.
|
2017-05-11 14:01:41 +02:00
|
|
|
*
|
|
|
|
|
* This file is part of wolfSSL.
|
|
|
|
|
*
|
|
|
|
|
* wolfSSL is free software; you can redistribute it and/or modify
|
|
|
|
|
* it under the terms of the GNU General Public License as published by
|
|
|
|
|
* the Free Software Foundation; either version 2 of the License, or
|
|
|
|
|
* (at your option) any later version.
|
|
|
|
|
*
|
|
|
|
|
* wolfSSL is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
|
* along with this program; if not, write to the Free Software
|
|
|
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#ifdef HAVE_CONFIG_H
|
|
|
|
|
#include <config.h>
|
|
|
|
|
#endif
|
|
|
|
|
#include <cyassl/ssl.h> /* name change portability layer */
|
|
|
|
|
|
|
|
|
|
#include <cyassl/ctaocrypt/settings.h>
|
|
|
|
|
#ifdef HAVE_ECC
|
|
|
|
|
#include <cyassl/ctaocrypt/ecc.h> /* ecc_fp_free */
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#if defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET)
|
|
|
|
|
#include <stdio.h>
|
|
|
|
|
#include <string.h>
|
|
|
|
|
|
|
|
|
|
#if !defined(WOLFSSL_MDK_ARM)
|
|
|
|
|
#include "cmsis_os.h"
|
|
|
|
|
#include "rl_fs.h"
|
|
|
|
|
#include "rl_net.h"
|
|
|
|
|
#else
|
|
|
|
|
#include "rtl.h"
|
|
|
|
|
#include "wolfssl_MDK_ARM.h"
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#endif
|
|
|
|
|
#include <cyassl/openssl/ssl.h>
|
|
|
|
|
#include <cyassl/test.h>
|
2018-02-19 12:29:49 +01:00
|
|
|
#ifdef CYASSL_DTLS
|
|
|
|
|
#include <cyassl/error-ssl.h>
|
|
|
|
|
#endif
|
2017-05-11 14:01:41 +02:00
|
|
|
|
|
|
|
|
#include "examples/server/server.h"
|
|
|
|
|
|
2018-02-19 12:29:49 +01:00
|
|
|
#ifndef NO_WOLFSSL_SERVER
|
|
|
|
|
|
2017-05-11 14:01:41 +02:00
|
|
|
#ifdef WOLFSSL_ASYNC_CRYPT
|
|
|
|
|
static int devId = INVALID_DEVID;
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
/* Note on using port 0: if the server uses port 0 to bind an ephemeral port
|
|
|
|
|
* number and is using the ready file for scripted testing, the code in
|
|
|
|
|
* test.h will write the actual port number into the ready file for use
|
|
|
|
|
* by the client. */
|
|
|
|
|
|
2018-02-19 12:29:49 +01:00
|
|
|
static const char webServerMsg[] =
|
|
|
|
|
"HTTP/1.1 200 OK\n"
|
|
|
|
|
"Content-Type: text/html\n"
|
|
|
|
|
"Connection: close\n"
|
|
|
|
|
"\n"
|
|
|
|
|
"<html>\n"
|
|
|
|
|
"<head>\n"
|
|
|
|
|
"<title>Welcome to wolfSSL!</title>\n"
|
|
|
|
|
"</head>\n"
|
|
|
|
|
"<body>\n"
|
|
|
|
|
"<p>wolfSSL has successfully performed handshake!</p>\n"
|
|
|
|
|
"</body>\n"
|
|
|
|
|
"</html>\n";
|
|
|
|
|
|
|
|
|
|
int runWithErrors = 0; /* Used with -x flag to run err_sys vs. print errors */
|
|
|
|
|
|
|
|
|
|
|
2017-05-11 14:01:41 +02:00
|
|
|
#ifdef CYASSL_CALLBACKS
|
|
|
|
|
Timeval srvTo;
|
2018-02-19 12:29:49 +01:00
|
|
|
static int srvHandShakeCB(HandShakeInfo* info)
|
|
|
|
|
{
|
|
|
|
|
(void)info;
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int srvTimeoutCB(TimeoutInfo* info)
|
|
|
|
|
{
|
|
|
|
|
(void)info;
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2017-05-11 14:01:41 +02:00
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#ifndef NO_HANDSHAKE_DONE_CB
|
2018-02-19 12:29:49 +01:00
|
|
|
static int myHsDoneCb(WOLFSSL* ssl, void* user_ctx)
|
|
|
|
|
{
|
|
|
|
|
(void)user_ctx;
|
|
|
|
|
(void)ssl;
|
|
|
|
|
|
|
|
|
|
/* printf("Notified HandShake done\n"); */
|
|
|
|
|
|
|
|
|
|
/* return negative number to end TLS connection now */
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
2017-05-11 14:01:41 +02:00
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
|
2018-02-19 12:29:49 +01:00
|
|
|
static void err_sys_ex(int out, const char* msg)
|
|
|
|
|
{
|
|
|
|
|
if (out == 1) { /* if server is running w/ -x flag, print error w/o exit */
|
|
|
|
|
printf("wolfSSL error: %s\n", msg);
|
|
|
|
|
printf("Continuing server execution...\n\n");
|
|
|
|
|
} else {
|
|
|
|
|
err_sys(msg);
|
|
|
|
|
}
|
|
|
|
|
}
|
2017-05-11 14:01:41 +02:00
|
|
|
|
|
|
|
|
static int NonBlockingSSL_Accept(SSL* ssl)
|
|
|
|
|
{
|
|
|
|
|
#ifndef CYASSL_CALLBACKS
|
|
|
|
|
int ret = SSL_accept(ssl);
|
|
|
|
|
#else
|
|
|
|
|
int ret = CyaSSL_accept_ex(ssl, srvHandShakeCB, srvTimeoutCB, srvTo);
|
|
|
|
|
#endif
|
|
|
|
|
int error = SSL_get_error(ssl, 0);
|
|
|
|
|
SOCKET_T sockfd = (SOCKET_T)CyaSSL_get_fd(ssl);
|
2018-02-19 12:29:49 +01:00
|
|
|
int select_ret = 0;
|
2017-05-11 14:01:41 +02:00
|
|
|
|
2018-02-19 12:29:49 +01:00
|
|
|
while (ret != WOLFSSL_SUCCESS && (error == WOLFSSL_ERROR_WANT_READ ||
|
|
|
|
|
error == WOLFSSL_ERROR_WANT_WRITE ||
|
|
|
|
|
error == WC_PENDING_E)) {
|
2017-05-11 14:01:41 +02:00
|
|
|
int currTimeout = 1;
|
|
|
|
|
|
2018-02-19 12:29:49 +01:00
|
|
|
if (error == WOLFSSL_ERROR_WANT_READ) {
|
2017-05-11 14:01:41 +02:00
|
|
|
/* printf("... server would read block\n"); */
|
2018-02-19 12:29:49 +01:00
|
|
|
}
|
|
|
|
|
else if (error == WOLFSSL_ERROR_WANT_WRITE) {
|
2017-05-11 14:01:41 +02:00
|
|
|
/* printf("... server would write block\n"); */
|
|
|
|
|
}
|
2018-02-19 12:29:49 +01:00
|
|
|
#ifdef WOLFSSL_ASYNC_CRYPT
|
|
|
|
|
else if (error == WC_PENDING_E) {
|
|
|
|
|
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
|
|
|
|
|
if (ret < 0) break;
|
|
|
|
|
}
|
|
|
|
|
#endif
|
2017-05-11 14:01:41 +02:00
|
|
|
|
2018-02-19 12:29:49 +01:00
|
|
|
if (error != WC_PENDING_E) {
|
|
|
|
|
#ifdef CYASSL_DTLS
|
|
|
|
|
currTimeout = CyaSSL_dtls_get_current_timeout(ssl);
|
|
|
|
|
#endif
|
|
|
|
|
select_ret = tcp_select(sockfd, currTimeout);
|
|
|
|
|
}
|
2017-05-11 14:01:41 +02:00
|
|
|
|
|
|
|
|
if ((select_ret == TEST_RECV_READY) ||
|
2018-02-19 12:29:49 +01:00
|
|
|
(select_ret == TEST_ERROR_READY) || error == WC_PENDING_E) {
|
2017-05-11 14:01:41 +02:00
|
|
|
#ifndef CYASSL_CALLBACKS
|
|
|
|
|
ret = SSL_accept(ssl);
|
|
|
|
|
#else
|
|
|
|
|
ret = CyaSSL_accept_ex(ssl,
|
|
|
|
|
srvHandShakeCB, srvTimeoutCB, srvTo);
|
|
|
|
|
#endif
|
|
|
|
|
error = SSL_get_error(ssl, 0);
|
|
|
|
|
}
|
|
|
|
|
else if (select_ret == TEST_TIMEOUT && !CyaSSL_dtls(ssl)) {
|
2018-02-19 12:29:49 +01:00
|
|
|
error = WOLFSSL_ERROR_WANT_READ;
|
2017-05-11 14:01:41 +02:00
|
|
|
}
|
2018-02-19 12:29:49 +01:00
|
|
|
#ifdef CYASSL_DTLS
|
2017-05-11 14:01:41 +02:00
|
|
|
else if (select_ret == TEST_TIMEOUT && CyaSSL_dtls(ssl) &&
|
|
|
|
|
CyaSSL_dtls_got_timeout(ssl) >= 0) {
|
2018-02-19 12:29:49 +01:00
|
|
|
error = WOLFSSL_ERROR_WANT_READ;
|
2017-05-11 14:01:41 +02:00
|
|
|
}
|
2018-02-19 12:29:49 +01:00
|
|
|
#endif
|
2017-05-11 14:01:41 +02:00
|
|
|
else {
|
2018-02-19 12:29:49 +01:00
|
|
|
error = WOLFSSL_FATAL_ERROR;
|
2017-05-11 14:01:41 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Echo number of bytes specified by -e arg */
|
|
|
|
|
int ServerEchoData(SSL* ssl, int clientfd, int echoData, int throughput)
|
|
|
|
|
{
|
2018-02-19 12:29:49 +01:00
|
|
|
int ret = 0, err;
|
|
|
|
|
double start = 0, rx_time = 0, tx_time = 0;
|
|
|
|
|
int xfer_bytes = 0, select_ret, len, rx_pos;
|
|
|
|
|
char* buffer;
|
|
|
|
|
|
|
|
|
|
buffer = (char*)malloc(TEST_BUFFER_SIZE);
|
|
|
|
|
if (!buffer) {
|
|
|
|
|
err_sys_ex(runWithErrors, "Server buffer malloc failed");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
while ((echoData && throughput == 0) ||
|
|
|
|
|
(!echoData && xfer_bytes < throughput))
|
|
|
|
|
{
|
|
|
|
|
select_ret = tcp_select(clientfd, 1); /* Timeout=1 second */
|
|
|
|
|
if (select_ret == TEST_RECV_READY) {
|
|
|
|
|
|
|
|
|
|
len = min(TEST_BUFFER_SIZE, throughput - xfer_bytes);
|
|
|
|
|
rx_pos = 0;
|
|
|
|
|
|
|
|
|
|
if (throughput) {
|
|
|
|
|
start = current_time(1);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Read data */
|
|
|
|
|
while (rx_pos < len) {
|
|
|
|
|
ret = SSL_read(ssl, &buffer[rx_pos], len - rx_pos);
|
|
|
|
|
if (ret < 0) {
|
|
|
|
|
err = SSL_get_error(ssl, 0);
|
|
|
|
|
#ifdef WOLFSSL_ASYNC_CRYPT
|
|
|
|
|
if (err == WC_PENDING_E) {
|
|
|
|
|
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
|
|
|
|
|
if (ret < 0) break;
|
2017-05-11 14:01:41 +02:00
|
|
|
}
|
2018-02-19 12:29:49 +01:00
|
|
|
else
|
|
|
|
|
#endif
|
|
|
|
|
if (err != WOLFSSL_ERROR_WANT_READ &&
|
|
|
|
|
err != WOLFSSL_ERROR_ZERO_RETURN) {
|
|
|
|
|
printf("SSL_read echo error %d\n", err);
|
|
|
|
|
err_sys_ex(runWithErrors, "SSL_read failed");
|
2017-05-11 14:01:41 +02:00
|
|
|
}
|
|
|
|
|
}
|
2018-02-19 12:29:49 +01:00
|
|
|
else {
|
|
|
|
|
rx_pos += ret;
|
2017-05-11 14:01:41 +02:00
|
|
|
}
|
2018-02-19 12:29:49 +01:00
|
|
|
}
|
|
|
|
|
if (throughput) {
|
|
|
|
|
rx_time += current_time(0) - start;
|
|
|
|
|
start = current_time(1);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Write data */
|
|
|
|
|
do {
|
|
|
|
|
err = 0; /* reset error */
|
|
|
|
|
ret = SSL_write(ssl, buffer, len);
|
|
|
|
|
if (ret <= 0) {
|
|
|
|
|
err = SSL_get_error(ssl, 0);
|
|
|
|
|
#ifdef WOLFSSL_ASYNC_CRYPT
|
|
|
|
|
if (err == WC_PENDING_E) {
|
|
|
|
|
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
|
|
|
|
|
if (ret < 0) break;
|
|
|
|
|
}
|
|
|
|
|
#endif
|
2017-05-11 14:01:41 +02:00
|
|
|
}
|
2018-02-19 12:29:49 +01:00
|
|
|
} while (err == WC_PENDING_E);
|
|
|
|
|
if (ret != len) {
|
|
|
|
|
printf("SSL_write echo error %d\n", err);
|
|
|
|
|
err_sys_ex(runWithErrors, "SSL_write failed");
|
|
|
|
|
}
|
2017-05-11 14:01:41 +02:00
|
|
|
|
2018-02-19 12:29:49 +01:00
|
|
|
if (throughput) {
|
|
|
|
|
tx_time += current_time(0) - start;
|
2017-05-11 14:01:41 +02:00
|
|
|
}
|
2018-02-19 12:29:49 +01:00
|
|
|
|
|
|
|
|
xfer_bytes += len;
|
2017-05-11 14:01:41 +02:00
|
|
|
}
|
|
|
|
|
}
|
2018-02-19 12:29:49 +01:00
|
|
|
|
|
|
|
|
free(buffer);
|
|
|
|
|
|
|
|
|
|
if (throughput) {
|
|
|
|
|
printf("wolfSSL Server Benchmark %d bytes\n"
|
|
|
|
|
"\tRX %8.3f ms (%8.3f MBps)\n"
|
|
|
|
|
"\tTX %8.3f ms (%8.3f MBps)\n",
|
|
|
|
|
throughput,
|
|
|
|
|
tx_time * 1000, throughput / tx_time / 1024 / 1024,
|
|
|
|
|
rx_time * 1000, throughput / rx_time / 1024 / 1024
|
|
|
|
|
);
|
2017-05-11 14:01:41 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return EXIT_SUCCESS;
|
|
|
|
|
}
|
|
|
|
|
|
2018-02-19 12:29:49 +01:00
|
|
|
static void ServerRead(WOLFSSL* ssl, char* input, int inputLen)
|
|
|
|
|
{
|
|
|
|
|
int ret, err;
|
|
|
|
|
char buffer[CYASSL_MAX_ERROR_SZ];
|
|
|
|
|
|
|
|
|
|
/* Read data */
|
|
|
|
|
do {
|
|
|
|
|
err = 0; /* reset error */
|
|
|
|
|
ret = SSL_read(ssl, input, inputLen);
|
|
|
|
|
if (ret < 0) {
|
|
|
|
|
err = SSL_get_error(ssl, 0);
|
|
|
|
|
|
|
|
|
|
#ifdef WOLFSSL_ASYNC_CRYPT
|
|
|
|
|
if (err == WC_PENDING_E) {
|
|
|
|
|
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
|
|
|
|
|
if (ret < 0) break;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
#endif
|
|
|
|
|
#ifdef CYASSL_DTLS
|
|
|
|
|
if (wolfSSL_dtls(ssl) && err == DECRYPT_ERROR) {
|
|
|
|
|
printf("Dropped client's message due to a bad MAC\n");
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
#endif
|
|
|
|
|
if (err != WOLFSSL_ERROR_WANT_READ) {
|
|
|
|
|
printf("SSL_read input error %d, %s\n", err,
|
|
|
|
|
ERR_error_string(err, buffer));
|
|
|
|
|
err_sys_ex(runWithErrors, "SSL_read failed");
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
} while (err == WC_PENDING_E);
|
|
|
|
|
if (ret > 0) {
|
|
|
|
|
input[ret] = 0; /* null terminate message */
|
|
|
|
|
printf("Client message: %s\n", input);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void ServerWrite(WOLFSSL* ssl, const char* output, int outputLen)
|
|
|
|
|
{
|
|
|
|
|
int ret, err;
|
|
|
|
|
char buffer[CYASSL_MAX_ERROR_SZ];
|
|
|
|
|
|
|
|
|
|
do {
|
|
|
|
|
err = 0; /* reset error */
|
|
|
|
|
ret = SSL_write(ssl, output, outputLen);
|
|
|
|
|
if (ret <= 0) {
|
|
|
|
|
err = SSL_get_error(ssl, 0);
|
|
|
|
|
|
|
|
|
|
#ifdef WOLFSSL_ASYNC_CRYPT
|
|
|
|
|
if (err == WC_PENDING_E) {
|
|
|
|
|
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
|
|
|
|
|
if (ret < 0) break;
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
}
|
|
|
|
|
} while (err == WC_PENDING_E || err == WOLFSSL_ERROR_WANT_WRITE);
|
|
|
|
|
if (ret != outputLen) {
|
|
|
|
|
printf("SSL_write msg error %d, %s\n", err,
|
|
|
|
|
ERR_error_string(err, buffer));
|
|
|
|
|
err_sys_ex(runWithErrors, "SSL_write failed");
|
|
|
|
|
}
|
|
|
|
|
}
|
2017-05-11 14:01:41 +02:00
|
|
|
|
|
|
|
|
static void Usage(void)
|
|
|
|
|
{
|
|
|
|
|
printf("server " LIBCYASSL_VERSION_STRING
|
|
|
|
|
" NOTE: All files relative to wolfSSL home dir\n");
|
|
|
|
|
printf("-? Help, print this usage\n");
|
|
|
|
|
printf("-p <num> Port to listen on, not 0, default %d\n", yasslPort);
|
2018-02-19 12:29:49 +01:00
|
|
|
#ifndef WOLFSSL_TLS13
|
2017-05-11 14:01:41 +02:00
|
|
|
printf("-v <num> SSL version [0-3], SSLv3(0) - TLS1.2(3)), default %d\n",
|
|
|
|
|
SERVER_DEFAULT_VERSION);
|
2018-02-19 12:29:49 +01:00
|
|
|
#else
|
|
|
|
|
printf("-v <num> SSL version [0-4], SSLv3(0) - TLS1.3(4)), default %d\n",
|
|
|
|
|
SERVER_DEFAULT_VERSION);
|
|
|
|
|
#endif
|
2017-05-11 14:01:41 +02:00
|
|
|
printf("-l <str> Cipher suite list (: delimited)\n");
|
2018-02-19 12:29:49 +01:00
|
|
|
printf("-c <file> Certificate file, default %s\n", svrCertFile);
|
|
|
|
|
printf("-k <file> Key file, default %s\n", svrKeyFile);
|
|
|
|
|
printf("-A <file> Certificate Authority file, default %s\n", cliCertFile);
|
2017-05-11 14:01:41 +02:00
|
|
|
printf("-R <file> Create Ready file for external monitor default none\n");
|
|
|
|
|
#ifndef NO_DH
|
2018-02-19 12:29:49 +01:00
|
|
|
printf("-D <file> Diffie-Hellman Params file, default %s\n", dhParamFile);
|
2017-05-11 14:01:41 +02:00
|
|
|
printf("-Z <num> Minimum DH key bits, default %d\n",
|
|
|
|
|
DEFAULT_MIN_DHKEY_BITS);
|
|
|
|
|
#endif
|
|
|
|
|
#ifdef HAVE_ALPN
|
|
|
|
|
printf("-L <str> Application-Layer Protocol Negotiation ({C,F}:<list>)\n");
|
|
|
|
|
#endif
|
|
|
|
|
printf("-d Disable client cert check\n");
|
|
|
|
|
printf("-b Bind to any interface instead of localhost only\n");
|
|
|
|
|
printf("-s Use pre Shared keys\n");
|
|
|
|
|
printf("-u Use UDP DTLS,"
|
|
|
|
|
" add -v 2 for DTLSv1, -v 3 for DTLSv1.2 (default)\n");
|
|
|
|
|
#ifdef WOLFSSL_SCTP
|
|
|
|
|
printf("-G Use SCTP DTLS,"
|
|
|
|
|
" add -v 2 for DTLSv1, -v 3 for DTLSv1.2 (default)\n");
|
|
|
|
|
#endif
|
|
|
|
|
printf("-f Fewer packets/group messages\n");
|
|
|
|
|
printf("-r Allow one client Resumption\n");
|
|
|
|
|
printf("-N Use Non-blocking sockets\n");
|
|
|
|
|
printf("-S <str> Use Host Name Indication\n");
|
|
|
|
|
printf("-w Wait for bidirectional shutdown\n");
|
|
|
|
|
#ifdef HAVE_OCSP
|
|
|
|
|
printf("-o Perform OCSP lookup on peer certificate\n");
|
|
|
|
|
printf("-O <url> Perform OCSP lookup using <url> as responder\n");
|
|
|
|
|
#endif
|
|
|
|
|
#ifdef HAVE_PK_CALLBACKS
|
|
|
|
|
printf("-P Public Key Callbacks\n");
|
|
|
|
|
#endif
|
|
|
|
|
#ifdef HAVE_ANON
|
|
|
|
|
printf("-a Anonymous server\n");
|
|
|
|
|
#endif
|
|
|
|
|
#ifndef NO_PSK
|
|
|
|
|
printf("-I Do not send PSK identity hint\n");
|
|
|
|
|
#endif
|
2018-02-19 12:29:49 +01:00
|
|
|
printf("-x Print server errors but do not close connection\n");
|
2017-05-11 14:01:41 +02:00
|
|
|
printf("-i Loop indefinitely (allow repeated connections)\n");
|
|
|
|
|
printf("-e Echo data mode (return raw bytes received)\n");
|
|
|
|
|
#ifdef HAVE_NTRU
|
|
|
|
|
printf("-n Use NTRU key (needed for NTRU suites)\n");
|
|
|
|
|
#endif
|
|
|
|
|
printf("-B <num> Benchmark throughput using <num> bytes and print stats\n");
|
|
|
|
|
#ifdef WOLFSSL_TRUST_PEER_CERT
|
|
|
|
|
printf("-E <file> Path to load trusted peer cert\n");
|
|
|
|
|
#endif
|
|
|
|
|
#ifdef HAVE_WNR
|
|
|
|
|
printf("-q <file> Whitewood config file, default %s\n", wnrConfig);
|
2018-02-19 12:29:49 +01:00
|
|
|
#endif
|
|
|
|
|
printf("-g Return basic HTML web page\n");
|
|
|
|
|
printf("-C <num> The number of connections to accept, default: 1\n");
|
|
|
|
|
printf("-H <arg> Internal tests [defCipherList, badCert]\n");
|
|
|
|
|
#ifdef WOLFSSL_TLS13
|
|
|
|
|
printf("-K Key Exchange for PSK not using (EC)DHE\n");
|
|
|
|
|
printf("-U Update keys and IVs before sending\n");
|
|
|
|
|
#ifdef WOLFSSL_POST_HANDSHAKE_AUTH
|
|
|
|
|
printf("-Q Request certificate from client post-handshake\n");
|
|
|
|
|
#endif
|
|
|
|
|
#ifdef WOLFSSL_SEND_HRR_COOKIE
|
|
|
|
|
printf("-J Server sends Cookie Extension containing state\n");
|
|
|
|
|
#endif
|
|
|
|
|
#endif
|
|
|
|
|
#ifdef WOLFSSL_EARLY_DATA
|
|
|
|
|
printf("-0 Early data read from client (0-RTT handshake)\n");
|
|
|
|
|
#endif
|
|
|
|
|
#ifdef WOLFSSL_MULTICAST
|
|
|
|
|
printf("-3 <grpid> Multicast, grpid < 256\n");
|
2017-05-11 14:01:41 +02:00
|
|
|
#endif
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
THREAD_RETURN CYASSL_THREAD server_test(void* args)
|
|
|
|
|
{
|
|
|
|
|
SOCKET_T sockfd = WOLFSSL_SOCKET_INVALID;
|
|
|
|
|
SOCKET_T clientfd = WOLFSSL_SOCKET_INVALID;
|
|
|
|
|
|
|
|
|
|
wolfSSL_method_func method = NULL;
|
|
|
|
|
SSL_CTX* ctx = 0;
|
|
|
|
|
SSL* ssl = 0;
|
|
|
|
|
|
|
|
|
|
#ifndef WOLFSSL_ALT_TEST_STRINGS
|
|
|
|
|
const char msg[] = "I hear you fa shizzle!";
|
|
|
|
|
#else
|
|
|
|
|
const char msg[] = "I hear you fa shizzle!\n";
|
|
|
|
|
#endif
|
2018-02-19 12:29:49 +01:00
|
|
|
int useWebServerMsg = 0;
|
2017-05-11 14:01:41 +02:00
|
|
|
char input[80];
|
|
|
|
|
int ch;
|
|
|
|
|
int version = SERVER_DEFAULT_VERSION;
|
|
|
|
|
int doCliCertCheck = 1;
|
|
|
|
|
int useAnyAddr = 0;
|
|
|
|
|
word16 port = wolfSSLPort;
|
|
|
|
|
int usePsk = 0;
|
|
|
|
|
int usePskPlus = 0;
|
|
|
|
|
int useAnon = 0;
|
|
|
|
|
int doDTLS = 0;
|
|
|
|
|
int dtlsUDP = 0;
|
|
|
|
|
int dtlsSCTP = 0;
|
2018-02-19 12:29:49 +01:00
|
|
|
int doMcast = 0;
|
2017-05-11 14:01:41 +02:00
|
|
|
int needDH = 0;
|
|
|
|
|
int useNtruKey = 0;
|
|
|
|
|
int nonBlocking = 0;
|
|
|
|
|
int fewerPackets = 0;
|
|
|
|
|
int pkCallbacks = 0;
|
|
|
|
|
int wc_shutdown = 0;
|
|
|
|
|
int resume = 0;
|
|
|
|
|
int resumeCount = 0;
|
2018-02-19 12:29:49 +01:00
|
|
|
int loops = 1;
|
2017-05-11 14:01:41 +02:00
|
|
|
int echoData = 0;
|
|
|
|
|
int throughput = 0;
|
|
|
|
|
int minDhKeyBits = DEFAULT_MIN_DHKEY_BITS;
|
|
|
|
|
short minRsaKeyBits = DEFAULT_MIN_RSAKEY_BITS;
|
|
|
|
|
short minEccKeyBits = DEFAULT_MIN_ECCKEY_BITS;
|
|
|
|
|
int doListen = 1;
|
|
|
|
|
int crlFlags = 0;
|
|
|
|
|
int ret;
|
|
|
|
|
int err = 0;
|
|
|
|
|
char* serverReadyFile = NULL;
|
|
|
|
|
char* alpnList = NULL;
|
|
|
|
|
unsigned char alpn_opt = 0;
|
|
|
|
|
char* cipherList = NULL;
|
2018-02-19 12:29:49 +01:00
|
|
|
int useDefCipherList = 0;
|
|
|
|
|
int useBadCert = 0;
|
|
|
|
|
const char* verifyCert = cliCertFile;
|
|
|
|
|
const char* ourCert = svrCertFile;
|
|
|
|
|
const char* ourKey = svrKeyFile;
|
|
|
|
|
const char* ourDhParam = dhParamFile;
|
2017-05-11 14:01:41 +02:00
|
|
|
tcp_ready* readySignal = NULL;
|
|
|
|
|
int argc = ((func_args*)args)->argc;
|
|
|
|
|
char** argv = ((func_args*)args)->argv;
|
|
|
|
|
|
|
|
|
|
#ifdef WOLFSSL_TRUST_PEER_CERT
|
|
|
|
|
const char* trustCert = NULL;
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#ifndef NO_PSK
|
|
|
|
|
int sendPskIdentityHint = 1;
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#ifdef HAVE_SNI
|
|
|
|
|
char* sniHostName = NULL;
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#ifdef HAVE_OCSP
|
|
|
|
|
int useOcsp = 0;
|
|
|
|
|
char* ocspUrl = NULL;
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#ifdef HAVE_WNR
|
|
|
|
|
const char* wnrConfigFile = wnrConfig;
|
|
|
|
|
#endif
|
2018-02-19 12:29:49 +01:00
|
|
|
char buffer[CYASSL_MAX_ERROR_SZ];
|
|
|
|
|
#ifdef WOLFSSL_TLS13
|
|
|
|
|
int noPskDheKe = 0;
|
|
|
|
|
#endif
|
|
|
|
|
int updateKeysIVs = 0;
|
|
|
|
|
#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
|
|
|
|
|
int postHandAuth = 0;
|
|
|
|
|
#endif
|
|
|
|
|
#ifdef WOLFSSL_EARLY_DATA
|
|
|
|
|
int earlyData = 0;
|
|
|
|
|
#endif
|
|
|
|
|
#ifdef WOLFSSL_SEND_HRR_COOKIE
|
|
|
|
|
int hrrCookie = 0;
|
|
|
|
|
#endif
|
|
|
|
|
byte mcastID = 0;
|
2017-05-11 14:01:41 +02:00
|
|
|
|
|
|
|
|
#ifdef WOLFSSL_STATIC_MEMORY
|
|
|
|
|
#if (defined(HAVE_ECC) && !defined(ALT_ECC_SIZE)) \
|
|
|
|
|
|| defined(SESSION_CERTS)
|
|
|
|
|
/* big enough to handle most cases including session certs */
|
|
|
|
|
byte memory[204000];
|
|
|
|
|
#else
|
|
|
|
|
byte memory[80000];
|
|
|
|
|
#endif
|
2018-02-19 12:29:49 +01:00
|
|
|
byte memoryIO[34500]; /* max for IO buffer (TLS packet can be 16k) */
|
2017-05-11 14:01:41 +02:00
|
|
|
WOLFSSL_MEM_CONN_STATS ssl_stats;
|
2018-02-19 12:29:49 +01:00
|
|
|
#ifdef DEBUG_WOLFSSL
|
|
|
|
|
WOLFSSL_MEM_STATS mem_stats;
|
|
|
|
|
#endif
|
2017-05-11 14:01:41 +02:00
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
((func_args*)args)->return_code = -1; /* error state */
|
|
|
|
|
|
|
|
|
|
#ifdef NO_RSA
|
2018-02-19 12:29:49 +01:00
|
|
|
verifyCert = (char*)cliEccCertFile;
|
|
|
|
|
ourCert = (char*)eccCertFile;
|
|
|
|
|
ourKey = (char*)eccKeyFile;
|
2017-05-11 14:01:41 +02:00
|
|
|
#endif
|
|
|
|
|
(void)pkCallbacks;
|
|
|
|
|
(void)needDH;
|
|
|
|
|
(void)ourKey;
|
|
|
|
|
(void)ourCert;
|
|
|
|
|
(void)ourDhParam;
|
|
|
|
|
(void)verifyCert;
|
|
|
|
|
(void)useNtruKey;
|
|
|
|
|
(void)doCliCertCheck;
|
|
|
|
|
(void)minDhKeyBits;
|
|
|
|
|
(void)minRsaKeyBits;
|
|
|
|
|
(void)minEccKeyBits;
|
|
|
|
|
(void)alpnList;
|
|
|
|
|
(void)alpn_opt;
|
|
|
|
|
(void)crlFlags;
|
|
|
|
|
(void)readySignal;
|
2018-02-19 12:29:49 +01:00
|
|
|
(void)updateKeysIVs;
|
|
|
|
|
(void)mcastID;
|
|
|
|
|
(void)useBadCert;
|
2017-05-11 14:01:41 +02:00
|
|
|
|
|
|
|
|
#ifdef CYASSL_TIRTOS
|
|
|
|
|
fdOpenSession(Task_self());
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#ifdef WOLFSSL_VXWORKS
|
|
|
|
|
useAnyAddr = 1;
|
|
|
|
|
#else
|
2018-02-19 12:29:49 +01:00
|
|
|
/* Not Used: h, m, t, y, z, F, M, T, V, W, X, Y */
|
|
|
|
|
while ((ch = mygetopt(argc, argv, "?"
|
|
|
|
|
"abc:defgijk:l:nop:q:rsuv:wx"
|
|
|
|
|
"A:B:C:D:E:GH:IJKL:NO:PQR:S:UYZ:"
|
|
|
|
|
"03:")) != -1) {
|
2017-05-11 14:01:41 +02:00
|
|
|
switch (ch) {
|
|
|
|
|
case '?' :
|
|
|
|
|
Usage();
|
|
|
|
|
exit(EXIT_SUCCESS);
|
|
|
|
|
|
2018-02-19 12:29:49 +01:00
|
|
|
case 'x' :
|
|
|
|
|
runWithErrors = 1;
|
|
|
|
|
break;
|
|
|
|
|
|
2017-05-11 14:01:41 +02:00
|
|
|
case 'd' :
|
|
|
|
|
doCliCertCheck = 0;
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 'b' :
|
|
|
|
|
useAnyAddr = 1;
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 's' :
|
|
|
|
|
usePsk = 1;
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 'j' :
|
|
|
|
|
usePskPlus = 1;
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 'n' :
|
|
|
|
|
useNtruKey = 1;
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 'u' :
|
|
|
|
|
doDTLS = 1;
|
|
|
|
|
dtlsUDP = 1;
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 'G' :
|
|
|
|
|
#ifdef WOLFSSL_SCTP
|
|
|
|
|
doDTLS = 1;
|
|
|
|
|
dtlsSCTP = 1;
|
|
|
|
|
#endif
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 'f' :
|
|
|
|
|
fewerPackets = 1;
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 'R' :
|
|
|
|
|
serverReadyFile = myoptarg;
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 'r' :
|
|
|
|
|
#ifndef NO_SESSION_CACHE
|
|
|
|
|
resume = 1;
|
|
|
|
|
#endif
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 'P' :
|
|
|
|
|
#ifdef HAVE_PK_CALLBACKS
|
|
|
|
|
pkCallbacks = 1;
|
|
|
|
|
#endif
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 'p' :
|
|
|
|
|
port = (word16)atoi(myoptarg);
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 'w' :
|
|
|
|
|
wc_shutdown = 1;
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 'v' :
|
|
|
|
|
version = atoi(myoptarg);
|
2018-02-19 12:29:49 +01:00
|
|
|
if (version < 0 || version > 4) {
|
2017-05-11 14:01:41 +02:00
|
|
|
Usage();
|
|
|
|
|
exit(MY_EX_USAGE);
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 'l' :
|
|
|
|
|
cipherList = myoptarg;
|
|
|
|
|
break;
|
|
|
|
|
|
2018-02-19 12:29:49 +01:00
|
|
|
case 'H' :
|
|
|
|
|
if (XSTRNCMP(myoptarg, "defCipherList", 13) == 0) {
|
|
|
|
|
printf("Using default cipher list for testing\n");
|
|
|
|
|
useDefCipherList = 1;
|
|
|
|
|
}
|
|
|
|
|
else if (XSTRNCMP(myoptarg, "badCert", 7) == 0) {
|
|
|
|
|
printf("Using bad certificate for testing\n");
|
|
|
|
|
useBadCert = 1;
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
Usage();
|
|
|
|
|
exit(MY_EX_USAGE);
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
|
2017-05-11 14:01:41 +02:00
|
|
|
case 'A' :
|
|
|
|
|
verifyCert = myoptarg;
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 'c' :
|
|
|
|
|
ourCert = myoptarg;
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 'k' :
|
|
|
|
|
ourKey = myoptarg;
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 'D' :
|
|
|
|
|
#ifndef NO_DH
|
|
|
|
|
ourDhParam = myoptarg;
|
|
|
|
|
#endif
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 'Z' :
|
|
|
|
|
#ifndef NO_DH
|
|
|
|
|
minDhKeyBits = atoi(myoptarg);
|
|
|
|
|
if (minDhKeyBits <= 0 || minDhKeyBits > 16000) {
|
|
|
|
|
Usage();
|
|
|
|
|
exit(MY_EX_USAGE);
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 'N':
|
|
|
|
|
nonBlocking = 1;
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 'S' :
|
|
|
|
|
#ifdef HAVE_SNI
|
|
|
|
|
sniHostName = myoptarg;
|
|
|
|
|
#endif
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 'o' :
|
|
|
|
|
#ifdef HAVE_OCSP
|
|
|
|
|
useOcsp = 1;
|
|
|
|
|
#endif
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 'O' :
|
|
|
|
|
#ifdef HAVE_OCSP
|
|
|
|
|
useOcsp = 1;
|
|
|
|
|
ocspUrl = myoptarg;
|
|
|
|
|
#endif
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 'a' :
|
|
|
|
|
#ifdef HAVE_ANON
|
|
|
|
|
useAnon = 1;
|
|
|
|
|
#endif
|
|
|
|
|
break;
|
|
|
|
|
case 'I':
|
|
|
|
|
#ifndef NO_PSK
|
|
|
|
|
sendPskIdentityHint = 0;
|
|
|
|
|
#endif
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 'L' :
|
|
|
|
|
#ifdef HAVE_ALPN
|
|
|
|
|
alpnList = myoptarg;
|
|
|
|
|
|
|
|
|
|
if (alpnList[0] == 'C' && alpnList[1] == ':')
|
|
|
|
|
alpn_opt = WOLFSSL_ALPN_CONTINUE_ON_MISMATCH;
|
|
|
|
|
else if (alpnList[0] == 'F' && alpnList[1] == ':')
|
|
|
|
|
alpn_opt = WOLFSSL_ALPN_FAILED_ON_MISMATCH;
|
|
|
|
|
else {
|
|
|
|
|
Usage();
|
|
|
|
|
exit(MY_EX_USAGE);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
alpnList += 2;
|
|
|
|
|
|
|
|
|
|
#endif
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 'i' :
|
2018-02-19 12:29:49 +01:00
|
|
|
loops = -1;
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 'C' :
|
|
|
|
|
loops = atoi(myoptarg);
|
|
|
|
|
if (loops <= 0) {
|
|
|
|
|
Usage();
|
|
|
|
|
exit(MY_EX_USAGE);
|
|
|
|
|
}
|
2017-05-11 14:01:41 +02:00
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 'e' :
|
|
|
|
|
echoData = 1;
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 'B':
|
|
|
|
|
throughput = atoi(myoptarg);
|
|
|
|
|
if (throughput <= 0) {
|
|
|
|
|
Usage();
|
|
|
|
|
exit(MY_EX_USAGE);
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
#ifdef WOLFSSL_TRUST_PEER_CERT
|
|
|
|
|
case 'E' :
|
|
|
|
|
trustCert = myoptarg;
|
|
|
|
|
break;
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
case 'q' :
|
|
|
|
|
#ifdef HAVE_WNR
|
|
|
|
|
wnrConfigFile = myoptarg;
|
|
|
|
|
#endif
|
|
|
|
|
break;
|
|
|
|
|
|
2018-02-19 12:29:49 +01:00
|
|
|
case 'g' :
|
|
|
|
|
useWebServerMsg = 1;
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 'K' :
|
|
|
|
|
#ifdef WOLFSSL_TLS13
|
|
|
|
|
noPskDheKe = 1;
|
|
|
|
|
#endif
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 'U' :
|
|
|
|
|
#ifdef WOLFSSL_TLS13
|
|
|
|
|
updateKeysIVs = 1;
|
|
|
|
|
#endif
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 'Q' :
|
|
|
|
|
#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
|
|
|
|
|
postHandAuth = 1;
|
|
|
|
|
doCliCertCheck = 0;
|
|
|
|
|
#endif
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 'J' :
|
|
|
|
|
#ifdef WOLFSSL_SEND_HRR_COOKIE
|
|
|
|
|
hrrCookie = 1;
|
|
|
|
|
#endif
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case '0' :
|
|
|
|
|
#ifdef WOLFSSL_EARLY_DATA
|
|
|
|
|
earlyData = 1;
|
|
|
|
|
#endif
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case '3' :
|
|
|
|
|
#ifdef WOLFSSL_MULTICAST
|
|
|
|
|
doMcast = 1;
|
|
|
|
|
mcastID = (byte)(atoi(myoptarg) & 0xFF);
|
|
|
|
|
#endif
|
|
|
|
|
break;
|
|
|
|
|
|
2017-05-11 14:01:41 +02:00
|
|
|
default:
|
|
|
|
|
Usage();
|
|
|
|
|
exit(MY_EX_USAGE);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
myoptind = 0; /* reset for test cases */
|
|
|
|
|
#endif /* !WOLFSSL_VXWORKS */
|
|
|
|
|
|
|
|
|
|
/* Can only use DTLS over UDP or SCTP, can't do both. */
|
|
|
|
|
if (dtlsUDP && dtlsSCTP) {
|
2018-02-19 12:29:49 +01:00
|
|
|
err_sys_ex(runWithErrors, "Cannot use DTLS with both UDP and SCTP.");
|
2017-05-11 14:01:41 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* sort out DTLS versus TLS versions */
|
|
|
|
|
if (version == CLIENT_INVALID_VERSION) {
|
|
|
|
|
if (doDTLS)
|
|
|
|
|
version = CLIENT_DTLS_DEFAULT_VERSION;
|
|
|
|
|
else
|
|
|
|
|
version = CLIENT_DEFAULT_VERSION;
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
if (doDTLS) {
|
|
|
|
|
if (version == 3)
|
|
|
|
|
version = -2;
|
|
|
|
|
else
|
|
|
|
|
version = -1;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#ifdef HAVE_WNR
|
|
|
|
|
if (wc_InitNetRandom(wnrConfigFile, NULL, 5000) != 0)
|
2018-02-19 12:29:49 +01:00
|
|
|
err_sys_ex(runWithErrors, "can't load whitewood net random config file");
|
2017-05-11 14:01:41 +02:00
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
switch (version) {
|
|
|
|
|
#ifndef NO_OLD_TLS
|
|
|
|
|
#ifdef WOLFSSL_ALLOW_SSLV3
|
|
|
|
|
case 0:
|
|
|
|
|
method = wolfSSLv3_server_method_ex;
|
|
|
|
|
break;
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#ifndef NO_TLS
|
2018-02-19 12:29:49 +01:00
|
|
|
#ifdef WOLFSSL_ALLOW_TLSV10
|
2017-05-11 14:01:41 +02:00
|
|
|
case 1:
|
|
|
|
|
method = wolfTLSv1_server_method_ex;
|
|
|
|
|
break;
|
2018-02-19 12:29:49 +01:00
|
|
|
#endif
|
2017-05-11 14:01:41 +02:00
|
|
|
|
|
|
|
|
case 2:
|
|
|
|
|
method = wolfTLSv1_1_server_method_ex;
|
|
|
|
|
break;
|
2018-02-19 12:29:49 +01:00
|
|
|
#endif /* !NO_TLS */
|
|
|
|
|
#endif /* !NO_OLD_TLS */
|
2017-05-11 14:01:41 +02:00
|
|
|
|
|
|
|
|
#ifndef NO_TLS
|
|
|
|
|
case 3:
|
|
|
|
|
method = wolfTLSv1_2_server_method_ex;
|
|
|
|
|
break;
|
2018-02-19 12:29:49 +01:00
|
|
|
|
|
|
|
|
#ifdef WOLFSSL_TLS13
|
|
|
|
|
case 4:
|
|
|
|
|
method = wolfTLSv1_3_server_method_ex;
|
|
|
|
|
break;
|
|
|
|
|
#endif
|
|
|
|
|
#endif /* NO_TLS */
|
2017-05-11 14:01:41 +02:00
|
|
|
|
|
|
|
|
#ifdef CYASSL_DTLS
|
|
|
|
|
#ifndef NO_OLD_TLS
|
|
|
|
|
case -1:
|
|
|
|
|
method = wolfDTLSv1_server_method_ex;
|
|
|
|
|
break;
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
case -2:
|
|
|
|
|
method = wolfDTLSv1_2_server_method_ex;
|
|
|
|
|
break;
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
default:
|
2018-02-19 12:29:49 +01:00
|
|
|
err_sys_ex(runWithErrors, "Bad SSL version");
|
2017-05-11 14:01:41 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (method == NULL)
|
2018-02-19 12:29:49 +01:00
|
|
|
err_sys_ex(runWithErrors, "unable to get method");
|
2017-05-11 14:01:41 +02:00
|
|
|
|
|
|
|
|
#ifdef WOLFSSL_STATIC_MEMORY
|
|
|
|
|
#ifdef DEBUG_WOLFSSL
|
|
|
|
|
/* print off helper buffer sizes for use with static memory
|
|
|
|
|
* printing to stderr incase of debug mode turned on */
|
|
|
|
|
fprintf(stderr, "static memory management size = %d\n",
|
|
|
|
|
wolfSSL_MemoryPaddingSz());
|
|
|
|
|
fprintf(stderr, "calculated optimum general buffer size = %d\n",
|
|
|
|
|
wolfSSL_StaticBufferSz(memory, sizeof(memory), 0));
|
|
|
|
|
fprintf(stderr, "calculated optimum IO buffer size = %d\n",
|
|
|
|
|
wolfSSL_StaticBufferSz(memoryIO, sizeof(memoryIO),
|
|
|
|
|
WOLFMEM_IO_POOL_FIXED));
|
|
|
|
|
#endif /* DEBUG_WOLFSSL */
|
|
|
|
|
|
|
|
|
|
if (wolfSSL_CTX_load_static_memory(&ctx, method, memory, sizeof(memory),0,1)
|
2018-02-19 12:29:49 +01:00
|
|
|
!= WOLFSSL_SUCCESS)
|
|
|
|
|
err_sys_ex(runWithErrors, "unable to load static memory and create ctx");
|
2017-05-11 14:01:41 +02:00
|
|
|
|
|
|
|
|
/* load in a buffer for IO */
|
|
|
|
|
if (wolfSSL_CTX_load_static_memory(&ctx, NULL, memoryIO, sizeof(memoryIO),
|
|
|
|
|
WOLFMEM_IO_POOL_FIXED | WOLFMEM_TRACK_STATS, 1)
|
2018-02-19 12:29:49 +01:00
|
|
|
!= WOLFSSL_SUCCESS)
|
|
|
|
|
err_sys_ex(runWithErrors, "unable to load static memory and create ctx");
|
2017-05-11 14:01:41 +02:00
|
|
|
#else
|
|
|
|
|
ctx = SSL_CTX_new(method(NULL));
|
|
|
|
|
#endif /* WOLFSSL_STATIC_MEMORY */
|
|
|
|
|
if (ctx == NULL)
|
2018-02-19 12:29:49 +01:00
|
|
|
err_sys_ex(runWithErrors, "unable to get ctx");
|
2017-05-11 14:01:41 +02:00
|
|
|
|
|
|
|
|
#if defined(HAVE_SESSION_TICKET) && defined(HAVE_CHACHA) && \
|
|
|
|
|
defined(HAVE_POLY1305)
|
|
|
|
|
if (TicketInit() != 0)
|
2018-02-19 12:29:49 +01:00
|
|
|
err_sys_ex(runWithErrors, "unable to setup Session Ticket Key context");
|
2017-05-11 14:01:41 +02:00
|
|
|
wolfSSL_CTX_set_TicketEncCb(ctx, myTicketEncCb);
|
|
|
|
|
#endif
|
|
|
|
|
|
2018-02-19 12:29:49 +01:00
|
|
|
if (cipherList && !useDefCipherList) {
|
|
|
|
|
if (SSL_CTX_set_cipher_list(ctx, cipherList) != WOLFSSL_SUCCESS)
|
|
|
|
|
err_sys_ex(runWithErrors, "server can't set cipher list 1");
|
|
|
|
|
}
|
2017-05-11 14:01:41 +02:00
|
|
|
|
|
|
|
|
#ifdef CYASSL_LEANPSK
|
|
|
|
|
if (!usePsk) {
|
|
|
|
|
usePsk = 1;
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#if defined(NO_RSA) && !defined(HAVE_ECC)
|
|
|
|
|
if (!usePsk) {
|
|
|
|
|
usePsk = 1;
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
if (fewerPackets)
|
|
|
|
|
CyaSSL_CTX_set_group_messages(ctx);
|
|
|
|
|
|
|
|
|
|
#ifdef WOLFSSL_SCTP
|
|
|
|
|
if (dtlsSCTP)
|
|
|
|
|
wolfSSL_CTX_dtls_set_sctp(ctx);
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
|
|
|
|
|
SSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#if !defined(NO_CERTS)
|
2018-02-19 12:29:49 +01:00
|
|
|
/* for testing only - use bad cert as server cert for sig confirm err */
|
|
|
|
|
if (useBadCert) {
|
|
|
|
|
#if !defined(NO_RSA)
|
|
|
|
|
ourCert = "./certs/test/server-cert-rsa-badsig.pem";
|
|
|
|
|
#elif defined(HAVE_ECC)
|
|
|
|
|
ourCert = "./certs/test/server-cert-ecc-badsig.pem";
|
|
|
|
|
#endif
|
|
|
|
|
}
|
|
|
|
|
|
2017-05-11 14:01:41 +02:00
|
|
|
if ((!usePsk || usePskPlus) && !useAnon) {
|
|
|
|
|
#if !defined(NO_FILESYSTEM)
|
|
|
|
|
if (SSL_CTX_use_certificate_chain_file(ctx, ourCert)
|
2018-02-19 12:29:49 +01:00
|
|
|
!= WOLFSSL_SUCCESS)
|
|
|
|
|
err_sys_ex(runWithErrors, "can't load server cert file, check file and run from"
|
2017-05-11 14:01:41 +02:00
|
|
|
" wolfSSL home dir");
|
|
|
|
|
#else
|
|
|
|
|
/* loads cert chain file using buffer API */
|
|
|
|
|
load_buffer(ctx, ourCert, WOLFSSL_CERT_CHAIN);
|
|
|
|
|
#endif
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#ifndef NO_DH
|
2018-02-19 12:29:49 +01:00
|
|
|
if (wolfSSL_CTX_SetMinDhKey_Sz(ctx, (word16)minDhKeyBits) != WOLFSSL_SUCCESS) {
|
|
|
|
|
err_sys_ex(runWithErrors, "Error setting minimum DH key size");
|
2017-05-11 14:01:41 +02:00
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
#ifndef NO_RSA
|
2018-02-19 12:29:49 +01:00
|
|
|
if (wolfSSL_CTX_SetMinRsaKey_Sz(ctx, minRsaKeyBits) != WOLFSSL_SUCCESS){
|
|
|
|
|
err_sys_ex(runWithErrors, "Error setting minimum RSA key size");
|
2017-05-11 14:01:41 +02:00
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
#ifdef HAVE_ECC
|
2018-02-19 12:29:49 +01:00
|
|
|
if (wolfSSL_CTX_SetMinEccKey_Sz(ctx, minEccKeyBits) != WOLFSSL_SUCCESS){
|
|
|
|
|
err_sys_ex(runWithErrors, "Error setting minimum ECC key size");
|
2017-05-11 14:01:41 +02:00
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#ifdef HAVE_NTRU
|
|
|
|
|
if (useNtruKey) {
|
|
|
|
|
if (CyaSSL_CTX_use_NTRUPrivateKey_file(ctx, ourKey)
|
2018-02-19 12:29:49 +01:00
|
|
|
!= WOLFSSL_SUCCESS)
|
|
|
|
|
err_sys_ex(runWithErrors, "can't load ntru key file, "
|
2017-05-11 14:01:41 +02:00
|
|
|
"Please run from wolfSSL home dir");
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
#if !defined(NO_CERTS)
|
|
|
|
|
if (!useNtruKey && (!usePsk || usePskPlus) && !useAnon) {
|
|
|
|
|
#if !defined(NO_FILESYSTEM)
|
2018-02-19 12:29:49 +01:00
|
|
|
if (SSL_CTX_use_PrivateKey_file(ctx, ourKey, WOLFSSL_FILETYPE_PEM)
|
|
|
|
|
!= WOLFSSL_SUCCESS)
|
|
|
|
|
err_sys_ex(runWithErrors, "can't load server private key file, check file and run "
|
2017-05-11 14:01:41 +02:00
|
|
|
"from wolfSSL home dir");
|
|
|
|
|
#else
|
|
|
|
|
/* loads private key file using buffer API */
|
|
|
|
|
load_buffer(ctx, ourKey, WOLFSSL_KEY);
|
|
|
|
|
#endif
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
if (usePsk || usePskPlus) {
|
|
|
|
|
#ifndef NO_PSK
|
|
|
|
|
SSL_CTX_set_psk_server_callback(ctx, my_psk_server_cb);
|
|
|
|
|
|
|
|
|
|
if (sendPskIdentityHint == 1)
|
|
|
|
|
SSL_CTX_use_psk_identity_hint(ctx, "cyassl server");
|
|
|
|
|
|
|
|
|
|
if (cipherList == NULL && !usePskPlus) {
|
|
|
|
|
const char *defaultCipherList;
|
2018-02-19 12:29:49 +01:00
|
|
|
#if defined(HAVE_AESGCM) && !defined(NO_DH)
|
|
|
|
|
#ifdef WOLFSSL_TLS13
|
|
|
|
|
defaultCipherList = "DHE-PSK-AES128-GCM-SHA256:"
|
|
|
|
|
"TLS13-AES128-GCM-SHA256";
|
|
|
|
|
#else
|
2017-05-11 14:01:41 +02:00
|
|
|
defaultCipherList = "DHE-PSK-AES128-GCM-SHA256";
|
2018-02-19 12:29:49 +01:00
|
|
|
#endif
|
2017-05-11 14:01:41 +02:00
|
|
|
needDH = 1;
|
2018-02-19 12:29:49 +01:00
|
|
|
#elif defined(HAVE_NULL_CIPHER)
|
2017-05-11 14:01:41 +02:00
|
|
|
defaultCipherList = "PSK-NULL-SHA256";
|
2018-02-19 12:29:49 +01:00
|
|
|
#else
|
2017-05-11 14:01:41 +02:00
|
|
|
defaultCipherList = "PSK-AES128-CBC-SHA256";
|
2018-02-19 12:29:49 +01:00
|
|
|
#endif
|
|
|
|
|
if (SSL_CTX_set_cipher_list(ctx, defaultCipherList) != WOLFSSL_SUCCESS)
|
|
|
|
|
err_sys_ex(runWithErrors, "server can't set cipher list 2");
|
2017-05-11 14:01:41 +02:00
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (useAnon) {
|
|
|
|
|
#ifdef HAVE_ANON
|
|
|
|
|
CyaSSL_CTX_allow_anon_cipher(ctx);
|
2018-02-19 12:29:49 +01:00
|
|
|
if (cipherList == NULL || (cipherList && useDefCipherList)) {
|
|
|
|
|
if (SSL_CTX_set_cipher_list(ctx, "ADH-AES128-SHA") != WOLFSSL_SUCCESS)
|
|
|
|
|
err_sys_ex(runWithErrors, "server can't set cipher list 4");
|
2017-05-11 14:01:41 +02:00
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
|
|
|
|
|
/* if not using PSK, verify peer with certs
|
|
|
|
|
if using PSK Plus then verify peer certs except PSK suites */
|
|
|
|
|
if (doCliCertCheck && (usePsk == 0 || usePskPlus) && useAnon == 0) {
|
2018-02-19 12:29:49 +01:00
|
|
|
SSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER |
|
|
|
|
|
(usePskPlus ? WOLFSSL_VERIFY_FAIL_EXCEPT_PSK :
|
|
|
|
|
WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT), 0);
|
|
|
|
|
if (SSL_CTX_load_verify_locations(ctx, verifyCert, 0) != WOLFSSL_SUCCESS)
|
|
|
|
|
err_sys_ex(runWithErrors, "can't load ca file, Please run from wolfSSL home dir");
|
2017-05-11 14:01:41 +02:00
|
|
|
#ifdef WOLFSSL_TRUST_PEER_CERT
|
|
|
|
|
if (trustCert) {
|
|
|
|
|
if ((ret = wolfSSL_CTX_trust_peer_cert(ctx, trustCert,
|
2018-02-19 12:29:49 +01:00
|
|
|
WOLFSSL_FILETYPE_PEM)) != WOLFSSL_SUCCESS) {
|
|
|
|
|
err_sys_ex(runWithErrors, "can't load trusted peer cert file");
|
2017-05-11 14:01:41 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
#endif /* WOLFSSL_TRUST_PEER_CERT */
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#if defined(CYASSL_SNIFFER)
|
|
|
|
|
/* don't use EDH, can't sniff tmp keys */
|
|
|
|
|
if (cipherList == NULL) {
|
2018-02-19 12:29:49 +01:00
|
|
|
if (SSL_CTX_set_cipher_list(ctx, "AES128-SHA") != WOLFSSL_SUCCESS)
|
|
|
|
|
err_sys_ex(runWithErrors, "server can't set cipher list 3");
|
2017-05-11 14:01:41 +02:00
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#ifdef HAVE_SNI
|
|
|
|
|
if (sniHostName)
|
|
|
|
|
if (CyaSSL_CTX_UseSNI(ctx, CYASSL_SNI_HOST_NAME, sniHostName,
|
2018-02-19 12:29:49 +01:00
|
|
|
(word16) XSTRLEN(sniHostName)) != WOLFSSL_SUCCESS)
|
|
|
|
|
err_sys_ex(runWithErrors, "UseSNI failed");
|
2017-05-11 14:01:41 +02:00
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#ifdef USE_WINDOWS_API
|
|
|
|
|
if (port == 0) {
|
|
|
|
|
/* Generate random port for testing */
|
|
|
|
|
port = GetRandomPort();
|
|
|
|
|
}
|
|
|
|
|
#endif /* USE_WINDOWS_API */
|
|
|
|
|
|
|
|
|
|
#ifdef WOLFSSL_ASYNC_CRYPT
|
|
|
|
|
ret = wolfAsync_DevOpen(&devId);
|
2018-02-19 12:29:49 +01:00
|
|
|
if (ret < 0) {
|
|
|
|
|
printf("Async device open failed\nRunning without async\n");
|
2017-05-11 14:01:41 +02:00
|
|
|
}
|
|
|
|
|
wolfSSL_CTX_UseAsync(ctx, devId);
|
|
|
|
|
#endif /* WOLFSSL_ASYNC_CRYPT */
|
|
|
|
|
|
2018-02-19 12:29:49 +01:00
|
|
|
#ifdef WOLFSSL_TLS13
|
|
|
|
|
if (noPskDheKe)
|
|
|
|
|
wolfSSL_CTX_no_dhe_psk(ctx);
|
|
|
|
|
#endif
|
|
|
|
|
|
2017-05-11 14:01:41 +02:00
|
|
|
while (1) {
|
|
|
|
|
/* allow resume option */
|
2018-02-19 12:29:49 +01:00
|
|
|
if (resumeCount > 1) {
|
2017-05-11 14:01:41 +02:00
|
|
|
if (dtlsUDP == 0) {
|
|
|
|
|
SOCKADDR_IN_T client;
|
|
|
|
|
socklen_t client_len = sizeof(client);
|
|
|
|
|
clientfd = accept(sockfd, (struct sockaddr*)&client,
|
|
|
|
|
(ACCEPT_THIRD_T)&client_len);
|
2018-02-19 12:29:49 +01:00
|
|
|
}
|
|
|
|
|
else {
|
2017-05-11 14:01:41 +02:00
|
|
|
tcp_listen(&sockfd, &port, useAnyAddr, dtlsUDP, dtlsSCTP);
|
|
|
|
|
clientfd = sockfd;
|
|
|
|
|
}
|
2018-02-19 12:29:49 +01:00
|
|
|
if (WOLFSSL_SOCKET_IS_INVALID(clientfd)) {
|
|
|
|
|
err_sys_ex(runWithErrors, "tcp accept failed");
|
2017-05-11 14:01:41 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
#if defined(WOLFSSL_STATIC_MEMORY) && defined(DEBUG_WOLFSSL)
|
|
|
|
|
fprintf(stderr, "Before creating SSL\n");
|
|
|
|
|
if (wolfSSL_CTX_is_static_memory(ctx, &mem_stats) != 1)
|
2018-02-19 12:29:49 +01:00
|
|
|
err_sys_ex(runWithErrors, "ctx not using static memory");
|
2017-05-11 14:01:41 +02:00
|
|
|
if (wolfSSL_PrintStats(&mem_stats) != 1) /* function in test.h */
|
2018-02-19 12:29:49 +01:00
|
|
|
err_sys_ex(runWithErrors, "error printing out memory stats");
|
2017-05-11 14:01:41 +02:00
|
|
|
#endif
|
|
|
|
|
|
2018-02-19 12:29:49 +01:00
|
|
|
if (doMcast) {
|
|
|
|
|
#ifdef WOLFSSL_MULTICAST
|
|
|
|
|
wolfSSL_CTX_mcast_set_member_id(ctx, mcastID);
|
|
|
|
|
if (wolfSSL_CTX_set_cipher_list(ctx, "WDM-NULL-SHA256") != WOLFSSL_SUCCESS)
|
|
|
|
|
err_sys("Couldn't set multicast cipher list.");
|
|
|
|
|
#endif
|
|
|
|
|
}
|
|
|
|
|
|
2017-05-11 14:01:41 +02:00
|
|
|
ssl = SSL_new(ctx);
|
|
|
|
|
if (ssl == NULL)
|
2018-02-19 12:29:49 +01:00
|
|
|
err_sys_ex(runWithErrors, "unable to get SSL");
|
2017-05-11 14:01:41 +02:00
|
|
|
#ifdef OPENSSL_EXTRA
|
|
|
|
|
wolfSSL_KeepArrays(ssl);
|
|
|
|
|
#endif
|
|
|
|
|
|
2018-02-19 12:29:49 +01:00
|
|
|
#ifdef WOLFSSL_SEND_HRR_COOKIE
|
|
|
|
|
if (hrrCookie && wolfSSL_send_hrr_cookie(ssl, NULL, 0) != WOLFSSL_SUCCESS) {
|
|
|
|
|
err_sys("unable to set use of cookie with HRR msg");
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
2017-05-11 14:01:41 +02:00
|
|
|
#if defined(WOLFSSL_STATIC_MEMORY) && defined(DEBUG_WOLFSSL)
|
|
|
|
|
fprintf(stderr, "After creating SSL\n");
|
|
|
|
|
if (wolfSSL_CTX_is_static_memory(ctx, &mem_stats) != 1)
|
2018-02-19 12:29:49 +01:00
|
|
|
err_sys_ex(runWithErrors, "ctx not using static memory");
|
2017-05-11 14:01:41 +02:00
|
|
|
if (wolfSSL_PrintStats(&mem_stats) != 1) /* function in test.h */
|
2018-02-19 12:29:49 +01:00
|
|
|
err_sys_ex(runWithErrors, "error printing out memory stats");
|
2017-05-11 14:01:41 +02:00
|
|
|
#endif
|
|
|
|
|
|
2018-02-19 12:29:49 +01:00
|
|
|
if (doMcast) {
|
|
|
|
|
#ifdef WOLFSSL_MULTICAST
|
|
|
|
|
byte pms[512];
|
|
|
|
|
byte cr[32];
|
|
|
|
|
byte sr[32];
|
|
|
|
|
const byte suite[2] = {0, 0xfe}; /* WDM_WITH_NULL_SHA256 */
|
|
|
|
|
|
|
|
|
|
XMEMSET(pms, 0x23, sizeof(pms));
|
|
|
|
|
XMEMSET(cr, 0xA5, sizeof(cr));
|
|
|
|
|
XMEMSET(sr, 0x5A, sizeof(sr));
|
|
|
|
|
|
|
|
|
|
if (wolfSSL_set_secret(ssl, 1, pms, sizeof(pms), cr, sr, suite)
|
|
|
|
|
!= WOLFSSL_SUCCESS)
|
|
|
|
|
err_sys("unable to set mcast secret");
|
|
|
|
|
#endif
|
|
|
|
|
}
|
|
|
|
|
|
2017-05-11 14:01:41 +02:00
|
|
|
#ifndef NO_HANDSHAKE_DONE_CB
|
|
|
|
|
wolfSSL_SetHsDoneCb(ssl, myHsDoneCb, NULL);
|
|
|
|
|
#endif
|
|
|
|
|
#ifdef HAVE_CRL
|
|
|
|
|
#ifdef HAVE_CRL_MONITOR
|
|
|
|
|
crlFlags = CYASSL_CRL_MONITOR | CYASSL_CRL_START_MON;
|
|
|
|
|
#endif
|
2018-02-19 12:29:49 +01:00
|
|
|
if (CyaSSL_EnableCRL(ssl, 0) != WOLFSSL_SUCCESS)
|
|
|
|
|
err_sys_ex(runWithErrors, "unable to enable CRL");
|
|
|
|
|
if (CyaSSL_LoadCRL(ssl, crlPemDir, WOLFSSL_FILETYPE_PEM, crlFlags)
|
|
|
|
|
!= WOLFSSL_SUCCESS)
|
|
|
|
|
err_sys_ex(runWithErrors, "unable to load CRL");
|
|
|
|
|
if (CyaSSL_SetCRL_Cb(ssl, CRL_CallBack) != WOLFSSL_SUCCESS)
|
|
|
|
|
err_sys_ex(runWithErrors, "unable to set CRL callback url");
|
2017-05-11 14:01:41 +02:00
|
|
|
#endif
|
|
|
|
|
#ifdef HAVE_OCSP
|
|
|
|
|
if (useOcsp) {
|
|
|
|
|
if (ocspUrl != NULL) {
|
|
|
|
|
CyaSSL_CTX_SetOCSP_OverrideURL(ctx, ocspUrl);
|
|
|
|
|
CyaSSL_CTX_EnableOCSP(ctx, CYASSL_OCSP_NO_NONCE
|
|
|
|
|
| CYASSL_OCSP_URL_OVERRIDE);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
CyaSSL_CTX_EnableOCSP(ctx, CYASSL_OCSP_NO_NONCE);
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
|
|
|
|
|
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
|
2018-02-19 12:29:49 +01:00
|
|
|
if (wolfSSL_CTX_EnableOCSPStapling(ctx) != WOLFSSL_SUCCESS)
|
|
|
|
|
err_sys_ex(runWithErrors, "can't enable OCSP Stapling Certificate Manager");
|
|
|
|
|
if (SSL_CTX_load_verify_locations(ctx, "certs/ocsp/intermediate1-ca-cert.pem", 0) != WOLFSSL_SUCCESS)
|
|
|
|
|
err_sys_ex(runWithErrors, "can't load ca file, Please run from wolfSSL home dir");
|
|
|
|
|
if (SSL_CTX_load_verify_locations(ctx, "certs/ocsp/intermediate2-ca-cert.pem", 0) != WOLFSSL_SUCCESS)
|
|
|
|
|
err_sys_ex(runWithErrors, "can't load ca file, Please run from wolfSSL home dir");
|
|
|
|
|
if (SSL_CTX_load_verify_locations(ctx, "certs/ocsp/intermediate3-ca-cert.pem", 0) != WOLFSSL_SUCCESS)
|
|
|
|
|
err_sys_ex(runWithErrors, "can't load ca file, Please run from wolfSSL home dir");
|
2017-05-11 14:01:41 +02:00
|
|
|
#endif
|
|
|
|
|
#ifdef HAVE_PK_CALLBACKS
|
|
|
|
|
if (pkCallbacks)
|
|
|
|
|
SetupPkCallbacks(ctx, ssl);
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
/* do accept */
|
|
|
|
|
readySignal = ((func_args*)args)->signal;
|
|
|
|
|
if (readySignal) {
|
|
|
|
|
readySignal->srfName = serverReadyFile;
|
|
|
|
|
}
|
|
|
|
|
tcp_accept(&sockfd, &clientfd, (func_args*)args, port, useAnyAddr,
|
|
|
|
|
dtlsUDP, dtlsSCTP, serverReadyFile ? 1 : 0, doListen);
|
|
|
|
|
doListen = 0; /* Don't listen next time */
|
|
|
|
|
|
2018-02-19 12:29:49 +01:00
|
|
|
if (SSL_set_fd(ssl, clientfd) != WOLFSSL_SUCCESS) {
|
|
|
|
|
err_sys_ex(runWithErrors, "error in setting fd");
|
2017-05-11 14:01:41 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#ifdef HAVE_ALPN
|
|
|
|
|
if (alpnList != NULL) {
|
|
|
|
|
printf("ALPN accepted protocols list : %s\n", alpnList);
|
|
|
|
|
wolfSSL_UseALPN(ssl, alpnList, (word32)XSTRLEN(alpnList), alpn_opt);
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#ifdef WOLFSSL_DTLS
|
|
|
|
|
if (doDTLS && dtlsUDP) {
|
|
|
|
|
SOCKADDR_IN_T cliaddr;
|
|
|
|
|
byte b[1500];
|
|
|
|
|
int n;
|
|
|
|
|
socklen_t len = sizeof(cliaddr);
|
|
|
|
|
|
|
|
|
|
/* For DTLS, peek at the next datagram so we can get the client's
|
|
|
|
|
* address and set it into the ssl object later to generate the
|
|
|
|
|
* cookie. */
|
|
|
|
|
n = (int)recvfrom(sockfd, (char*)b, sizeof(b), MSG_PEEK,
|
|
|
|
|
(struct sockaddr*)&cliaddr, &len);
|
|
|
|
|
if (n <= 0)
|
2018-02-19 12:29:49 +01:00
|
|
|
err_sys_ex(runWithErrors, "recvfrom failed");
|
2017-05-11 14:01:41 +02:00
|
|
|
|
|
|
|
|
wolfSSL_dtls_set_peer(ssl, &cliaddr, len);
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
if ((usePsk == 0 || usePskPlus) || useAnon == 1 || cipherList != NULL
|
|
|
|
|
|| needDH == 1) {
|
|
|
|
|
#if !defined(NO_FILESYSTEM) && !defined(NO_DH) && !defined(NO_ASN)
|
2018-02-19 12:29:49 +01:00
|
|
|
CyaSSL_SetTmpDH_file(ssl, ourDhParam, WOLFSSL_FILETYPE_PEM);
|
2017-05-11 14:01:41 +02:00
|
|
|
#elif !defined(NO_DH)
|
|
|
|
|
SetDH(ssl); /* repick suites with DHE, higher priority than PSK */
|
|
|
|
|
#endif
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#ifndef CYASSL_CALLBACKS
|
|
|
|
|
if (nonBlocking) {
|
|
|
|
|
CyaSSL_set_using_nonblock(ssl, 1);
|
|
|
|
|
tcp_set_nonblocking(&clientfd);
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#ifndef CYASSL_CALLBACKS
|
2018-02-19 12:29:49 +01:00
|
|
|
if (nonBlocking) {
|
|
|
|
|
ret = NonBlockingSSL_Accept(ssl);
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
#ifdef WOLFSSL_EARLY_DATA
|
|
|
|
|
if (earlyData) {
|
|
|
|
|
do {
|
|
|
|
|
int len;
|
|
|
|
|
err = 0; /* reset error */
|
|
|
|
|
ret = wolfSSL_read_early_data(ssl, input, sizeof(input)-1,
|
|
|
|
|
&len);
|
|
|
|
|
if (ret != WOLFSSL_SUCCESS) {
|
|
|
|
|
err = SSL_get_error(ssl, 0);
|
|
|
|
|
#ifdef WOLFSSL_ASYNC_CRYPT
|
|
|
|
|
if (err == WC_PENDING_E) {
|
|
|
|
|
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
|
|
|
|
|
if (ret < 0) break;
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
}
|
|
|
|
|
if (ret > 0) {
|
|
|
|
|
input[ret] = 0; /* null terminate message */
|
|
|
|
|
printf("Early Data Client message: %s\n", input);
|
|
|
|
|
}
|
|
|
|
|
} while (err == WC_PENDING_E || ret > 0);
|
2017-05-11 14:01:41 +02:00
|
|
|
}
|
2018-02-19 12:29:49 +01:00
|
|
|
#endif
|
|
|
|
|
do {
|
|
|
|
|
err = 0; /* reset error */
|
2017-05-11 14:01:41 +02:00
|
|
|
ret = SSL_accept(ssl);
|
2018-02-19 12:29:49 +01:00
|
|
|
if (ret != WOLFSSL_SUCCESS) {
|
|
|
|
|
err = SSL_get_error(ssl, 0);
|
|
|
|
|
#ifdef WOLFSSL_ASYNC_CRYPT
|
|
|
|
|
if (err == WC_PENDING_E) {
|
|
|
|
|
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
|
|
|
|
|
if (ret < 0) break;
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
}
|
|
|
|
|
} while (err == WC_PENDING_E);
|
|
|
|
|
}
|
2017-05-11 14:01:41 +02:00
|
|
|
#else
|
2018-02-19 12:29:49 +01:00
|
|
|
ret = NonBlockingSSL_Accept(ssl);
|
2017-05-11 14:01:41 +02:00
|
|
|
#endif
|
2018-02-19 12:29:49 +01:00
|
|
|
if (ret != WOLFSSL_SUCCESS) {
|
2017-05-11 14:01:41 +02:00
|
|
|
err = SSL_get_error(ssl, 0);
|
2018-02-19 12:29:49 +01:00
|
|
|
printf("SSL_accept error %d, %s\n", err,
|
|
|
|
|
ERR_error_string(err, buffer));
|
|
|
|
|
err_sys_ex(runWithErrors, "SSL_accept failed");
|
2017-05-11 14:01:41 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
showPeer(ssl);
|
|
|
|
|
if (SSL_state(ssl) != 0) {
|
2018-02-19 12:29:49 +01:00
|
|
|
err_sys_ex(runWithErrors, "SSL in error state");
|
2017-05-11 14:01:41 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#ifdef OPENSSL_EXTRA
|
|
|
|
|
{
|
|
|
|
|
byte* rnd;
|
|
|
|
|
byte* pt;
|
|
|
|
|
size_t size;
|
|
|
|
|
|
|
|
|
|
/* get size of buffer then print */
|
|
|
|
|
size = wolfSSL_get_server_random(NULL, NULL, 0);
|
|
|
|
|
if (size == 0) {
|
2018-02-19 12:29:49 +01:00
|
|
|
err_sys_ex(runWithErrors, "error getting server random buffer size");
|
2017-05-11 14:01:41 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
rnd = (byte*)XMALLOC(size, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
|
|
|
|
if (rnd == NULL) {
|
2018-02-19 12:29:49 +01:00
|
|
|
err_sys_ex(runWithErrors, "error creating server random buffer");
|
2017-05-11 14:01:41 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
size = wolfSSL_get_server_random(ssl, rnd, size);
|
|
|
|
|
if (size == 0) {
|
|
|
|
|
XFREE(rnd, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
2018-02-19 12:29:49 +01:00
|
|
|
err_sys_ex(runWithErrors, "error getting server random buffer");
|
2017-05-11 14:01:41 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
printf("Server Random : ");
|
2018-02-19 12:29:49 +01:00
|
|
|
pt = rnd;
|
|
|
|
|
if (pt != NULL) {
|
|
|
|
|
for (pt = rnd; pt < rnd + size; pt++) printf("%02X", *pt);
|
|
|
|
|
printf("\n");
|
|
|
|
|
} else {
|
|
|
|
|
err_sys_ex(runWithErrors, "error: attempted to dereference null "
|
|
|
|
|
"pointer");
|
|
|
|
|
}
|
2017-05-11 14:01:41 +02:00
|
|
|
XFREE(rnd, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#ifdef HAVE_ALPN
|
|
|
|
|
if (alpnList != NULL) {
|
|
|
|
|
char *protocol_name = NULL, *list = NULL;
|
|
|
|
|
word16 protocol_nameSz = 0, listSz = 0;
|
|
|
|
|
|
|
|
|
|
err = wolfSSL_ALPN_GetProtocol(ssl, &protocol_name, &protocol_nameSz);
|
2018-02-19 12:29:49 +01:00
|
|
|
if (err == WOLFSSL_SUCCESS)
|
2017-05-11 14:01:41 +02:00
|
|
|
printf("Sent ALPN protocol : %s (%d)\n",
|
|
|
|
|
protocol_name, protocol_nameSz);
|
2018-02-19 12:29:49 +01:00
|
|
|
else if (err == WOLFSSL_ALPN_NOT_FOUND)
|
2017-05-11 14:01:41 +02:00
|
|
|
printf("No ALPN response sent (no match)\n");
|
|
|
|
|
else
|
|
|
|
|
printf("Getting ALPN protocol name failed\n");
|
|
|
|
|
|
|
|
|
|
err = wolfSSL_ALPN_GetPeerProtocol(ssl, &list, &listSz);
|
2018-02-19 12:29:49 +01:00
|
|
|
if (err == WOLFSSL_SUCCESS)
|
2017-05-11 14:01:41 +02:00
|
|
|
printf("List of protocol names sent by Client: %s (%d)\n",
|
|
|
|
|
list, listSz);
|
|
|
|
|
else
|
|
|
|
|
printf("Get list of client's protocol name failed\n");
|
|
|
|
|
|
|
|
|
|
free(list);
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
2018-02-19 12:29:49 +01:00
|
|
|
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
|
|
|
|
|
#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
|
|
|
|
|
if (postHandAuth) {
|
|
|
|
|
SSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER |
|
|
|
|
|
((usePskPlus)? WOLFSSL_VERIFY_FAIL_EXCEPT_PSK :
|
|
|
|
|
WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT),0);
|
|
|
|
|
if (SSL_CTX_load_verify_locations(ctx, verifyCert, 0)
|
|
|
|
|
!= WOLFSSL_SUCCESS) {
|
|
|
|
|
err_sys_ex(runWithErrors, "can't load ca file, Please run from wolfSSL home dir");
|
2017-05-11 14:01:41 +02:00
|
|
|
}
|
2018-02-19 12:29:49 +01:00
|
|
|
#ifdef WOLFSSL_TRUST_PEER_CERT
|
|
|
|
|
if (trustCert) {
|
|
|
|
|
if ((ret = wolfSSL_CTX_trust_peer_cert(ctx, trustCert,
|
|
|
|
|
WOLFSSL_FILETYPE_PEM)) != WOLFSSL_SUCCESS) {
|
|
|
|
|
err_sys_ex(runWithErrors, "can't load trusted peer cert file");
|
|
|
|
|
}
|
2017-05-11 14:01:41 +02:00
|
|
|
}
|
2018-02-19 12:29:49 +01:00
|
|
|
#endif /* WOLFSSL_TRUST_PEER_CERT */
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
if (echoData == 0 && throughput == 0) {
|
|
|
|
|
const char* write_msg;
|
|
|
|
|
int write_msg_sz;
|
|
|
|
|
|
|
|
|
|
ServerRead(ssl, input, sizeof(input)-1);
|
|
|
|
|
|
|
|
|
|
#ifdef WOLFSSL_TLS13
|
|
|
|
|
if (updateKeysIVs)
|
|
|
|
|
wolfSSL_update_keys(ssl);
|
|
|
|
|
#endif
|
|
|
|
|
#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
|
|
|
|
|
if (postHandAuth)
|
|
|
|
|
wolfSSL_request_certificate(ssl);
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
/* Write data */
|
|
|
|
|
if (!useWebServerMsg) {
|
|
|
|
|
write_msg = msg;
|
|
|
|
|
write_msg_sz = sizeof(msg);
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
write_msg = webServerMsg;
|
|
|
|
|
write_msg_sz = sizeof(webServerMsg);
|
|
|
|
|
}
|
|
|
|
|
ServerWrite(ssl, write_msg, write_msg_sz);
|
2017-05-11 14:01:41 +02:00
|
|
|
|
2018-02-19 12:29:49 +01:00
|
|
|
#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
|
|
|
|
|
if (postHandAuth) {
|
|
|
|
|
ServerWrite(ssl, write_msg, write_msg_sz);
|
|
|
|
|
ServerRead(ssl, input, sizeof(input)-1);
|
|
|
|
|
}
|
|
|
|
|
#endif
|
2017-05-11 14:01:41 +02:00
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
ServerEchoData(ssl, clientfd, echoData, throughput);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#if defined(WOLFSSL_MDK_SHELL) && defined(HAVE_MDK_RTX)
|
|
|
|
|
os_dly_wait(500) ;
|
|
|
|
|
#elif defined (CYASSL_TIRTOS)
|
|
|
|
|
Task_yield();
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
if (dtlsUDP == 0) {
|
|
|
|
|
ret = SSL_shutdown(ssl);
|
2018-02-19 12:29:49 +01:00
|
|
|
if (wc_shutdown && ret == WOLFSSL_SHUTDOWN_NOT_DONE)
|
2017-05-11 14:01:41 +02:00
|
|
|
SSL_shutdown(ssl); /* bidirectional shutdown */
|
|
|
|
|
}
|
|
|
|
|
/* display collected statistics */
|
|
|
|
|
#ifdef WOLFSSL_STATIC_MEMORY
|
|
|
|
|
if (wolfSSL_is_static_memory(ssl, &ssl_stats) != 1)
|
2018-02-19 12:29:49 +01:00
|
|
|
err_sys_ex(runWithErrors, "static memory was not used with ssl");
|
2017-05-11 14:01:41 +02:00
|
|
|
|
|
|
|
|
fprintf(stderr, "\nprint off SSL memory stats\n");
|
|
|
|
|
fprintf(stderr, "*** This is memory state before wolfSSL_free is called\n");
|
|
|
|
|
fprintf(stderr, "peak connection memory = %d\n", ssl_stats.peakMem);
|
|
|
|
|
fprintf(stderr, "current memory in use = %d\n", ssl_stats.curMem);
|
|
|
|
|
fprintf(stderr, "peak connection allocs = %d\n", ssl_stats.peakAlloc);
|
|
|
|
|
fprintf(stderr, "current connection allocs = %d\n",ssl_stats.curAlloc);
|
|
|
|
|
fprintf(stderr, "total connection allocs = %d\n",ssl_stats.totalAlloc);
|
|
|
|
|
fprintf(stderr, "total connection frees = %d\n\n", ssl_stats.totalFr);
|
|
|
|
|
|
|
|
|
|
#endif
|
|
|
|
|
SSL_free(ssl);
|
|
|
|
|
|
|
|
|
|
CloseSocket(clientfd);
|
|
|
|
|
|
|
|
|
|
if (resume == 1 && resumeCount == 0) {
|
|
|
|
|
resumeCount++; /* only do one resume for testing */
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
resumeCount = 0;
|
|
|
|
|
|
2018-02-19 12:29:49 +01:00
|
|
|
if (loops > 0 && --loops == 0) {
|
2017-05-11 14:01:41 +02:00
|
|
|
break; /* out of while loop, done with normal and resume option */
|
|
|
|
|
}
|
|
|
|
|
} /* while(1) */
|
|
|
|
|
|
2018-02-19 12:29:49 +01:00
|
|
|
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
|
|
|
|
|
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
|
|
|
|
|
wolfSSL_CTX_DisableOCSPStapling(ctx);
|
|
|
|
|
#endif
|
2017-05-11 14:01:41 +02:00
|
|
|
|
|
|
|
|
CloseSocket(sockfd);
|
|
|
|
|
SSL_CTX_free(ctx);
|
|
|
|
|
|
|
|
|
|
((func_args*)args)->return_code = 0;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \
|
|
|
|
|
&& defined(HAVE_THREAD_LS)
|
|
|
|
|
ecc_fp_free(); /* free per thread cache */
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#ifdef CYASSL_TIRTOS
|
|
|
|
|
fdCloseSession(Task_self());
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#if defined(HAVE_SESSION_TICKET) && defined(HAVE_CHACHA) && \
|
|
|
|
|
defined(HAVE_POLY1305)
|
|
|
|
|
TicketCleanup();
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#ifdef WOLFSSL_ASYNC_CRYPT
|
|
|
|
|
wolfAsync_DevClose(&devId);
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
/* There are use cases when these assignments are not read. To avoid
|
|
|
|
|
* potential confusion those warnings have been handled here.
|
|
|
|
|
*/
|
|
|
|
|
(void) ourKey;
|
|
|
|
|
(void) verifyCert;
|
|
|
|
|
(void) doCliCertCheck;
|
|
|
|
|
(void) useNtruKey;
|
|
|
|
|
(void) ourDhParam;
|
|
|
|
|
(void) ourCert;
|
|
|
|
|
#ifndef CYASSL_TIRTOS
|
|
|
|
|
return 0;
|
|
|
|
|
#endif
|
|
|
|
|
}
|
|
|
|
|
|
2018-02-19 12:29:49 +01:00
|
|
|
#endif /* !NO_WOLFSSL_SERVER */
|
|
|
|
|
|
2017-05-11 14:01:41 +02:00
|
|
|
|
|
|
|
|
/* so overall tests can pull in test function */
|
|
|
|
|
#ifndef NO_MAIN_DRIVER
|
|
|
|
|
|
|
|
|
|
int main(int argc, char** argv)
|
|
|
|
|
{
|
|
|
|
|
func_args args;
|
|
|
|
|
tcp_ready ready;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
StartTCP();
|
|
|
|
|
|
|
|
|
|
args.argc = argc;
|
|
|
|
|
args.argv = argv;
|
|
|
|
|
args.signal = &ready;
|
|
|
|
|
InitTcpReady(&ready);
|
|
|
|
|
|
|
|
|
|
#if defined(DEBUG_CYASSL) && !defined(WOLFSSL_MDK_SHELL)
|
|
|
|
|
CyaSSL_Debugging_ON();
|
|
|
|
|
#endif
|
|
|
|
|
CyaSSL_Init();
|
|
|
|
|
ChangeToWolfRoot();
|
|
|
|
|
|
2018-02-19 12:29:49 +01:00
|
|
|
#ifndef NO_WOLFSSL_SERVER
|
2017-05-11 14:01:41 +02:00
|
|
|
#ifdef HAVE_STACK_SIZE
|
|
|
|
|
StackSizeCheck(&args, server_test);
|
|
|
|
|
#else
|
|
|
|
|
server_test(&args);
|
|
|
|
|
#endif
|
2018-02-19 12:29:49 +01:00
|
|
|
#else
|
|
|
|
|
printf("Server not compiled in!\n");
|
|
|
|
|
#endif
|
|
|
|
|
|
2017-05-11 14:01:41 +02:00
|
|
|
CyaSSL_Cleanup();
|
|
|
|
|
FreeTcpReady(&ready);
|
|
|
|
|
|
|
|
|
|
#ifdef HAVE_WNR
|
|
|
|
|
if (wc_FreeNetRandom() < 0)
|
2018-02-19 12:29:49 +01:00
|
|
|
err_sys_ex(runWithErrors, "Failed to free netRandom context");
|
2017-05-11 14:01:41 +02:00
|
|
|
#endif /* HAVE_WNR */
|
|
|
|
|
|
|
|
|
|
return args.return_code;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int myoptind = 0;
|
|
|
|
|
char* myoptarg = NULL;
|
|
|
|
|
|
|
|
|
|
#endif /* NO_MAIN_DRIVER */
|
