2
0

client.c 163 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527152815291530153115321533153415351536153715381539154015411542154315441545154615471548154915501551155215531554155515561557155815591560156115621563156415651566156715681569157015711572157315741575157615771578157915801581158215831584158515861587158815891590159115921593159415951596159715981599160016011602160316041605160616071608160916101611161216131614161516161617161816191620162116221623162416251626162716281629163016311632163316341635163616371638163916401641164216431644164516461647164816491650165116521653165416551656165716581659166016611662166316641665166616671668166916701671167216731674167516761677167816791680168116821683168416851686168716881689169016911692169316941695169616971698169917001701170217031704170517061707170817091710171117121713171417151716171717181719172017211722172317241725172617271728172917301731173217331734173517361737173817391740174117421743174417451746174717481749175017511752175317541755175617571758175917601761176217631764176517661767176817691770177117721773177417751776177717781779178017811782178317841785178617871788178917901791179217931794179517961797179817991800180118021803180418051806180718081809181018111812181318141815181618171818181918201821182218231824182518261827182818291830183118321833183418351836183718381839184018411842184318441845184618471848184918501851185218531854185518561857185818591860186118621863186418651866186718681869187018711872187318741875187618771878187918801881188218831884188518861887188818891890189118921893189418951896189718981899190019011902190319041905190619071908190919101911191219131914191519161917191819191920192119221923192419251926192719281929193019311932193319341935193619371938193919401941194219431944194519461947194819491950195119521953195419551956195719581959196019611962196319641965196619671968196919701971197219731974197519761977197819791980198119821983198419851986198719881989199019911992199319941995199619971998199920002001200220032004200520062007200820092010201120122013201420152016201720182019202020212022202320242025202620272028202920302031203220332034203520362037203820392040204120422043204420452046204720482049205020512052205320542055205620572058205920602061206220632064206520662067206820692070207120722073207420752076207720782079208020812082208320842085208620872088208920902091209220932094209520962097209820992100210121022103210421052106210721082109211021112112211321142115211621172118211921202121212221232124212521262127212821292130213121322133213421352136213721382139214021412142214321442145214621472148214921502151215221532154215521562157215821592160216121622163216421652166216721682169217021712172217321742175217621772178217921802181218221832184218521862187218821892190219121922193219421952196219721982199220022012202220322042205220622072208220922102211221222132214221522162217221822192220222122222223222422252226222722282229223022312232223322342235223622372238223922402241224222432244224522462247224822492250225122522253225422552256225722582259226022612262226322642265226622672268226922702271227222732274227522762277227822792280228122822283228422852286228722882289229022912292229322942295229622972298229923002301230223032304230523062307230823092310231123122313231423152316231723182319232023212322232323242325232623272328232923302331233223332334233523362337233823392340234123422343234423452346234723482349235023512352235323542355235623572358235923602361236223632364236523662367236823692370237123722373237423752376237723782379238023812382238323842385238623872388238923902391239223932394239523962397239823992400240124022403240424052406240724082409241024112412241324142415241624172418241924202421242224232424242524262427242824292430243124322433243424352436243724382439244024412442244324442445244624472448244924502451245224532454245524562457245824592460246124622463246424652466246724682469247024712472247324742475247624772478247924802481248224832484248524862487248824892490249124922493249424952496249724982499250025012502250325042505250625072508250925102511251225132514251525162517251825192520252125222523252425252526252725282529253025312532253325342535253625372538253925402541254225432544254525462547254825492550255125522553255425552556255725582559256025612562256325642565256625672568256925702571257225732574257525762577257825792580258125822583258425852586258725882589259025912592259325942595259625972598259926002601260226032604260526062607260826092610261126122613261426152616261726182619262026212622262326242625262626272628262926302631263226332634263526362637263826392640264126422643264426452646264726482649265026512652265326542655265626572658265926602661266226632664266526662667266826692670267126722673267426752676267726782679268026812682268326842685268626872688268926902691269226932694269526962697269826992700270127022703270427052706270727082709271027112712271327142715271627172718271927202721272227232724272527262727272827292730273127322733273427352736273727382739274027412742274327442745274627472748274927502751275227532754275527562757275827592760276127622763276427652766276727682769277027712772277327742775277627772778277927802781278227832784278527862787278827892790279127922793279427952796279727982799280028012802280328042805280628072808280928102811281228132814281528162817281828192820282128222823282428252826282728282829283028312832283328342835283628372838283928402841284228432844284528462847284828492850285128522853285428552856285728582859286028612862286328642865286628672868286928702871287228732874287528762877287828792880288128822883288428852886288728882889289028912892289328942895289628972898289929002901290229032904290529062907290829092910291129122913291429152916291729182919292029212922292329242925292629272928292929302931293229332934293529362937293829392940294129422943294429452946294729482949295029512952295329542955295629572958295929602961296229632964296529662967296829692970297129722973297429752976297729782979298029812982298329842985298629872988298929902991299229932994299529962997299829993000300130023003300430053006300730083009301030113012301330143015301630173018301930203021302230233024302530263027302830293030303130323033303430353036303730383039304030413042304330443045304630473048304930503051305230533054305530563057305830593060306130623063306430653066306730683069307030713072307330743075307630773078307930803081308230833084308530863087308830893090309130923093309430953096309730983099310031013102310331043105310631073108310931103111311231133114311531163117311831193120312131223123312431253126312731283129313031313132313331343135313631373138313931403141314231433144314531463147314831493150315131523153315431553156315731583159316031613162316331643165316631673168316931703171317231733174317531763177317831793180318131823183318431853186318731883189319031913192319331943195319631973198319932003201320232033204320532063207320832093210321132123213321432153216321732183219322032213222322332243225322632273228322932303231323232333234323532363237323832393240324132423243324432453246324732483249325032513252325332543255325632573258325932603261326232633264326532663267326832693270327132723273327432753276327732783279328032813282328332843285328632873288328932903291329232933294329532963297329832993300330133023303330433053306330733083309331033113312331333143315331633173318331933203321332233233324332533263327332833293330333133323333333433353336333733383339334033413342334333443345334633473348334933503351335233533354335533563357335833593360336133623363336433653366336733683369337033713372337333743375337633773378337933803381338233833384338533863387338833893390339133923393339433953396339733983399340034013402340334043405340634073408340934103411341234133414341534163417341834193420342134223423342434253426342734283429343034313432343334343435343634373438343934403441344234433444344534463447344834493450345134523453345434553456345734583459346034613462346334643465346634673468346934703471347234733474347534763477347834793480348134823483348434853486348734883489349034913492349334943495349634973498349935003501350235033504350535063507350835093510351135123513351435153516351735183519352035213522352335243525352635273528352935303531353235333534353535363537353835393540354135423543354435453546354735483549355035513552355335543555355635573558355935603561356235633564356535663567356835693570357135723573357435753576357735783579358035813582358335843585358635873588358935903591359235933594359535963597359835993600360136023603360436053606360736083609361036113612361336143615361636173618361936203621362236233624362536263627362836293630363136323633363436353636363736383639364036413642364336443645364636473648364936503651365236533654365536563657365836593660366136623663366436653666366736683669367036713672367336743675367636773678367936803681368236833684368536863687368836893690369136923693369436953696369736983699370037013702370337043705370637073708370937103711371237133714371537163717371837193720372137223723372437253726372737283729373037313732373337343735373637373738373937403741374237433744374537463747374837493750375137523753375437553756375737583759376037613762376337643765376637673768376937703771377237733774377537763777377837793780378137823783378437853786378737883789379037913792379337943795379637973798379938003801380238033804380538063807380838093810381138123813381438153816381738183819382038213822382338243825382638273828382938303831383238333834383538363837383838393840384138423843384438453846384738483849385038513852385338543855385638573858385938603861386238633864386538663867386838693870387138723873387438753876387738783879388038813882388338843885388638873888388938903891389238933894389538963897389838993900390139023903390439053906390739083909391039113912391339143915391639173918391939203921392239233924392539263927392839293930393139323933393439353936393739383939394039413942394339443945394639473948394939503951395239533954395539563957395839593960396139623963396439653966396739683969397039713972397339743975397639773978397939803981398239833984398539863987398839893990399139923993399439953996399739983999400040014002400340044005400640074008400940104011401240134014401540164017401840194020402140224023402440254026402740284029403040314032403340344035403640374038403940404041404240434044404540464047404840494050405140524053405440554056405740584059406040614062406340644065406640674068406940704071407240734074407540764077407840794080408140824083408440854086408740884089409040914092409340944095409640974098409941004101410241034104410541064107410841094110411141124113411441154116411741184119412041214122412341244125412641274128412941304131413241334134413541364137413841394140414141424143414441454146414741484149415041514152415341544155415641574158415941604161416241634164416541664167416841694170417141724173417441754176417741784179418041814182418341844185418641874188418941904191419241934194419541964197419841994200420142024203420442054206420742084209421042114212421342144215421642174218421942204221422242234224422542264227422842294230423142324233423442354236423742384239424042414242424342444245424642474248424942504251425242534254425542564257425842594260426142624263426442654266426742684269427042714272427342744275427642774278427942804281428242834284428542864287428842894290429142924293429442954296429742984299430043014302430343044305430643074308430943104311431243134314431543164317431843194320432143224323432443254326432743284329433043314332433343344335433643374338433943404341434243434344434543464347434843494350435143524353435443554356435743584359436043614362436343644365436643674368436943704371437243734374437543764377437843794380438143824383438443854386438743884389439043914392439343944395439643974398439944004401440244034404440544064407440844094410441144124413441444154416441744184419442044214422442344244425442644274428442944304431443244334434443544364437443844394440444144424443444444454446444744484449445044514452445344544455445644574458445944604461446244634464446544664467446844694470447144724473447444754476447744784479448044814482448344844485448644874488448944904491449244934494449544964497449844994500450145024503450445054506450745084509451045114512451345144515451645174518451945204521452245234524452545264527452845294530453145324533453445354536453745384539454045414542454345444545454645474548454945504551455245534554455545564557455845594560456145624563456445654566456745684569457045714572457345744575457645774578457945804581458245834584458545864587458845894590459145924593459445954596459745984599460046014602460346044605460646074608460946104611461246134614461546164617461846194620462146224623462446254626462746284629463046314632463346344635463646374638463946404641464246434644464546464647464846494650465146524653465446554656465746584659466046614662466346644665466646674668466946704671467246734674467546764677467846794680468146824683468446854686468746884689469046914692469346944695469646974698469947004701470247034704470547064707470847094710471147124713471447154716471747184719472047214722472347244725472647274728472947304731473247334734473547364737473847394740474147424743474447454746474747484749475047514752475347544755475647574758475947604761476247634764476547664767476847694770477147724773477447754776477747784779478047814782478347844785478647874788478947904791479247934794479547964797479847994800480148024803480448054806480748084809481048114812481348144815481648174818481948204821482248234824482548264827482848294830483148324833483448354836483748384839484048414842484348444845484648474848484948504851485248534854485548564857485848594860486148624863486448654866486748684869487048714872487348744875487648774878487948804881488248834884488548864887
  1. /* client.c
  2. *
  3. * Copyright (C) 2006-2024 wolfSSL Inc.
  4. *
  5. * This file is part of wolfSSL.
  6. *
  7. * wolfSSL is free software; you can redistribute it and/or modify
  8. * it under the terms of the GNU General Public License as published by
  9. * the Free Software Foundation; either version 2 of the License, or
  10. * (at your option) any later version.
  11. *
  12. * wolfSSL is distributed in the hope that it will be useful,
  13. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  15. * GNU General Public License for more details.
  16. *
  17. * You should have received a copy of the GNU General Public License
  18. * along with this program; if not, write to the Free Software
  19. * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  20. */
  21. /* For simpler wolfSSL TLS client examples, visit
  22. * https://github.com/wolfSSL/wolfssl-examples/tree/master/tls
  23. */
  24. #ifdef HAVE_CONFIG_H
  25. #include <config.h>
  26. #endif
  27. #ifndef WOLFSSL_USER_SETTINGS
  28. #include <wolfssl/options.h>
  29. #endif
  30. #include <wolfssl/wolfcrypt/settings.h>
  31. #undef TEST_OPENSSL_COEXIST /* can't use this option with this example */
  32. #undef OPENSSL_COEXIST /* can't use this option with this example */
  33. #include <wolfssl/ssl.h>
  34. #ifdef WOLFSSL_WOLFSENTRY_HOOKS
  35. #include <wolfsentry/wolfsentry.h>
  36. #if !defined(NO_FILESYSTEM) && !defined(WOLFSENTRY_NO_JSON)
  37. static const char *wolfsentry_config_path = NULL;
  38. #endif
  39. #endif /* WOLFSSL_WOLFSENTRY_HOOKS */
  40. #if defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET)
  41. #include <stdio.h>
  42. #include <string.h>
  43. #include "rl_fs.h"
  44. #include "rl_net.h"
  45. #endif
  46. #include <wolfssl/test.h>
  47. #include <examples/client/client.h>
  48. #include <wolfssl/error-ssl.h>
  49. #if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_TLS)
  50. #ifdef NO_FILESYSTEM
  51. #ifdef NO_RSA
  52. #error currently the example only tries to load in a RSA buffer
  53. #endif
  54. #undef USE_CERT_BUFFERS_256
  55. #define USE_CERT_BUFFERS_256
  56. #undef USE_CERT_BUFFERS_2048
  57. #define USE_CERT_BUFFERS_2048
  58. #include <wolfssl/certs_test.h>
  59. #endif
  60. #include <wolfssl/wolfcrypt/wolfmath.h> /* for max bits */
  61. #ifdef HAVE_ECC
  62. #include <wolfssl/wolfcrypt/ecc.h>
  63. #endif
  64. #ifdef WOLFSSL_ASYNC_CRYPT
  65. static int devId = INVALID_DEVID;
  66. #endif
  67. #define DEFAULT_TIMEOUT_SEC 2
  68. #ifndef MAX_NON_BLOCK_SEC
  69. #define MAX_NON_BLOCK_SEC 10
  70. #endif
  71. #define OCSP_STAPLING 1
  72. #define OCSP_STAPLINGV2 2
  73. #define OCSP_STAPLINGV2_MULTI 3
  74. #define OCSP_STAPLING_OPT_MAX OCSP_STAPLINGV2_MULTI
  75. #ifdef WOLFSSL_ALT_TEST_STRINGS
  76. #define TEST_STR_TERM "\n"
  77. #else
  78. #define TEST_STR_TERM
  79. #endif
  80. static const char kHelloMsg[] = "hello wolfssl!" TEST_STR_TERM;
  81. #ifndef NO_SESSION_CACHE
  82. static const char kResumeMsg[] = "resuming wolfssl!" TEST_STR_TERM;
  83. #endif
  84. #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_EARLY_DATA)
  85. static const char kEarlyMsg[] = "A drop of info" TEST_STR_TERM;
  86. #endif
  87. static const char kHttpGetMsg[] = "GET /index.html HTTP/1.0\r\n\r\n";
  88. /* Write needs to be largest of the above strings (29) */
  89. #define CLI_MSG_SZ 32
  90. /* Read needs to be at least sizeof server.c `webServerMsg` (226) */
  91. #define CLI_REPLY_SZ 256
  92. #if defined(XSLEEP_US) && defined(NO_MAIN_DRIVER)
  93. /* This is to force the server's thread to get a chance to
  94. * execute before continuing the resume in non-blocking
  95. * DTLS test cases. */
  96. #define TEST_DELAY() XSLEEP_US(10000)
  97. #else
  98. #define TEST_DELAY() XSLEEP_MS(1000)
  99. #endif
  100. /* Note on using port 0: the client standalone example doesn't utilize the
  101. * port 0 port sharing; that is used by (1) the server in external control
  102. * test mode and (2) the testsuite which uses this code and sets up the correct
  103. * port numbers when the internal thread using the server code using port 0. */
  104. static int lng_index = 0;
  105. #ifdef WOLFSSL_CALLBACKS
  106. WOLFSSL_TIMEVAL timeoutConnect;
  107. static int handShakeCB(HandShakeInfo* info)
  108. {
  109. (void)info;
  110. return 0;
  111. }
  112. static int timeoutCB(TimeoutInfo* info)
  113. {
  114. (void)info;
  115. return 0;
  116. }
  117. #endif
  118. static int quieter = 0; /* Print fewer messages. This is helpful with overly
  119. * ambitious log parsers. */
  120. #define LOG_ERROR(...) \
  121. do { \
  122. if (!quieter) \
  123. fprintf(stderr, __VA_ARGS__); \
  124. } while(0)
  125. #ifdef HAVE_SESSION_TICKET
  126. #ifndef SESSION_TICKET_LEN
  127. #define SESSION_TICKET_LEN 256
  128. #endif
  129. static int sessionTicketCB(WOLFSSL* ssl,
  130. const unsigned char* ticket, int ticketSz,
  131. void* ctx)
  132. {
  133. (void)ssl;
  134. (void)ticket;
  135. printf("Session Ticket CB: ticketSz = %d, ctx = %s\n",
  136. ticketSz, (char*)ctx);
  137. return 0;
  138. }
  139. #endif
  140. static int NonBlockingSSL_Connect(WOLFSSL* ssl)
  141. {
  142. int ret;
  143. int error;
  144. SOCKET_T sockfd;
  145. int select_ret = 0;
  146. int elapsedSec = 0;
  147. #ifndef WOLFSSL_CALLBACKS
  148. ret = wolfSSL_connect(ssl);
  149. #else
  150. ret = wolfSSL_connect_ex(ssl, handShakeCB, timeoutCB, timeoutConnect);
  151. #endif
  152. error = wolfSSL_get_error(ssl, 0);
  153. sockfd = (SOCKET_T)wolfSSL_get_fd(ssl);
  154. while (ret != WOLFSSL_SUCCESS &&
  155. (error == WOLFSSL_ERROR_WANT_READ || error == WOLFSSL_ERROR_WANT_WRITE
  156. #ifdef WOLFSSL_ASYNC_CRYPT
  157. || error == WC_NO_ERR_TRACE(WC_PENDING_E)
  158. #endif
  159. #ifdef WOLFSSL_NONBLOCK_OCSP
  160. || error == WC_NO_ERR_TRACE(OCSP_WANT_READ)
  161. #endif
  162. )) {
  163. int currTimeout = 1;
  164. if (error == WOLFSSL_ERROR_WANT_READ)
  165. printf("... client would read block\n");
  166. else if (error == WOLFSSL_ERROR_WANT_WRITE)
  167. printf("... client would write block\n");
  168. #ifdef WOLFSSL_ASYNC_CRYPT
  169. if (error == WC_NO_ERR_TRACE(WC_PENDING_E)) {
  170. ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
  171. if (ret < 0) break;
  172. }
  173. else
  174. #endif
  175. {
  176. if (error == WOLFSSL_ERROR_WANT_WRITE) {
  177. select_ret = tcp_select_tx(sockfd, currTimeout);
  178. }
  179. else
  180. {
  181. #ifdef WOLFSSL_DTLS
  182. if (wolfSSL_dtls(ssl))
  183. currTimeout = wolfSSL_dtls_get_current_timeout(ssl);
  184. #endif
  185. select_ret = tcp_select(sockfd, currTimeout);
  186. }
  187. }
  188. if ((select_ret == TEST_RECV_READY) || (select_ret == TEST_SEND_READY)
  189. || (select_ret == TEST_ERROR_READY)
  190. #ifdef WOLFSSL_ASYNC_CRYPT
  191. || error == WC_NO_ERR_TRACE(WC_PENDING_E)
  192. #endif
  193. #ifdef WOLFSSL_NONBLOCK_OCSP
  194. || error == WC_NO_ERR_TRACE(OCSP_WANT_READ)
  195. #endif
  196. ) {
  197. #ifndef WOLFSSL_CALLBACKS
  198. ret = wolfSSL_connect(ssl);
  199. #else
  200. ret = wolfSSL_connect_ex(ssl, handShakeCB, timeoutCB,
  201. timeoutConnect);
  202. #endif
  203. error = wolfSSL_get_error(ssl, 0);
  204. elapsedSec = 0; /* reset elapsed */
  205. }
  206. else if (select_ret == TEST_TIMEOUT && !wolfSSL_dtls(ssl)) {
  207. error = WOLFSSL_ERROR_WANT_READ;
  208. elapsedSec += currTimeout;
  209. if (elapsedSec > MAX_NON_BLOCK_SEC) {
  210. printf("Nonblocking connect timeout\n");
  211. error = WOLFSSL_FATAL_ERROR;
  212. }
  213. }
  214. #ifdef WOLFSSL_DTLS
  215. else if (select_ret == TEST_TIMEOUT && wolfSSL_dtls(ssl)) {
  216. ret = wolfSSL_dtls_got_timeout(ssl);
  217. if (ret != WOLFSSL_SUCCESS)
  218. error = wolfSSL_get_error(ssl, ret);
  219. else
  220. error = WOLFSSL_ERROR_WANT_READ;
  221. ret = WOLFSSL_FAILURE; /* Reset error so we loop */
  222. }
  223. #endif
  224. else {
  225. error = WOLFSSL_FATAL_ERROR;
  226. }
  227. }
  228. return ret;
  229. }
  230. static void ShowCiphers(void)
  231. {
  232. static char ciphers[WOLFSSL_CIPHER_LIST_MAX_SIZE];
  233. int ret = wolfSSL_get_ciphers(ciphers, (int)sizeof(ciphers));
  234. if (ret == WOLFSSL_SUCCESS) {
  235. printf("%s\n", ciphers);
  236. }
  237. }
  238. /* Shows which versions are valid */
  239. static void ShowVersions(void)
  240. {
  241. char verStr[100];
  242. XMEMSET(verStr, 0, sizeof(verStr));
  243. #ifndef NO_OLD_TLS
  244. #ifdef WOLFSSL_ALLOW_SSLV3
  245. XSTRNCAT(verStr, "0:", 3);
  246. #endif
  247. #ifdef WOLFSSL_ALLOW_TLSV10
  248. XSTRNCAT(verStr, "1:", 3);
  249. #endif
  250. XSTRNCAT(verStr, "2:", 3);
  251. #endif /* NO_OLD_TLS */
  252. #ifndef WOLFSSL_NO_TLS12
  253. XSTRNCAT(verStr, "3:", 3);
  254. #endif
  255. #ifdef WOLFSSL_TLS13
  256. XSTRNCAT(verStr, "4:", 3);
  257. #endif
  258. XSTRNCAT(verStr, "d(downgrade):", 14);
  259. #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
  260. XSTRNCAT(verStr, "e(either):", 11);
  261. #endif
  262. /* print all strings at same time on stdout to avoid any flush issues */
  263. printf("%s\n", verStr);
  264. }
  265. #if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES)
  266. #define MAX_GROUP_NUMBER 4
  267. static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519,
  268. int useX448, int usePqc, char* pqcAlg, int setGroups)
  269. {
  270. int ret;
  271. int groups[MAX_GROUP_NUMBER] = {0};
  272. int count = 0;
  273. (void)useX25519;
  274. (void)useX448;
  275. (void)usePqc;
  276. (void)pqcAlg;
  277. WOLFSSL_START(WC_FUNC_CLIENT_KEY_EXCHANGE_SEND);
  278. if (onlyKeyShare == 0 || onlyKeyShare == 2) {
  279. if (useX25519) {
  280. #ifdef HAVE_CURVE25519
  281. do {
  282. ret = wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_X25519);
  283. if (ret == WOLFSSL_SUCCESS)
  284. groups[count++] = WOLFSSL_ECC_X25519;
  285. #ifdef WOLFSSL_ASYNC_CRYPT
  286. else if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
  287. wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
  288. #endif
  289. else
  290. err_sys("unable to use curve x25519");
  291. } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
  292. #endif
  293. }
  294. else if (useX448) {
  295. #ifdef HAVE_CURVE448
  296. do {
  297. ret = wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_X448);
  298. if (ret == WOLFSSL_SUCCESS)
  299. groups[count++] = WOLFSSL_ECC_X448;
  300. #ifdef WOLFSSL_ASYNC_CRYPT
  301. else if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
  302. wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
  303. #endif
  304. else
  305. err_sys("unable to use curve x448");
  306. } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
  307. #endif
  308. }
  309. else {
  310. #ifdef HAVE_ECC
  311. #if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES)
  312. do {
  313. ret = wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_SECP256R1);
  314. if (ret == WOLFSSL_SUCCESS)
  315. groups[count++] = WOLFSSL_ECC_SECP256R1;
  316. #ifdef WOLFSSL_ASYNC_CRYPT
  317. else if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
  318. wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
  319. #endif
  320. else
  321. err_sys("unable to use curve secp256r1");
  322. } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
  323. #endif
  324. #ifdef WOLFSSL_SM2
  325. do {
  326. ret = wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_SM2P256V1);
  327. if (ret == WOLFSSL_SUCCESS)
  328. groups[count++] = WOLFSSL_ECC_SM2P256V1;
  329. #ifdef WOLFSSL_ASYNC_CRYPT
  330. else if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
  331. wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
  332. #endif
  333. else
  334. err_sys("unable to use curve sm2p256v1");
  335. } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
  336. #endif
  337. #endif
  338. }
  339. }
  340. if (onlyKeyShare == 0 || onlyKeyShare == 1) {
  341. #ifdef HAVE_FFDHE_2048
  342. do {
  343. ret = wolfSSL_UseKeyShare(ssl, WOLFSSL_FFDHE_2048);
  344. if (ret == WOLFSSL_SUCCESS)
  345. groups[count++] = WOLFSSL_FFDHE_2048;
  346. #ifdef WOLFSSL_ASYNC_CRYPT
  347. else if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
  348. wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
  349. #endif
  350. else
  351. err_sys("unable to use DH 2048-bit parameters");
  352. } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
  353. #endif
  354. }
  355. #ifdef HAVE_PQC
  356. if (onlyKeyShare == 0 || onlyKeyShare == 3) {
  357. if (usePqc) {
  358. int group = 0;
  359. #ifndef WOLFSSL_NO_ML_KEM
  360. #ifndef WOLFSSL_NO_ML_KEM_512
  361. if (XSTRCMP(pqcAlg, "ML_KEM_512") == 0) {
  362. group = WOLFSSL_ML_KEM_512;
  363. }
  364. else
  365. #endif
  366. #ifndef WOLFSSL_NO_ML_KEM_768
  367. if (XSTRCMP(pqcAlg, "ML_KEM_768") == 0) {
  368. group = WOLFSSL_ML_KEM_768;
  369. }
  370. else
  371. #endif
  372. #ifndef WOLFSSL_NO_ML_KEM_1024
  373. if (XSTRCMP(pqcAlg, "ML_KEM_1024") == 0) {
  374. group = WOLFSSL_ML_KEM_1024;
  375. }
  376. else
  377. #endif
  378. #ifndef WOLFSSL_NO_ML_KEM_512
  379. if (XSTRCMP(pqcAlg, "P256_ML_KEM_512") == 0) {
  380. group = WOLFSSL_P256_ML_KEM_512;
  381. }
  382. else
  383. #endif
  384. #ifndef WOLFSSL_NO_ML_KEM_768
  385. if (XSTRCMP(pqcAlg, "P384_ML_KEM_768") == 0) {
  386. group = WOLFSSL_P384_ML_KEM_768;
  387. }
  388. else
  389. #endif
  390. #ifndef WOLFSSL_NO_ML_KEM_1024
  391. if (XSTRCMP(pqcAlg, "P521_ML_KEM_1024") == 0) {
  392. group = WOLFSSL_P521_ML_KEM_1024;
  393. }
  394. else
  395. #endif
  396. #endif /* WOLFSSL_NO_ML_KEM */
  397. #ifdef WOLFSSL_KYBER_ORIGINAL
  398. #ifndef WOLFSSL_NO_KYBER512
  399. if (XSTRCMP(pqcAlg, "KYBER_LEVEL1") == 0) {
  400. group = WOLFSSL_KYBER_LEVEL1;
  401. }
  402. else
  403. #endif
  404. #ifndef WOLFSSL_NO_KYBER768
  405. if (XSTRCMP(pqcAlg, "KYBER_LEVEL3") == 0) {
  406. group = WOLFSSL_KYBER_LEVEL3;
  407. }
  408. else
  409. #endif
  410. #ifndef WOLFSSL_NO_KYBER1024
  411. if (XSTRCMP(pqcAlg, "KYBER_LEVEL5") == 0) {
  412. group = WOLFSSL_KYBER_LEVEL5;
  413. }
  414. else
  415. #endif
  416. #ifndef WOLFSSL_NO_KYBER512
  417. if (XSTRCMP(pqcAlg, "P256_KYBER_LEVEL1") == 0) {
  418. group = WOLFSSL_P256_KYBER_LEVEL1;
  419. }
  420. else
  421. #endif
  422. #ifndef WOLFSSL_NO_KYBER768
  423. if (XSTRCMP(pqcAlg, "P384_KYBER_LEVEL3") == 0) {
  424. group = WOLFSSL_P384_KYBER_LEVEL3;
  425. }
  426. else
  427. #endif
  428. #ifndef WOLFSSL_NO_KYBER1024
  429. if (XSTRCMP(pqcAlg, "P521_KYBER_LEVEL5") == 0) {
  430. group = WOLFSSL_P521_KYBER_LEVEL5;
  431. }
  432. else
  433. #endif
  434. #endif /* WOLFSSL_KYBER_ORIGINAL */
  435. {
  436. err_sys("invalid post-quantum KEM specified");
  437. }
  438. printf("Using Post-Quantum KEM: %s\n", pqcAlg);
  439. if (wolfSSL_UseKeyShare(ssl, group) == WOLFSSL_SUCCESS) {
  440. groups[count++] = group;
  441. }
  442. else {
  443. err_sys("unable to use post-quantum KEM");
  444. }
  445. }
  446. }
  447. #endif
  448. if (count >= MAX_GROUP_NUMBER)
  449. err_sys("example group array size error");
  450. if (setGroups && count > 0) {
  451. if (wolfSSL_set_groups(ssl, groups, count) != WOLFSSL_SUCCESS)
  452. err_sys("unable to set groups");
  453. }
  454. WOLFSSL_END(WC_FUNC_CLIENT_KEY_EXCHANGE_SEND);
  455. }
  456. #endif /* WOLFSSL_TLS13 && HAVE_SUPPORTED_CURVES */
  457. #ifdef WOLFSSL_EARLY_DATA
  458. static void EarlyData(WOLFSSL_CTX* ctx, WOLFSSL* ssl, const char* msg,
  459. int msgSz, char* buffer)
  460. {
  461. int err;
  462. int ret;
  463. do {
  464. err = 0; /* reset error */
  465. ret = wolfSSL_write_early_data(ssl, msg, msgSz, &msgSz);
  466. if (ret <= 0) {
  467. err = wolfSSL_get_error(ssl, 0);
  468. #ifdef WOLFSSL_ASYNC_CRYPT
  469. if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
  470. ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
  471. if (ret < 0) break;
  472. }
  473. #endif
  474. }
  475. } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
  476. if (ret != msgSz) {
  477. LOG_ERROR("SSL_write_early_data msg error %d, %s\n", err,
  478. wolfSSL_ERR_error_string((unsigned long)err, buffer));
  479. wolfSSL_free(ssl); ssl = NULL;
  480. wolfSSL_CTX_free(ctx); ctx = NULL;
  481. err_sys("SSL_write_early_data failed");
  482. }
  483. }
  484. #endif
  485. /* Measures average time to create, connect and disconnect a connection (TPS).
  486. Benchmark = number of connections. */
  487. static const char* client_bench_conmsg[][5] = {
  488. /* English */
  489. {
  490. "wolfSSL_resume avg took:", "milliseconds\n",
  491. "wolfSSL_connect avg took:", "milliseconds\n",
  492. NULL
  493. },
  494. #ifndef NO_MULTIBYTE_PRINT
  495. /* Japanese */
  496. {
  497. "wolfSSL_resume 平均時間:", "ミリ秒\n",
  498. "wolfSSL_connect 平均時間:", "ミリ秒\n",
  499. }
  500. #endif
  501. };
  502. static int ClientBenchmarkConnections(WOLFSSL_CTX* ctx, char* host, word16 port,
  503. int dtlsUDP, int dtlsSCTP, int benchmark, int resumeSession, int useX25519,
  504. int useX448, int usePqc, char* pqcAlg, int helloRetry, int onlyKeyShare,
  505. int version, int earlyData)
  506. {
  507. /* time passed in number of connects give average */
  508. int times = benchmark, skip = (int)((double)times * 0.1);
  509. int loops = resumeSession ? 2 : 1;
  510. int i = 0, err, ret;
  511. #ifndef NO_SESSION_CACHE
  512. WOLFSSL_SESSION* benchSession = NULL;
  513. #endif
  514. #ifdef WOLFSSL_TLS13
  515. byte reply[CLI_REPLY_SZ];
  516. #endif
  517. const char** words = client_bench_conmsg[lng_index];
  518. (void)resumeSession;
  519. (void)useX25519;
  520. (void)useX448;
  521. (void)usePqc;
  522. (void)pqcAlg;
  523. (void)helloRetry;
  524. (void)onlyKeyShare;
  525. (void)version;
  526. (void)earlyData;
  527. while (loops--) {
  528. #ifndef NO_SESSION_CACHE
  529. int benchResume = resumeSession && loops == 0;
  530. #endif
  531. double start = current_time(1), avg;
  532. for (i = 0; i < times; i++) {
  533. SOCKET_T sockfd;
  534. WOLFSSL* ssl;
  535. if (i == skip)
  536. start = current_time(1);
  537. ssl = wolfSSL_new(ctx);
  538. if (ssl == NULL)
  539. err_sys("unable to get SSL object");
  540. #ifndef NO_SESSION_CACHE
  541. if (benchResume)
  542. wolfSSL_set_session(ssl, benchSession);
  543. #endif
  544. #if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES)
  545. else if (version >= 4) {
  546. if (!helloRetry)
  547. SetKeyShare(ssl, onlyKeyShare, useX25519, useX448,
  548. usePqc, pqcAlg, 1);
  549. else
  550. wolfSSL_NoKeyShares(ssl);
  551. }
  552. #endif
  553. tcp_connect(&sockfd, host, port, dtlsUDP, dtlsSCTP, ssl);
  554. if (wolfSSL_set_fd(ssl, sockfd) != WOLFSSL_SUCCESS) {
  555. err_sys("error in setting fd");
  556. }
  557. #if defined(WOLFSSL_TLS13) && !defined(NO_SESSION_CACHE) && \
  558. defined(WOLFSSL_EARLY_DATA)
  559. if (version >= 4 && benchResume && earlyData) {
  560. char buffer[WOLFSSL_MAX_ERROR_SZ];
  561. EarlyData(ctx, ssl, kEarlyMsg, sizeof(kEarlyMsg)-1, buffer);
  562. }
  563. #endif
  564. do {
  565. err = 0; /* reset error */
  566. ret = wolfSSL_connect(ssl);
  567. if (ret != WOLFSSL_SUCCESS) {
  568. err = wolfSSL_get_error(ssl, 0);
  569. #ifdef WOLFSSL_ASYNC_CRYPT
  570. if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
  571. /* returns the number of polled items or <0 for error */
  572. ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
  573. if (ret < 0) break;
  574. }
  575. #endif
  576. }
  577. } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
  578. #ifdef WOLFSSL_EARLY_DATA
  579. EarlyDataStatus(ssl);
  580. #endif
  581. if (ret != WOLFSSL_SUCCESS) {
  582. err_sys("SSL_connect failed");
  583. }
  584. #ifdef WOLFSSL_TLS13
  585. #ifndef NO_SESSION_CACHE
  586. if (version >= 4 && resumeSession && !benchResume)
  587. #else
  588. if (version >= 4 && resumeSession)
  589. #endif
  590. {
  591. /* no null term */
  592. if (wolfSSL_write(ssl, kHttpGetMsg, sizeof(kHttpGetMsg)-1) <= 0)
  593. err_sys("SSL_write failed");
  594. if (wolfSSL_read(ssl, reply, sizeof(reply)-1) <= 0)
  595. err_sys("SSL_read failed");
  596. }
  597. #endif
  598. wolfSSL_shutdown(ssl);
  599. #ifndef NO_SESSION_CACHE
  600. if (i == (times-1) && resumeSession) {
  601. if (benchSession != NULL)
  602. wolfSSL_SESSION_free(benchSession);
  603. benchSession = wolfSSL_get1_session(ssl);
  604. }
  605. #endif
  606. wolfSSL_free(ssl); ssl = NULL;
  607. CloseSocket(sockfd);
  608. }
  609. avg = current_time(0) - start;
  610. avg /= (times - skip);
  611. avg *= 1000; /* milliseconds */
  612. #ifndef NO_SESSION_CACHE
  613. if (benchResume)
  614. printf("%s %8.3f %s\n", words[0],avg, words[1]);
  615. else
  616. #endif
  617. printf("%s %8.3f %s\n", words[2],avg, words[3]);
  618. WOLFSSL_TIME(times);
  619. }
  620. #ifndef NO_SESSION_CACHE
  621. if (benchSession != NULL)
  622. wolfSSL_SESSION_free(benchSession);
  623. #endif
  624. return EXIT_SUCCESS;
  625. }
  626. /* Measures throughput in mbps. Throughput = number of bytes */
  627. static int ClientBenchmarkThroughput(WOLFSSL_CTX* ctx, char* host, word16 port,
  628. int dtlsUDP, int dtlsSCTP, int block, size_t throughput, int useX25519,
  629. int useX448, int usePqc, char* pqcAlg, int exitWithRet, int version,
  630. int onlyKeyShare)
  631. {
  632. double start, conn_time = 0, tx_time = 0, rx_time = 0;
  633. SOCKET_T sockfd = WOLFSSL_SOCKET_INVALID;
  634. WOLFSSL* ssl;
  635. int ret = 0, err = 0;
  636. start = current_time(1);
  637. ssl = wolfSSL_new(ctx);
  638. if (ssl == NULL)
  639. err_sys("unable to get SSL object");
  640. tcp_connect(&sockfd, host, port, dtlsUDP, dtlsSCTP, ssl);
  641. if (wolfSSL_set_fd(ssl, sockfd) != WOLFSSL_SUCCESS) {
  642. err_sys("error in setting fd");
  643. }
  644. (void)useX25519;
  645. (void)useX448;
  646. (void)usePqc;
  647. (void)pqcAlg;
  648. (void)version;
  649. (void)onlyKeyShare;
  650. #if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES)
  651. if (version >= 4) {
  652. SetKeyShare(ssl, onlyKeyShare, useX25519, useX448, usePqc,
  653. pqcAlg, 1);
  654. }
  655. #endif
  656. do {
  657. err = 0; /* reset error */
  658. ret = wolfSSL_connect(ssl);
  659. if (ret != WOLFSSL_SUCCESS) {
  660. err = wolfSSL_get_error(ssl, 0);
  661. #ifdef WOLFSSL_ASYNC_CRYPT
  662. if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
  663. ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
  664. if (ret < 0) break;
  665. }
  666. #endif
  667. }
  668. } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
  669. if (ret == WOLFSSL_SUCCESS) {
  670. /* Perform throughput test */
  671. char *tx_buffer, *rx_buffer;
  672. /* Record connection time */
  673. conn_time = current_time(0) - start;
  674. /* Allocate TX/RX buffers */
  675. tx_buffer = (char*)XMALLOC((size_t)block, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  676. rx_buffer = (char*)XMALLOC((size_t)block, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  677. if (tx_buffer && rx_buffer) {
  678. WC_RNG rng;
  679. /* Startup the RNG */
  680. #if !defined(HAVE_FIPS) && defined(WOLFSSL_ASYNC_CRYPT)
  681. ret = wc_InitRng_ex(&rng, NULL, devId);
  682. #else
  683. ret = wc_InitRng(&rng);
  684. #endif
  685. if (ret == 0) {
  686. size_t xfer_bytes;
  687. /* Generate random data to send */
  688. ret = wc_RNG_GenerateBlock(&rng, (byte*)tx_buffer, (word32)block);
  689. wc_FreeRng(&rng);
  690. if(ret != 0) {
  691. err_sys("wc_RNG_GenerateBlock failed");
  692. }
  693. /* Perform TX and RX of bytes */
  694. xfer_bytes = 0;
  695. while (throughput > xfer_bytes) {
  696. int len, rx_pos, select_ret;
  697. /* Determine packet size */
  698. len = (int)min((word32)block, (word32)(throughput - xfer_bytes));
  699. /* Perform TX */
  700. start = current_time(1);
  701. do {
  702. err = 0; /* reset error */
  703. ret = wolfSSL_write(ssl, tx_buffer, len);
  704. if (ret <= 0) {
  705. err = wolfSSL_get_error(ssl, 0);
  706. #ifdef WOLFSSL_ASYNC_CRYPT
  707. if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
  708. ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
  709. if (ret < 0) break;
  710. }
  711. #endif
  712. }
  713. } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
  714. if (ret != len) {
  715. LOG_ERROR("SSL_write bench error %d!\n", err);
  716. if (!exitWithRet)
  717. err_sys("SSL_write failed");
  718. goto doExit;
  719. }
  720. tx_time += current_time(0) - start;
  721. /* Perform RX */
  722. select_ret = tcp_select(sockfd, DEFAULT_TIMEOUT_SEC);
  723. if (select_ret == TEST_RECV_READY) {
  724. start = current_time(1);
  725. rx_pos = 0;
  726. while (rx_pos < len) {
  727. ret = wolfSSL_read(ssl, &rx_buffer[rx_pos],
  728. len - rx_pos);
  729. if (ret <= 0) {
  730. err = wolfSSL_get_error(ssl, 0);
  731. #ifdef WOLFSSL_ASYNC_CRYPT
  732. if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
  733. ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
  734. if (ret < 0) break;
  735. }
  736. else
  737. #endif
  738. if (err != WOLFSSL_ERROR_WANT_READ &&
  739. err != WOLFSSL_ERROR_WANT_WRITE) {
  740. LOG_ERROR("SSL_read bench error %d\n", err);
  741. err_sys("SSL_read failed");
  742. }
  743. }
  744. else {
  745. rx_pos += ret;
  746. }
  747. }
  748. rx_time += current_time(0) - start;
  749. }
  750. /* Compare TX and RX buffers */
  751. if (XMEMCMP(tx_buffer, rx_buffer, (size_t)len) != 0) {
  752. XFREE(tx_buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  753. tx_buffer = NULL;
  754. XFREE(rx_buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  755. rx_buffer = NULL;
  756. err_sys("Compare TX and RX buffers failed");
  757. }
  758. /* Update overall position */
  759. xfer_bytes += (size_t)len;
  760. }
  761. }
  762. else {
  763. err_sys("wc_InitRng failed");
  764. }
  765. (void)rng; /* for WC_NO_RNG case */
  766. }
  767. else {
  768. err_sys("Client buffer malloc failed");
  769. }
  770. doExit:
  771. XFREE(tx_buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  772. XFREE(rx_buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  773. }
  774. else {
  775. err_sys("wolfSSL_connect failed");
  776. }
  777. wolfSSL_shutdown(ssl);
  778. wolfSSL_free(ssl); ssl = NULL;
  779. CloseSocket(sockfd);
  780. if (exitWithRet)
  781. return err;
  782. #if defined(__MINGW32__) || defined(_WIN32)
  783. #define SIZE_FMT "%d"
  784. #define SIZE_TYPE int
  785. #else
  786. #define SIZE_FMT "%zu"
  787. #define SIZE_TYPE size_t
  788. #endif
  789. printf(
  790. "wolfSSL Client Benchmark " SIZE_FMT " bytes\n"
  791. "\tConnect %8.3f ms\n"
  792. "\tTX %8.3f ms (%8.3f MBps)\n"
  793. "\tRX %8.3f ms (%8.3f MBps)\n",
  794. (SIZE_TYPE)throughput,
  795. conn_time * 1000,
  796. (double)tx_time * 1000, (double)throughput / tx_time / 1024 / 1024,
  797. (double)rx_time * 1000, (double)throughput / rx_time / 1024 / 1024
  798. );
  799. return EXIT_SUCCESS;
  800. }
  801. const char* starttlsCmd[6] = {
  802. "220",
  803. "EHLO mail.example.com\r\n",
  804. "250",
  805. "STARTTLS\r\n",
  806. "220",
  807. "QUIT\r\n",
  808. };
  809. /* Initiates the STARTTLS command sequence over TCP */
  810. static int StartTLS_Init(SOCKET_T* sockfd)
  811. {
  812. char tmpBuf[512];
  813. if (sockfd == NULL)
  814. return BAD_FUNC_ARG;
  815. /* S: 220 <host> SMTP service ready */
  816. XMEMSET(tmpBuf, 0, sizeof(tmpBuf));
  817. if (recv(*sockfd, tmpBuf, sizeof(tmpBuf)-1, 0) < 0)
  818. err_sys("failed to read STARTTLS command\n");
  819. if ((!XSTRNCMP(tmpBuf, starttlsCmd[0], XSTRLEN(starttlsCmd[0]))) &&
  820. (tmpBuf[XSTRLEN(starttlsCmd[0])] == ' ')) {
  821. printf("%s\n", tmpBuf);
  822. } else {
  823. err_sys("incorrect STARTTLS command received");
  824. }
  825. /* C: EHLO mail.example.com */
  826. if (send(*sockfd, starttlsCmd[1], (SIZE_TYPE)XSTRLEN(starttlsCmd[1]), 0) !=
  827. (int)XSTRLEN(starttlsCmd[1]))
  828. err_sys("failed to send STARTTLS EHLO command\n");
  829. /* S: 250 <host> offers a warm hug of welcome */
  830. XMEMSET(tmpBuf, 0, sizeof(tmpBuf));
  831. if (recv(*sockfd, tmpBuf, sizeof(tmpBuf)-1, 0) < 0)
  832. err_sys("failed to read STARTTLS command\n");
  833. if ((!XSTRNCMP(tmpBuf, starttlsCmd[2], XSTRLEN(starttlsCmd[2]))) &&
  834. (tmpBuf[XSTRLEN(starttlsCmd[2])] == '-')) {
  835. printf("%s\n", tmpBuf);
  836. } else {
  837. err_sys("incorrect STARTTLS command received");
  838. }
  839. /* C: STARTTLS */
  840. if (send(*sockfd, starttlsCmd[3], (SIZE_TYPE)XSTRLEN(starttlsCmd[3]), 0) !=
  841. (int)XSTRLEN(starttlsCmd[3])) {
  842. err_sys("failed to send STARTTLS command\n");
  843. }
  844. /* S: 220 Go ahead */
  845. XMEMSET(tmpBuf, 0, sizeof(tmpBuf));
  846. if (recv(*sockfd, tmpBuf, sizeof(tmpBuf)-1, 0) < 0)
  847. err_sys("failed to read STARTTLS command\n");
  848. tmpBuf[sizeof(tmpBuf)-1] = '\0';
  849. if ((!XSTRNCMP(tmpBuf, starttlsCmd[4], XSTRLEN(starttlsCmd[4]))) &&
  850. (tmpBuf[XSTRLEN(starttlsCmd[4])] == ' ')) {
  851. printf("%s\n", tmpBuf);
  852. } else {
  853. err_sys("incorrect STARTTLS command received, expected 220");
  854. }
  855. return WOLFSSL_SUCCESS;
  856. }
  857. /* Closes down the SMTP connection */
  858. static int SMTP_Shutdown(WOLFSSL* ssl, int wc_shutdown)
  859. {
  860. int ret, err = 0;
  861. char tmpBuf[256];
  862. if (ssl == NULL)
  863. return BAD_FUNC_ARG;
  864. printf("\nwolfSSL client shutting down SMTP connection\n");
  865. XMEMSET(tmpBuf, 0, sizeof(tmpBuf));
  866. /* C: QUIT */
  867. do {
  868. ret = wolfSSL_write(ssl, starttlsCmd[5], (int)XSTRLEN(starttlsCmd[5]));
  869. if (ret < 0) {
  870. err = wolfSSL_get_error(ssl, 0);
  871. #ifdef WOLFSSL_ASYNC_CRYPT
  872. if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
  873. ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
  874. if (ret < 0) break;
  875. }
  876. #endif
  877. }
  878. } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
  879. if (ret != (int)XSTRLEN(starttlsCmd[5])) {
  880. err_sys("failed to send SMTP QUIT command\n");
  881. }
  882. /* S: 221 2.0.0 Service closing transmission channel */
  883. do {
  884. ret = wolfSSL_read(ssl, tmpBuf, sizeof(tmpBuf)-1);
  885. if (ret < 0) {
  886. err = wolfSSL_get_error(ssl, 0);
  887. #ifdef WOLFSSL_ASYNC_CRYPT
  888. if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
  889. ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
  890. if (ret < 0) break;
  891. }
  892. #endif
  893. }
  894. } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
  895. if (ret < 0) {
  896. err_sys("failed to read SMTP closing down response\n");
  897. }
  898. tmpBuf[ret] = 0; /* null terminate message */
  899. printf("%s\n", tmpBuf);
  900. ret = wolfSSL_shutdown(ssl);
  901. if (wc_shutdown && ret == WOLFSSL_SHUTDOWN_NOT_DONE) {
  902. if (tcp_select(wolfSSL_get_fd(ssl), DEFAULT_TIMEOUT_SEC) ==
  903. TEST_RECV_READY) {
  904. ret = wolfSSL_shutdown(ssl); /* bidirectional shutdown */
  905. if (ret == WOLFSSL_SUCCESS)
  906. printf("Bidirectional shutdown complete\n");
  907. }
  908. if (ret != WOLFSSL_SUCCESS)
  909. LOG_ERROR("Bidirectional shutdown failed\n");
  910. }
  911. return WOLFSSL_SUCCESS;
  912. }
  913. static int ClientWrite(WOLFSSL* ssl, const char* msg, int msgSz, const char* str,
  914. int exitWithRet)
  915. {
  916. int ret, err;
  917. do {
  918. err = 0; /* reset error */
  919. ret = wolfSSL_write(ssl, msg, msgSz);
  920. if (ret <= 0) {
  921. err = wolfSSL_get_error(ssl, 0);
  922. #ifdef WOLFSSL_ASYNC_CRYPT
  923. if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
  924. ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
  925. if (ret < 0) break;
  926. }
  927. #endif
  928. }
  929. } while (err == WOLFSSL_ERROR_WANT_WRITE ||
  930. err == WOLFSSL_ERROR_WANT_READ
  931. #ifdef WOLFSSL_ASYNC_CRYPT
  932. || err == WC_NO_ERR_TRACE(WC_PENDING_E)
  933. #endif
  934. );
  935. if (ret != msgSz) {
  936. char buffer[WOLFSSL_MAX_ERROR_SZ];
  937. LOG_ERROR("SSL_write%s msg error %d, %s\n", str, err,
  938. wolfSSL_ERR_error_string((unsigned long)err, buffer));
  939. if (!exitWithRet) {
  940. err_sys("SSL_write failed");
  941. }
  942. }
  943. return err;
  944. }
  945. static int ClientRead(WOLFSSL* ssl, char* reply, int replyLen, int mustRead,
  946. const char* str, int exitWithRet)
  947. {
  948. int ret, err;
  949. char buffer[WOLFSSL_MAX_ERROR_SZ];
  950. double start = current_time(1), elapsed;
  951. do {
  952. err = 0; /* reset error */
  953. ret = wolfSSL_read(ssl, reply, replyLen);
  954. if (ret <= 0) {
  955. err = wolfSSL_get_error(ssl, 0);
  956. #ifdef WOLFSSL_ASYNC_CRYPT
  957. if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
  958. ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
  959. if (ret < 0) break;
  960. }
  961. else
  962. #endif
  963. if (err != WOLFSSL_ERROR_WANT_READ &&
  964. err != WOLFSSL_ERROR_WANT_WRITE &&
  965. err != WC_NO_ERR_TRACE(APP_DATA_READY))
  966. {
  967. LOG_ERROR("SSL_read reply error %d, %s\n", err,
  968. wolfSSL_ERR_error_string((unsigned long)err, buffer));
  969. if (!exitWithRet) {
  970. err_sys("SSL_read failed");
  971. }
  972. else {
  973. break;
  974. }
  975. }
  976. }
  977. if (mustRead &&
  978. (err == WOLFSSL_ERROR_WANT_READ
  979. || err == WOLFSSL_ERROR_WANT_WRITE)) {
  980. elapsed = current_time(0) - start;
  981. if (elapsed > MAX_NON_BLOCK_SEC) {
  982. LOG_ERROR("Nonblocking read timeout\n");
  983. ret = WOLFSSL_FATAL_ERROR;
  984. break;
  985. }
  986. }
  987. } while ((mustRead && err == WOLFSSL_ERROR_WANT_READ)
  988. || err == WOLFSSL_ERROR_WANT_WRITE
  989. #ifdef WOLFSSL_ASYNC_CRYPT
  990. || err == WC_NO_ERR_TRACE(WC_PENDING_E)
  991. #endif
  992. || err == WC_NO_ERR_TRACE(APP_DATA_READY)
  993. );
  994. if (ret > 0) {
  995. reply[ret] = 0; /* null terminate */
  996. printf("%s%s\n", str, reply);
  997. }
  998. return err;
  999. }
  1000. static int ClientWriteRead(WOLFSSL* ssl, const char* msg, int msgSz,
  1001. char* reply, int replyLen, int mustRead,
  1002. const char* str, int exitWithRet)
  1003. {
  1004. int ret = 0;
  1005. do {
  1006. ret = ClientWrite(ssl, msg, msgSz, str, exitWithRet);
  1007. if (ret != 0) {
  1008. if (!exitWithRet)
  1009. err_sys("ClientWrite failed");
  1010. else
  1011. break;
  1012. }
  1013. if (wolfSSL_dtls(ssl)) {
  1014. ret = tcp_select(wolfSSL_get_fd(ssl), DEFAULT_TIMEOUT_SEC);
  1015. if (ret == TEST_TIMEOUT) {
  1016. continue;
  1017. }
  1018. else if (ret == TEST_RECV_READY) {
  1019. /* Ready to read */
  1020. }
  1021. else {
  1022. LOG_ERROR("%s tcp_select error\n", str);
  1023. if (!exitWithRet)
  1024. err_sys("tcp_select failed");
  1025. else
  1026. ret = WOLFSSL_FATAL_ERROR;
  1027. break;
  1028. }
  1029. }
  1030. ret = ClientRead(ssl, reply, replyLen, mustRead, str, exitWithRet);
  1031. if (mustRead && ret != 0) {
  1032. if (!exitWithRet)
  1033. err_sys("ClientRead failed");
  1034. else
  1035. break;
  1036. }
  1037. break;
  1038. } while (1);
  1039. if (ret != 0) {
  1040. char buffer[WOLFSSL_MAX_ERROR_SZ];
  1041. LOG_ERROR("SSL_write%s msg error %d, %s\n", str, ret,
  1042. wolfSSL_ERR_error_string((unsigned long)ret, buffer));
  1043. }
  1044. return ret;
  1045. }
  1046. /* when adding new option, please follow the steps below: */
  1047. /* 1. add new option message in English section */
  1048. /* 2. increase the number of the second column */
  1049. /* 3. increase the array dimension */
  1050. /* 4. add the same message into Japanese section */
  1051. /* (will be translated later) */
  1052. /* 5. add printf() into suitable position of Usage() */
  1053. static const char* client_usage_msg[][78] = {
  1054. /* English */
  1055. {
  1056. " NOTE: All files relative to wolfSSL home dir\n", /* 0 */
  1057. "Max RSA key size in bits for build is set at : ", /* 1 */
  1058. #ifdef NO_RSA
  1059. "RSA not supported\n", /* 2 */
  1060. #elif defined(WOLFSSL_SP_MATH) /* case of SP math only */
  1061. #ifdef WOLFSSL_SP_4096
  1062. "4096\n", /* 2 */
  1063. #elif !defined(WOLFSSL_SP_NO_3072)
  1064. "3072\n", /* 2 */
  1065. #elif !defined(WOLFSSL_SP_NO_2048)
  1066. "2048\n", /* 2 */
  1067. #else
  1068. "0\n", /* 2 */
  1069. #endif
  1070. #elif defined(USE_FAST_MATH)
  1071. #else
  1072. "INFINITE\n", /* 2 */
  1073. #endif
  1074. "-? <num> Help, print this usage\n"
  1075. " 0: English, 1: Japanese\n"
  1076. "--help Help, in English\n", /* 3 */
  1077. "-h <host> Host to connect to, default", /* 4 */
  1078. "-p <num> Port to connect on, not 0, default", /* 5 */
  1079. #ifndef WOLFSSL_TLS13
  1080. "-v <num> SSL version [0-3], SSLv3(0) - TLS1.2(3)), default", /* 6 */
  1081. "-V Prints valid ssl version numbers"
  1082. ", SSLv3(0) - TLS1.2(3)\n", /* 7 */
  1083. #else
  1084. "-v <num> SSL version [0-4], SSLv3(0) - TLS1.3(4)), default", /* 6 */
  1085. "-V Prints valid ssl version numbers,"
  1086. " SSLv3(0) - TLS1.3(4)\n", /* 7 */
  1087. #endif
  1088. "-l <str> Cipher suite list (: delimited)\n", /* 8 */
  1089. #ifndef NO_CERTS
  1090. "-c <file> Certificate file, default", /* 9 */
  1091. "-k <file> Key file, default", /* 10 */
  1092. "-A <file> Certificate Authority file, default", /* 11 */
  1093. #endif
  1094. #ifndef NO_DH
  1095. "-Z <num> Minimum DH key bits, default", /* 12 */
  1096. #endif
  1097. "-b <num> Benchmark <num> connections and print stats\n", /* 13 */
  1098. #ifdef HAVE_ALPN
  1099. "-L <str> Application-Layer Protocol"
  1100. " Negotiation ({C,F}:<list>)\n", /* 14 */
  1101. #endif
  1102. "-B <num> Benchmark throughput"
  1103. " using <num> bytes and print stats\n", /* 15 */
  1104. #ifndef NO_PSK
  1105. "-s Use pre Shared keys\n", /* 16 */
  1106. #endif
  1107. "-d Disable peer checks\n", /* 17 */
  1108. "-D Override Date Errors example\n", /* 18 */
  1109. "-e List Every cipher suite available, \n", /* 19 */
  1110. "-g Send server HTTP GET\n", /* 20 */
  1111. #ifdef WOLFSSL_DTLS
  1112. #ifndef WOLFSSL_DTLS13
  1113. "-u Use UDP DTLS, add -v 2 for DTLSv1, -v 3 for DTLSv1.2"
  1114. " (default)\n", /* 21 */
  1115. #else
  1116. "-u Use UDP DTLS, add -v 2 for DTLSv1, -v 3 for DTLSv1.2"
  1117. " (default), -v 4 for DTLSv1.3\n", /* 21 */
  1118. #endif /* !WOLFSSL_DTLS13 */
  1119. #endif
  1120. #ifdef WOLFSSL_SCTP
  1121. "-G Use SCTP DTLS,"
  1122. " add -v 2 for DTLSv1, -v 3 for DTLSv1.2 (default)\n", /* 22 */
  1123. #endif
  1124. #ifndef NO_CERTS
  1125. "-m Match domain name in cert\n", /* 23 */
  1126. #endif
  1127. "-N Use Non-blocking sockets\n", /* 24 */
  1128. #ifndef NO_SESSION_CACHE
  1129. "-r Resume session\n", /* 25 */
  1130. #endif
  1131. "-w Wait for bidirectional shutdown\n", /* 26 */
  1132. "-M <prot> Use STARTTLS, using <prot> protocol (smtp)\n", /* 27 */
  1133. #ifdef HAVE_SECURE_RENEGOTIATION
  1134. "-R Allow Secure Renegotiation\n", /* 28 */
  1135. "-i <str> Force client Initiated Secure Renegotiation. If the\n"
  1136. " string 'scr-app-data' is passed in as the value and\n"
  1137. " Non-blocking sockets are enabled ('-N') then wolfSSL\n"
  1138. " sends a test message during the secure renegotiation.\n"
  1139. " The string parameter is optional.\n", /* 29 */
  1140. #endif
  1141. "-f Fewer packets/group messages\n", /* 30 */
  1142. #ifndef NO_CERTS
  1143. "-x Disable client cert/key loading\n", /* 31 */
  1144. #endif
  1145. "-X Driven by eXternal test case\n", /* 32 */
  1146. "-j Use verify callback override\n", /* 33 */
  1147. #ifdef SHOW_SIZES
  1148. "-z Print structure sizes\n", /* 34 */
  1149. #endif
  1150. #ifdef HAVE_SNI
  1151. "-S <str> Use Host Name Indication\n", /* 35 */
  1152. #endif
  1153. #ifdef HAVE_MAX_FRAGMENT
  1154. "-F <num> Use Maximum Fragment Length [1-6]\n", /* 36 */
  1155. #endif
  1156. #ifdef HAVE_TRUNCATED_HMAC
  1157. "-T Use Truncated HMAC\n", /* 37 */
  1158. #endif
  1159. #ifdef HAVE_EXTENDED_MASTER
  1160. "-n Disable Extended Master Secret\n", /* 38 */
  1161. #endif
  1162. #ifdef HAVE_OCSP
  1163. "-o Perform OCSP lookup on peer certificate\n", /* 39 */
  1164. "-O <url> Perform OCSP lookup using <url> as responder\n", /* 40 */
  1165. #endif
  1166. #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
  1167. || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
  1168. "-W <num> Use OCSP Stapling (1 v1, 2 v2, 3 v2 multi)\n", /* 41 */
  1169. " With 'm' at end indicates MUST staple\n", /* 42 */
  1170. #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TLS_OCSP_MULTI)
  1171. " -W 1 -v 4, Perform multi OCSP stapling for TLS13\n",
  1172. /* 43 */
  1173. #endif
  1174. #endif
  1175. #if defined(ATOMIC_USER) && !defined(WOLFSSL_AEAD_ONLY)
  1176. "-U Atomic User Record Layer Callbacks\n", /* 44 */
  1177. #endif
  1178. #ifdef HAVE_PK_CALLBACKS
  1179. "-P Public Key Callbacks\n", /* 45 */
  1180. #endif
  1181. #ifdef HAVE_ANON
  1182. "-a Anonymous client\n", /* 46 */
  1183. #endif
  1184. #ifdef HAVE_CRL
  1185. "-C Disable CRL\n", /* 47 */
  1186. #endif
  1187. #ifdef WOLFSSL_TRUST_PEER_CERT
  1188. "-E <file> Path to load trusted peer cert\n", /* 48 */
  1189. #endif
  1190. #ifdef HAVE_WNR
  1191. "-q <file> Whitewood config file, defaults\n", /* 49 */
  1192. #endif
  1193. "-H <arg> Internal tests"
  1194. " [defCipherList, exitWithRet, verifyFail, useSupCurve,\n"
  1195. " loadSSL, disallowETM]\n", /* 50 */
  1196. #ifdef WOLFSSL_TLS13
  1197. "-J Use HelloRetryRequest to choose group for KE\n", /* 51 */
  1198. "-K Key Exchange for PSK not using (EC)DHE\n", /* 52 */
  1199. "-I Update keys and IVs before sending data\n", /* 53 */
  1200. #ifndef NO_DH
  1201. "-y Key Share with FFDHE named groups only\n", /* 54 */
  1202. #endif
  1203. #ifdef HAVE_ECC
  1204. "-Y Key Share with ECC named groups only\n", /* 55 */
  1205. #endif
  1206. #endif /* WOLFSSL_TLS13 */
  1207. #ifdef HAVE_CURVE25519
  1208. "-t Use X25519 for key exchange\n", /* 56 */
  1209. #endif
  1210. #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
  1211. "-Q Support requesting certificate post-handshake\n", /* 57 */
  1212. #endif
  1213. #ifdef WOLFSSL_EARLY_DATA
  1214. "-0 Early data sent to server (0-RTT handshake)\n", /* 58 */
  1215. #endif
  1216. #ifdef WOLFSSL_MULTICAST
  1217. "-3 <grpid> Multicast, grpid < 256\n", /* 59 */
  1218. #endif
  1219. "-1 <num> Display a result by specified language.\n"
  1220. " 0: English, 1: Japanese\n", /* 60 */
  1221. #if !defined(NO_DH) && !defined(HAVE_FIPS) && \
  1222. !defined(HAVE_SELFTEST) && !defined(WOLFSSL_OLD_PRIME_CHECK)
  1223. "-2 Disable DH Prime check\n", /* 61 */
  1224. #endif
  1225. #ifdef HAVE_SECURE_RENEGOTIATION
  1226. "-4 Use resumption for renegotiation\n", /* 62 */
  1227. #endif
  1228. #ifdef HAVE_TRUSTED_CA
  1229. "-5 Use Trusted CA Key Indication\n", /* 63 */
  1230. #endif
  1231. "-6 Simulate WANT_WRITE errors on every other IO send\n", /* 64 */
  1232. #ifdef HAVE_CURVE448
  1233. "-8 Use X448 for key exchange\n", /* 65 */
  1234. #endif
  1235. #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
  1236. (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
  1237. !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
  1238. "-9 Use hash dir look up for certificate loading\n"
  1239. " loading from <wolfSSL home>/certs folder\n"
  1240. " files in the folder would have the form \"hash.N\" file name\n"
  1241. " e.g symbolic link to the file at certs folder\n"
  1242. " ln -s ca-cert.pem `openssl x509 -in ca-cert.pem -hash -noout`.0\n",
  1243. /* 66 */
  1244. #endif
  1245. #if defined(WOLFSSL_WOLFSENTRY_HOOKS) && !defined(NO_FILESYSTEM) && \
  1246. !defined(WOLFSENTRY_NO_JSON)
  1247. "--wolfsentry-config <file> Path for JSON wolfSentry config\n",
  1248. /* 67 */
  1249. #endif
  1250. #ifndef WOLFSSL_TLS13
  1251. "-7 Set minimum downgrade protocol version [0-3] "
  1252. " SSLv3(0) - TLS1.2(3)\n",
  1253. #else
  1254. "-7 Set minimum downgrade protocol version [0-4] "
  1255. " SSLv3(0) - TLS1.3(4)\n", /* 68 */
  1256. #endif
  1257. #ifdef HAVE_PQC
  1258. "--pqc <alg> Key Share with specified post-quantum algorithm only:\n"
  1259. #ifndef WOLFSSL_NO_ML_KEM
  1260. " ML_KEM_512, ML_KEM_768, ML_KEM_1024, P256_ML_KEM_512,"
  1261. "\n"
  1262. " P384_ML_KEM_768, P521_ML_KEM_1024\n"
  1263. #endif
  1264. #ifdef WOLFSSL_KYBER_ORIGINAL
  1265. " KYBER_LEVEL1, KYBER_LEVEL3, KYBER_LEVEL5, "
  1266. "P256_KYBER_LEVEL1,\n"
  1267. " P384_KYBER_LEVEL3, P521_KYBER_LEVEL5\n"
  1268. #endif
  1269. "",
  1270. /* 69 */
  1271. #endif
  1272. #ifdef WOLFSSL_SRTP
  1273. "--srtp <profile> (default is SRTP_AES128_CM_SHA1_80)\n", /* 70 */
  1274. #endif
  1275. #ifdef WOLFSSL_SYS_CA_CERTS
  1276. "--sys-ca-certs Load system CA certs for server cert verification\n", /* 71 */
  1277. #endif
  1278. #ifdef HAVE_SUPPORTED_CURVES
  1279. "--onlyPskDheKe Must use DHE key exchange with PSK\n", /* 72 */
  1280. #endif
  1281. #ifndef NO_PSK
  1282. "--openssl-psk Use TLS 1.3 PSK callback compatible with OpenSSL\n", /* 73 */
  1283. #endif
  1284. #ifdef HAVE_RPK
  1285. "--rpk Use RPK for the defined certificates\n", /* 74 */
  1286. #endif
  1287. "--files-are-der Specified files are in DER, not PEM format\n", /* 75 */
  1288. #ifdef WOLFSSL_SYS_CRYPTO_POLICY
  1289. "--crypto-policy <path to crypto policy file>\n", /* 76 */
  1290. #endif
  1291. "\n"
  1292. "For simpler wolfSSL TLS client examples, visit\n"
  1293. "https://github.com/wolfSSL/wolfssl-examples/tree/master/tls\n", /* 77 */
  1294. NULL,
  1295. },
  1296. #ifndef NO_MULTIBYTE_PRINT
  1297. /* Japanese */
  1298. {
  1299. " 注意 : 全てのファイルは wolfSSL ホーム・ディレクトリからの相対です。"
  1300. "\n", /* 0 */
  1301. "RSAの最大ビットは次のように設定されています: ", /* 1 */
  1302. #ifdef NO_RSA
  1303. "RSAはサポートされていません。\n", /* 2 */
  1304. #elif defined(WOLFSSL_SP_MATH) /* case of SP math only */
  1305. #ifndef WOLFSSL_SP_NO_3072
  1306. "3072\n", /* 2 */
  1307. #elif !defined(WOLFSSL_SP_NO_2048)
  1308. "2048\n", /* 2 */
  1309. #else
  1310. "0\n", /* 2 */
  1311. #endif
  1312. #elif defined(USE_FAST_MATH)
  1313. #else
  1314. "無限\n", /* 2 */
  1315. #endif
  1316. "-? <num> ヘルプ, 使い方を表示\n"
  1317. " 0: 英語、 1: 日本語\n"
  1318. "--ヘルプ 日本語で使い方を表示\n", /* 3 */
  1319. "-h <host> 接続先ホスト, 既定値", /* 4 */
  1320. "-p <num> 接続先ポート, 0は無効, 既定値", /* 5 */
  1321. #ifndef WOLFSSL_TLS13
  1322. "-v <num> SSL バージョン [0-3], SSLv3(0) - TLS1.2(3)),"
  1323. " 既定値", /* 6 */
  1324. "-V 有効な ssl バージョン番号を出力, SSLv3(0) -"
  1325. " TLS1.2(3)\n", /* 7 */
  1326. #else
  1327. "-v <num> SSL バージョン [0-4], SSLv3(0) - TLS1.3(4)),"
  1328. " 既定値", /* 6 */
  1329. "-V 有効な ssl バージョン番号を出力, SSLv3(0) -"
  1330. " TLS1.3(4)\n", /* 7 */
  1331. #endif
  1332. "-l <str> 暗号スイートリスト (区切り文字 :)\n", /* 8 */
  1333. #ifndef NO_CERTS
  1334. "-c <file> 証明書ファイル, 既定値", /* 9 */
  1335. "-k <file> 鍵ファイル, 既定値", /* 10 */
  1336. "-A <file> 認証局ファイル, 既定値", /* 11 */
  1337. #endif
  1338. #ifndef NO_DH
  1339. "-Z <num> 最小 DH 鍵 ビット, 既定値", /* 12 */
  1340. #endif
  1341. "-b <num> ベンチマーク <num> 接続及び結果出力する\n", /* 13 */
  1342. #ifdef HAVE_ALPN
  1343. "-L <str> アプリケーション層プロトコルネゴシエーションを行う"
  1344. " ({C,F}:<list>)\n", /* 14 */
  1345. #endif
  1346. "-B <num> <num> バイトを用いてのベンチマーク・スループット測定"
  1347. "と結果を出力する\n", /* 15 */
  1348. #ifndef NO_PSK
  1349. "-s 事前共有鍵を使用する\n", /* 16 */
  1350. #endif
  1351. "-d ピア確認を無効とする\n", /* 17 */
  1352. "-D 日付エラー用コールバック例の上書きを行う\n", /* 18 */
  1353. "-e 利用可能な全ての暗号スイートをリスト, \n", /* 19 */
  1354. "-g サーバーへ HTTP GET を送信\n", /* 20 */
  1355. #ifdef WOLFSSL_DTLS
  1356. "-u UDP DTLSを使用する。\n"
  1357. #ifndef WOLFSSL_DTLS13
  1358. " -v 2 を追加指定するとDTLSv1, "
  1359. "-v 3 を追加指定すると DTLSv1.2 (既定値)\n", /* 21 */
  1360. #else
  1361. " -v 2 を追加指定するとDTLSv1, "
  1362. "-v 3 を追加指定すると DTLSv1.2 (既定値),\n"
  1363. " -v 4 を追加指定すると DTLSv1.3\n", /* 21 */
  1364. #endif /* !WOLFSSL_DTLS13 */
  1365. #endif /* WOLFSSL_DTLS */
  1366. #ifdef WOLFSSL_SCTP
  1367. "-G SCTP DTLSを使用する。-v 2 を追加指定すると"
  1368. " DTLSv1, -v 3 を追加指定すると DTLSv1.2 (既定値)\n", /* 22 */
  1369. #endif
  1370. #ifndef NO_CERTS
  1371. "-m 証明書内のドメイン名一致を確認する\n", /* 23 */
  1372. #endif
  1373. "-N ノンブロッキング・ソケットを使用する\n", /* 24 */
  1374. #ifndef NO_SESSION_CACHE
  1375. "-r セッションを継続する\n", /* 25 */
  1376. #endif
  1377. "-w 双方向シャットダウンを待つ\n", /* 26 */
  1378. "-M <prot> STARTTLSを使用する, <prot>プロトコル(smtp)を"
  1379. "使用する\n", /* 27 */
  1380. #ifdef HAVE_SECURE_RENEGOTIATION
  1381. "-R セキュアな再ネゴシエーションを許可する\n", /* 28 */
  1382. "-i <str> クライアント主導のネゴシエーションを強制する\n", /* 29 */
  1383. #endif
  1384. "-f より少ないパケット/グループメッセージを使用する\n",/* 30 */
  1385. #ifndef NO_CERTS
  1386. "-x クライアントの証明書/鍵のロードを無効する\n", /* 31 */
  1387. #endif
  1388. "-X 外部テスト・ケースにより動作する\n", /* 32 */
  1389. "-j コールバック・オーバーライドの検証を使用する\n", /* 33 */
  1390. #ifdef SHOW_SIZES
  1391. "-z 構造体のサイズを表示する\n", /* 34 */
  1392. #endif
  1393. #ifdef HAVE_SNI
  1394. "-S <str> ホスト名表示を使用する\n", /* 35 */
  1395. #endif
  1396. #ifdef HAVE_MAX_FRAGMENT
  1397. "-F <num> 最大フラグメント長[1-6]を設定する\n", /* 36 */
  1398. #endif
  1399. #ifdef HAVE_TRUNCATED_HMAC
  1400. "-T Truncated HMACを使用する\n", /* 37 */
  1401. #endif
  1402. #ifdef HAVE_EXTENDED_MASTER
  1403. "-n マスターシークレット拡張を無効にする\n", /* 38 */
  1404. #endif
  1405. #ifdef HAVE_OCSP
  1406. "-o OCSPルックアップをピア証明書で実施する\n", /* 39 */
  1407. "-O <url> OCSPルックアップを、<url>を使用し"
  1408. "応答者として実施する\n", /* 40 */
  1409. #endif
  1410. #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
  1411. || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
  1412. "-W <num> OCSP Staplingを使用する"
  1413. " (1 v1, 2 v2, 3 v2 multi)\n", /* 41 */
  1414. " 'm' を最後に指定すると必ず staple を使用する\n" /* 42 */
  1415. #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TLS_OCSP_MULTI)
  1416. " -W 1 -v 4, "
  1417. "TLS13 使用時に複数(Multi)の OCSP を実施します\n" /* 43 */
  1418. #endif
  1419. #endif
  1420. #if defined(ATOMIC_USER) && !defined(WOLFSSL_AEAD_ONLY)
  1421. "-U アトミック・ユーザー記録の"
  1422. "コールバックを利用する\n", /* 44 */
  1423. #endif
  1424. #ifdef HAVE_PK_CALLBACKS
  1425. "-P 公開鍵コールバック\n", /* 45 */
  1426. #endif
  1427. #ifdef HAVE_ANON
  1428. "-a 匿名クライアント\n", /* 46 */
  1429. #endif
  1430. #ifdef HAVE_CRL
  1431. "-C CRLを無効\n", /* 47 */
  1432. #endif
  1433. #ifdef WOLFSSL_TRUST_PEER_CERT
  1434. "-E <file> 信頼出来るピアの証明書ロードの為のパス\n", /* 48 */
  1435. #endif
  1436. #ifdef HAVE_WNR
  1437. "-q <file> Whitewood コンフィグファイル, 既定値\n", /* 49 */
  1438. #endif
  1439. "-H <arg> 内部テスト"
  1440. " [defCipherList, exitWithRet, verifyFail, useSupCurve,\n"
  1441. " loadSSL, disallowETM]\n", /* 50 */
  1442. #ifdef WOLFSSL_TLS13
  1443. "-J HelloRetryRequestをKEのグループ選択に使用する\n", /* 51 */
  1444. "-K 鍵交換にPSKを使用、(EC)DHEは使用しない\n", /* 52 */
  1445. "-I データ送信前に、鍵とIVを更新する\n", /* 53 */
  1446. #ifndef NO_DH
  1447. "-y FFDHE名前付きグループとの鍵共有のみ\n", /* 54 */
  1448. #endif
  1449. #ifdef HAVE_ECC
  1450. "-Y ECC名前付きグループとの鍵共有のみ\n", /* 55 */
  1451. #endif
  1452. #endif /* WOLFSSL_TLS13 */
  1453. #ifdef HAVE_CURVE25519
  1454. "-t X25519を鍵交換に使用する\n", /* 56 */
  1455. #endif
  1456. #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
  1457. "-Q ポストハンドシェークの証明要求をサポートする\n", /* 57 */
  1458. #endif
  1459. #ifdef WOLFSSL_EARLY_DATA
  1460. "-0 Early data をサーバーへ送信する"
  1461. "(0-RTTハンドシェイク)\n", /* 58 */
  1462. #endif
  1463. #ifdef WOLFSSL_MULTICAST
  1464. "-3 <grpid> マルチキャスト, grpid < 256\n", /* 59 */
  1465. #endif
  1466. "-1 <num> 指定された言語で結果を表示します。\n"
  1467. " 0: 英語、 1: 日本語\n", /* 60 */
  1468. #if !defined(NO_DH) && !defined(HAVE_FIPS) && \
  1469. !defined(HAVE_SELFTEST) && !defined(WOLFSSL_OLD_PRIME_CHECK)
  1470. "-2 DHプライム番号チェックを無効にする\n", /* 61 */
  1471. #endif
  1472. #ifdef HAVE_SECURE_RENEGOTIATION
  1473. "-4 再交渉に再開を使用\n", /* 62 */
  1474. #endif
  1475. #ifdef HAVE_TRUSTED_CA
  1476. "-5 信頼できる認証局の鍵表示を使用する\n", /* 63 */
  1477. #endif
  1478. "-6 WANT_WRITE エラーを全てのIO 送信でシミュレートします\n", /* 64 */
  1479. #ifdef HAVE_CURVE448
  1480. "-8 鍵交換に X448 を使用する\n", /* 65 */
  1481. #endif
  1482. #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
  1483. (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
  1484. !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
  1485. "-9 証明書の読み込みに hash dir 機能を使用する\n"
  1486. " <wolfSSL home>/certs フォルダーからロードします\n"
  1487. " フォルダー中のファイルは、\"hash.N\"[N:0-9]名である必要があります\n"
  1488. " 以下の例ではca-cert.pemにシンボリックリンクを設定します\n"
  1489. " ln -s ca-cert.pem `openssl x509 -in ca-cert.pem -hash -noout`.0\n",
  1490. /* 66 */
  1491. #endif
  1492. #if defined(WOLFSSL_WOLFSENTRY_HOOKS) && !defined(NO_FILESYSTEM) && \
  1493. !defined(WOLFSENTRY_NO_JSON)
  1494. "--wolfsentry-config <file> wolfSentry コンフィグファイル\n",
  1495. /* 67 */
  1496. #endif
  1497. #ifndef WOLFSSL_TLS13
  1498. "-7 最小ダウングレード可能なプロトコルバージョンを設定します [0-3] "
  1499. " SSLv3(0) - TLS1.2(3)\n",
  1500. #else
  1501. "-7 最小ダウングレード可能なプロトコルバージョンを設定します [0-4] "
  1502. " SSLv3(0) - TLS1.3(4)\n", /* 68 */
  1503. #endif
  1504. #ifdef HAVE_PQC
  1505. "--pqc <alg> post-quantum 名前付きグループとの鍵共有のみ:\n"
  1506. #ifndef WOLFSSL_NO_ML_KEM
  1507. " ML_KEM_512, ML_KEM_768, ML_KEM_1024, P256_ML_KEM_512,"
  1508. "\n"
  1509. " P384_ML_KEM_768, P521_ML_KEM_1024\n"
  1510. #endif
  1511. #ifdef WOLFSSL_KYBER_ORIGINAL
  1512. " KYBER_LEVEL1, KYBER_LEVEL3, KYBER_LEVEL5, "
  1513. "P256_KYBER_LEVEL1,\n"
  1514. " P384_KYBER_LEVEL3, P521_KYBER_LEVEL5\n"
  1515. #endif
  1516. "",
  1517. /* 69 */
  1518. #endif
  1519. #ifdef WOLFSSL_SRTP
  1520. "--srtp <profile> (デフォルトは SRTP_AES128_CM_SHA1_80)\n", /* 70 */
  1521. #endif
  1522. #ifdef WOLFSSL_SYS_CA_CERTS
  1523. "--sys-ca-certs Load system CA certs for server cert verification\n", /* 71 */
  1524. #endif
  1525. #ifdef HAVE_SUPPORTED_CURVES
  1526. "--onlyPskDheKe Must use DHE key exchange with PSK\n", /* 72 */
  1527. #endif
  1528. #ifndef NO_PSK
  1529. "--openssl-psk Use TLS 1.3 PSK callback compatible with OpenSSL\n", /* 73 */
  1530. #endif
  1531. #ifdef HAVE_RPK
  1532. "--rpk Use RPK for the defined certificates\n", /* 74 */
  1533. #endif
  1534. "--files-are-der Specified files are in DER, not PEM format\n", /* 75 */
  1535. #ifdef WOLFSSL_SYS_CRYPTO_POLICY
  1536. "--crypto-policy <path to crypto policy file>\n", /* 76 */
  1537. #endif
  1538. "\n"
  1539. "より簡単なwolfSSL TLS クライアントの例については"
  1540. "下記にアクセスしてください\n"
  1541. "https://github.com/wolfSSL/wolfssl-examples/tree/master/tls\n", /* 77 */
  1542. NULL,
  1543. },
  1544. #endif
  1545. };
  1546. static void showPeerPEM(WOLFSSL* ssl)
  1547. {
  1548. #if defined(OPENSSL_ALL) && !defined(NO_BIO) && defined(WOLFSSL_CERT_GEN)
  1549. WOLFSSL_X509* peer = wolfSSL_get_peer_certificate(ssl);
  1550. if (peer) {
  1551. WOLFSSL_BIO* bioOut = wolfSSL_BIO_new(wolfSSL_BIO_s_file());
  1552. if (bioOut == NULL) {
  1553. LOG_ERROR("failed to get bio on stdout\n");
  1554. }
  1555. else {
  1556. if (wolfSSL_BIO_set_fp(bioOut, stdout, BIO_NOCLOSE)
  1557. != WOLFSSL_SUCCESS) {
  1558. LOG_ERROR("failed to set stdout to bio output\n");
  1559. wolfSSL_BIO_free(bioOut);
  1560. bioOut = NULL;
  1561. }
  1562. }
  1563. if (bioOut) {
  1564. wolfSSL_BIO_write(bioOut, "---\nServer certificate\n",
  1565. XSTRLEN("---\nServer certificate\n"));
  1566. wolfSSL_PEM_write_bio_X509(bioOut, peer);
  1567. }
  1568. wolfSSL_BIO_free(bioOut);
  1569. }
  1570. wolfSSL_FreeX509(peer);
  1571. #endif /* OPENSSL_ALL && WOLFSSL_CERT_GEN && !NO_BIO */
  1572. (void)ssl;
  1573. }
  1574. static void Usage(void)
  1575. {
  1576. int msgid = 0;
  1577. const char** msg = client_usage_msg[lng_index];
  1578. printf("%s%s%s", "wolfSSL client ", LIBWOLFSSL_VERSION_STRING,
  1579. msg[msgid]);
  1580. /* print out so that scripts can know what the max supported key size is */
  1581. printf("%s", msg[++msgid]);
  1582. #ifdef NO_RSA
  1583. printf("%s", msg[++msgid]);
  1584. #elif defined(WOLFSSL_SP_MATH) /* case of SP math only */
  1585. #ifndef WOLFSSL_SP_NO_3072
  1586. printf("%s", msg[++msgid]);
  1587. #elif !defined(WOLFSSL_SP_NO_2048)
  1588. printf("%s", msg[++msgid]);
  1589. #else
  1590. printf("%s", msg[++msgid]);
  1591. #endif
  1592. #elif defined(USE_FAST_MATH)
  1593. #if !defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_SP_MATH)
  1594. printf("%d\n", FP_MAX_BITS/2);
  1595. #else
  1596. printf("%d\n", SP_INT_MAX_BITS/2);
  1597. #endif
  1598. #else
  1599. /* normal math has unlimited max size */
  1600. printf("%s", msg[++msgid]);
  1601. #endif
  1602. printf("%s", msg[++msgid]); /* ? */
  1603. printf("%s %s\n", msg[++msgid], wolfSSLIP); /* -h */
  1604. printf("%s %d\n", msg[++msgid], wolfSSLPort); /* -p */
  1605. #ifndef WOLFSSL_TLS13
  1606. printf("%s %d\n", msg[++msgid], CLIENT_DEFAULT_VERSION); /* -v */
  1607. printf("%s", msg[++msgid]); /* -V */
  1608. #else
  1609. printf("%s %d\n", msg[++msgid], CLIENT_DEFAULT_VERSION); /* -v */
  1610. printf("%s", msg[++msgid]); /* -V */
  1611. #endif
  1612. printf("%s", msg[++msgid]); /* -l */
  1613. #ifndef NO_CERTS
  1614. printf("%s %s\n", msg[++msgid], cliCertFile); /* -c */
  1615. printf("%s %s\n", msg[++msgid], cliKeyFile); /* -k */
  1616. printf("%s %s\n", msg[++msgid], caCertFile); /* -A */
  1617. #endif
  1618. #ifndef NO_DH
  1619. printf("%s %d\n", msg[++msgid], DEFAULT_MIN_DHKEY_BITS);
  1620. #endif
  1621. printf("%s", msg[++msgid]); /* -b */
  1622. #ifdef HAVE_ALPN
  1623. printf("%s", msg[++msgid]); /* -L <str> */
  1624. #endif
  1625. printf("%s", msg[++msgid]); /* -B <num> */
  1626. #ifndef NO_PSK
  1627. printf("%s", msg[++msgid]); /* -s */
  1628. #endif
  1629. printf("%s", msg[++msgid]); /* -d */
  1630. printf("%s", msg[++msgid]); /* -D */
  1631. printf("%s", msg[++msgid]); /* -e */
  1632. printf("%s", msg[++msgid]); /* -g */
  1633. #ifdef WOLFSSL_DTLS
  1634. printf("%s", msg[++msgid]); /* -u */
  1635. #endif
  1636. #ifdef WOLFSSL_SCTP
  1637. printf("%s", msg[++msgid]); /* -G */
  1638. #endif
  1639. #ifndef NO_CERTS
  1640. printf("%s", msg[++msgid]); /* -m */
  1641. #endif
  1642. printf("%s", msg[++msgid]); /* -N */
  1643. #ifndef NO_SESSION_CACHE
  1644. printf("%s", msg[++msgid]); /* -r */
  1645. #endif
  1646. printf("%s", msg[++msgid]); /* -w */
  1647. printf("%s", msg[++msgid]); /* -M */
  1648. #ifdef HAVE_SECURE_RENEGOTIATION
  1649. printf("%s", msg[++msgid]); /* -R */
  1650. printf("%s", msg[++msgid]); /* -i */
  1651. #endif
  1652. printf("%s", msg[++msgid]); /* -f */
  1653. #ifndef NO_CERTS
  1654. printf("%s", msg[++msgid]); /* -x */
  1655. #endif
  1656. printf("%s", msg[++msgid]); /* -X */
  1657. printf("%s", msg[++msgid]); /* -j */
  1658. #ifdef SHOW_SIZES
  1659. printf("%s", msg[++msgid]); /* -z */
  1660. #endif
  1661. #ifdef HAVE_SNI
  1662. printf("%s", msg[++msgid]); /* -S */
  1663. #endif
  1664. #ifdef HAVE_MAX_FRAGMENT
  1665. printf("%s", msg[++msgid]); /* -F */
  1666. #endif
  1667. #ifdef HAVE_TRUNCATED_HMAC
  1668. printf("%s", msg[++msgid]); /* -T */
  1669. #endif
  1670. #ifdef HAVE_EXTENDED_MASTER
  1671. printf("%s", msg[++msgid]); /* -n */
  1672. #endif
  1673. #ifdef HAVE_OCSP
  1674. printf("%s", msg[++msgid]); /* -o */
  1675. printf("%s", msg[++msgid]); /* -O */
  1676. #endif
  1677. #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
  1678. || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
  1679. printf("%s", msg[++msgid]); /* -W */
  1680. printf("%s", msg[++msgid]); /* note for -W */
  1681. #endif
  1682. #if defined(ATOMIC_USER) && !defined(WOLFSSL_AEAD_ONLY)
  1683. printf("%s", msg[++msgid]); /* -U */
  1684. #endif
  1685. #ifdef HAVE_PK_CALLBACKS
  1686. printf("%s", msg[++msgid]); /* -P */
  1687. #endif
  1688. #ifdef HAVE_ANON
  1689. printf("%s", msg[++msgid]); /* -a */
  1690. #endif
  1691. #ifdef HAVE_CRL
  1692. printf("%s", msg[++msgid]); /* -C */
  1693. #endif
  1694. #ifdef WOLFSSL_TRUST_PEER_CERT
  1695. printf("%s", msg[++msgid]); /* -E */
  1696. #endif
  1697. #ifdef HAVE_WNR
  1698. printf("%s %s\n", msg[++msgid], wnrConfig); /* -q */
  1699. #endif
  1700. printf("%s", msg[++msgid]); /* -H */
  1701. printf("%s", msg[++msgid]); /* more -H options */
  1702. #ifdef WOLFSSL_TLS13
  1703. printf("%s", msg[++msgid]); /* -J */
  1704. printf("%s", msg[++msgid]); /* -K */
  1705. printf("%s", msg[++msgid]); /* -I */
  1706. #ifndef NO_DH
  1707. printf("%s", msg[++msgid]); /* -y */
  1708. #endif
  1709. #ifdef HAVE_ECC
  1710. printf("%s", msg[++msgid]); /* -Y */
  1711. #endif
  1712. #endif /* WOLFSSL_TLS13 */
  1713. #ifdef HAVE_CURVE25519
  1714. printf("%s", msg[++msgid]); /* -t */
  1715. #endif
  1716. #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
  1717. printf("%s", msg[++msgid]); /* -Q */
  1718. #endif
  1719. #ifdef WOLFSSL_EARLY_DATA
  1720. printf("%s", msg[++msgid]); /* -0 */
  1721. #endif
  1722. #ifdef WOLFSSL_MULTICAST
  1723. printf("%s", msg[++msgid]); /* -3 */
  1724. #endif
  1725. printf("%s", msg[++msgid]); /* -1 */
  1726. #if !defined(NO_DH) && !defined(HAVE_FIPS) && \
  1727. !defined(HAVE_SELFTEST) && !defined(WOLFSSL_OLD_PRIME_CHECK)
  1728. printf("%s", msg[++msgid]); /* -2 */
  1729. #endif
  1730. #ifdef HAVE_SECURE_RENEGOTIATION
  1731. printf("%s", msg[++msgid]); /* -4 */
  1732. #endif
  1733. #ifdef HAVE_TRUSTED_CA
  1734. printf("%s", msg[++msgid]); /* -5 */
  1735. #endif
  1736. printf("%s", msg[++msgid]); /* -6 */
  1737. #ifdef HAVE_CURVE448
  1738. printf("%s", msg[++msgid]); /* -8 */
  1739. #endif
  1740. #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
  1741. (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
  1742. !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
  1743. printf("%s", msg[++msgid]); /* -9 */
  1744. #endif
  1745. #if defined(WOLFSSL_WOLFSENTRY_HOOKS) && !defined(NO_FILESYSTEM) && \
  1746. !defined(WOLFSENTRY_NO_JSON)
  1747. printf("%s", msg[++msgid]); /* --wolfsentry-config */
  1748. #endif
  1749. printf("%s", msg[++msgid]); /* -7 */
  1750. #ifdef HAVE_PQC
  1751. printf("%s", msg[++msgid]); /* --pqc */
  1752. #endif
  1753. #ifdef WOLFSSL_SRTP
  1754. printf("%s", msg[++msgid]); /* dtls-srtp */
  1755. #endif
  1756. #ifdef WOLFSSL_SYS_CA_CERTS
  1757. printf("%s", msg[++msgid]); /* --sys-ca-certs */
  1758. #endif
  1759. #ifdef HAVE_SUPPORTED_CURVES
  1760. printf("%s", msg[++msgid]); /* --onlyPskDheKe */
  1761. #endif
  1762. #ifndef NO_PSK
  1763. printf("%s", msg[++msgid]); /* --openssl-psk */
  1764. #endif
  1765. #ifdef HAVE_RPK
  1766. printf("%s", msg[++msgid]); /* --rpk */
  1767. #endif
  1768. printf("%s", msg[++msgid]); /* --files-are-der */
  1769. printf("%s", msg[++msgid]); /* Documentation Hint */
  1770. }
  1771. #ifdef WOLFSSL_SRTP
  1772. /**
  1773. * client_srtp_test() - test that the computed ekm matches with the server one
  1774. * @ssl: ssl context
  1775. * @srtp_helper: srtp_test_helper struct shared with the server
  1776. *
  1777. * if @srtp_helper is NULL no check is made, but the ekm is printed.
  1778. *
  1779. * calls srtp_helper_get_ekm() to wait and then get the ekm computed by the
  1780. * server, then check if it matches the one computed by itself.
  1781. */
  1782. static int client_srtp_test(WOLFSSL *ssl, func_args *args)
  1783. {
  1784. size_t srtp_secret_length;
  1785. byte *srtp_secret, *p;
  1786. int ret;
  1787. #ifdef WOLFSSL_COND
  1788. srtp_test_helper *srtp_helper = args->srtp_helper;
  1789. byte *other_secret = NULL;
  1790. size_t other_size = 0;
  1791. #else
  1792. (void)args;
  1793. #endif
  1794. ret = wolfSSL_export_dtls_srtp_keying_material(ssl, NULL,
  1795. &srtp_secret_length);
  1796. if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) {
  1797. LOG_ERROR("DTLS SRTP: Error getting keying material length\n");
  1798. return ret;
  1799. }
  1800. srtp_secret = (byte*)XMALLOC(srtp_secret_length,
  1801. NULL, DYNAMIC_TYPE_TMP_BUFFER);
  1802. if (srtp_secret == NULL) {
  1803. err_sys("DTLS SRTP: Low memory");
  1804. }
  1805. ret = wolfSSL_export_dtls_srtp_keying_material(ssl, srtp_secret,
  1806. &srtp_secret_length);
  1807. if (ret != WOLFSSL_SUCCESS) {
  1808. XFREE(srtp_secret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  1809. LOG_ERROR("DTLS SRTP: Error getting keying material\n");
  1810. return ret;
  1811. }
  1812. printf("DTLS SRTP: Exported key material: ");
  1813. for (p = srtp_secret; p < srtp_secret + srtp_secret_length; p++)
  1814. printf("%02X", *p);
  1815. printf("\n");
  1816. #ifdef WOLFSSL_COND
  1817. if (srtp_helper != NULL) {
  1818. srtp_helper_get_ekm(srtp_helper, &other_secret, &other_size);
  1819. if (other_size != srtp_secret_length ||
  1820. (XMEMCMP(other_secret, srtp_secret, srtp_secret_length) != 0)) {
  1821. /* we are delegated from server to free this buffer */
  1822. XFREE(other_secret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  1823. printf("DTLS SRTP: Exported Keying Material mismatch\n");
  1824. return WOLFSSL_UNKNOWN;
  1825. }
  1826. /* we are delegated from server to free this buffer */
  1827. XFREE(other_secret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  1828. }
  1829. #endif /* WOLFSSL_COND */
  1830. XFREE(srtp_secret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  1831. return 0;
  1832. }
  1833. #endif /* WOLFSSL_SRTP */
  1834. #if defined(WOLFSSL_STATIC_MEMORY) && \
  1835. defined(WOLFSSL_STATIC_MEMORY_DEBUG_CALLBACK)
  1836. static void ExampleDebugMemoryCb(size_t sz, int bucketSz, byte st, int type) {
  1837. switch (st) {
  1838. case WOLFSSL_DEBUG_MEMORY_ALLOC:
  1839. if (type == DYNAMIC_TYPE_IN_BUFFER) {
  1840. printf("IN BUFFER: ");
  1841. }
  1842. if (type == DYNAMIC_TYPE_OUT_BUFFER) {
  1843. printf("OUT BUFFER: ");
  1844. }
  1845. printf("Alloc'd %d bytes using bucket size %d\n", (int)sz,
  1846. bucketSz);
  1847. break;
  1848. case WOLFSSL_DEBUG_MEMORY_FAIL:
  1849. printf("Failed when trying to allocate %d bytes\n", (int)sz);
  1850. break;
  1851. case WOLFSSL_DEBUG_MEMORY_FREE:
  1852. printf("Free'ing : %d\n", (int)sz);
  1853. break;
  1854. case WOLFSSL_DEBUG_MEMORY_INIT:
  1855. printf("Creating memory bucket of size : %d\n", bucketSz);
  1856. break;
  1857. }
  1858. }
  1859. #endif
  1860. THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
  1861. {
  1862. SOCKET_T sockfd = WOLFSSL_SOCKET_INVALID;
  1863. wolfSSL_method_func method = NULL;
  1864. WOLFSSL_CTX* ctx = NULL;
  1865. WOLFSSL* ssl = NULL;
  1866. #ifdef WOLFSSL_WOLFSENTRY_HOOKS
  1867. wolfsentry_errcode_t wolfsentry_ret;
  1868. #endif
  1869. WOLFSSL* sslResume = NULL;
  1870. WOLFSSL_SESSION* session = NULL;
  1871. #if !defined(NO_SESSION_CACHE) && (defined(OPENSSL_EXTRA) || \
  1872. defined(HAVE_EXT_CACHE))
  1873. byte* flatSession = NULL;
  1874. int flatSessionSz = 0;
  1875. #endif
  1876. char msg[CLI_MSG_SZ];
  1877. int msgSz = 0;
  1878. char reply[CLI_REPLY_SZ];
  1879. word16 port = wolfSSLPort;
  1880. char* host = (char*)wolfSSLIP;
  1881. const char* domain = "localhost"; /* can't default to www.wolfssl.com
  1882. because can't tell if we're really
  1883. going there to detect old chacha-poly
  1884. */
  1885. #ifndef WOLFSSL_VXWORKS
  1886. int ch;
  1887. static const struct mygetopt_long_config long_options[] = {
  1888. #if defined(WOLFSSL_WOLFSENTRY_HOOKS) && !defined(NO_FILESYSTEM) && \
  1889. !defined(WOLFSENTRY_NO_JSON)
  1890. { "wolfsentry-config", 1, 256 },
  1891. #endif
  1892. { "help", 0, 257 },
  1893. #ifndef NO_MULTIBYTE_PRINT
  1894. { "ヘルプ", 0, 258 },
  1895. #endif
  1896. #if defined(HAVE_PQC)
  1897. { "pqc", 1, 259 },
  1898. #endif
  1899. #ifdef WOLFSSL_SRTP
  1900. { "srtp", 2, 260 }, /* optional argument */
  1901. #endif
  1902. #ifdef WOLFSSL_DTLS13
  1903. /* allow waitTicket option even when HAVE_SESSION_TICKET is 0. Otherwise
  1904. * tests that use this option will ignore the options following
  1905. * --waitTicket in the command line and fail */
  1906. {"waitTicket", 0, 261},
  1907. #endif /* WOLFSSL_DTLS13 */
  1908. #ifdef WOLFSSL_DTLS_CID
  1909. {"cid", 2, 262},
  1910. #endif /* WOLFSSL_DTLS_CID */
  1911. #ifdef WOLFSSL_SYS_CA_CERTS
  1912. { "sys-ca-certs", 0, 263 },
  1913. #endif
  1914. #ifdef HAVE_SUPPORTED_CURVES
  1915. { "onlyPskDheKe", 0, 264 },
  1916. #endif
  1917. #ifndef NO_PSK
  1918. { "openssl-psk", 0, 265 },
  1919. #endif
  1920. { "quieter", 0, 266 },
  1921. #ifdef HAVE_RPK
  1922. { "rpk", 0, 267 },
  1923. #endif /* HAVE_RPK */
  1924. { "files-are-der", 0, 268 },
  1925. #if defined(WOLFSSL_SYS_CRYPTO_POLICY)
  1926. { "crypto-policy", 1, 269 },
  1927. #endif /* WOLFSSL_SYS_CRYPTO_POLICY */
  1928. { 0, 0, 0 }
  1929. };
  1930. #endif
  1931. int version = CLIENT_INVALID_VERSION;
  1932. int minVersion = CLIENT_INVALID_VERSION;
  1933. int usePsk = 0;
  1934. int opensslPsk = 0;
  1935. int useAnon = 0;
  1936. int sendGET = 0;
  1937. int benchmark = 0;
  1938. int block = TEST_BUFFER_SIZE;
  1939. size_t throughput = 0;
  1940. int doDTLS = 0;
  1941. int dtlsUDP = 0;
  1942. #if (defined(WOLFSSL_SCTP) || defined(WOLFSSL_DTLS_MTU)) && \
  1943. defined(WOLFSSL_DTLS)
  1944. int dtlsMTU = 0;
  1945. #endif
  1946. int dtlsSCTP = 0;
  1947. int doMcast = 0;
  1948. int matchName = 0;
  1949. int doPeerCheck = 1;
  1950. int nonBlocking = 0;
  1951. int simulateWantWrite = 0;
  1952. int resumeSession = 0;
  1953. int wc_shutdown = 0;
  1954. int disableCRL = 0;
  1955. int externalTest = 0;
  1956. int ret;
  1957. int err = 0;
  1958. int scr = 0; /* allow secure renegotiation */
  1959. int forceScr = 0; /* force client initiated scr */
  1960. int scrAppData = 0;
  1961. int resumeScr = 0; /* use resumption for renegotiation */
  1962. #ifndef WOLFSSL_NO_CLIENT_AUTH
  1963. int useClientCert = 1;
  1964. #else
  1965. int useClientCert = 0;
  1966. #endif
  1967. int fewerPackets = 0;
  1968. int atomicUser = 0;
  1969. #ifdef HAVE_PK_CALLBACKS
  1970. int pkCallbacks = 0;
  1971. PkCbInfo pkCbInfo;
  1972. #endif
  1973. int minDhKeyBits = DEFAULT_MIN_DHKEY_BITS;
  1974. char* alpnList = NULL;
  1975. unsigned char alpn_opt = 0;
  1976. char* cipherList = NULL;
  1977. int useDefCipherList = 0;
  1978. int customVerifyCert = 0;
  1979. const char* verifyCert;
  1980. const char* ourCert;
  1981. const char* ourKey;
  1982. int doSTARTTLS = 0;
  1983. char* starttlsProt = NULL;
  1984. int useVerifyCb = 0;
  1985. int useSupCurve = 0;
  1986. #ifdef WOLFSSL_TRUST_PEER_CERT
  1987. const char* trustCert = NULL;
  1988. #endif
  1989. #ifdef HAVE_SNI
  1990. char* sniHostName = NULL;
  1991. #endif
  1992. #ifdef HAVE_TRUSTED_CA
  1993. int trustedCaKeyId = 0;
  1994. #endif
  1995. #ifdef HAVE_MAX_FRAGMENT
  1996. byte maxFragment = 0;
  1997. #endif
  1998. #ifdef HAVE_TRUNCATED_HMAC
  1999. byte truncatedHMAC = 0;
  2000. #endif
  2001. #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
  2002. || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
  2003. byte statusRequest = 0;
  2004. byte mustStaple = 0;
  2005. #endif
  2006. #ifdef HAVE_EXTENDED_MASTER
  2007. byte disableExtMasterSecret = 0;
  2008. #endif
  2009. int helloRetry = 0;
  2010. int onlyKeyShare = 0;
  2011. #ifdef WOLFSSL_TLS13
  2012. int noPskDheKe = 0;
  2013. #ifdef HAVE_SUPPORTED_CURVES
  2014. int onlyPskDheKe = 0;
  2015. #endif
  2016. int postHandAuth = 0;
  2017. #endif
  2018. int updateKeysIVs = 0;
  2019. int earlyData = 0;
  2020. #ifdef WOLFSSL_MULTICAST
  2021. byte mcastID = 0;
  2022. #endif
  2023. #if !defined(NO_DH) && !defined(HAVE_FIPS) && \
  2024. !defined(HAVE_SELFTEST) && !defined(WOLFSSL_OLD_PRIME_CHECK)
  2025. int doDhKeyCheck = 1;
  2026. #endif
  2027. #ifdef HAVE_OCSP
  2028. int useOcsp = 0;
  2029. char* ocspUrl = NULL;
  2030. #endif
  2031. int useX25519 = 0;
  2032. int useX448 = 0;
  2033. int usePqc = 0;
  2034. char* pqcAlg = NULL;
  2035. int exitWithRet = 0;
  2036. int loadCertKeyIntoSSLObj = 0;
  2037. #ifdef WOLFSSL_SYS_CA_CERTS
  2038. byte loadSysCaCerts = 0;
  2039. #endif
  2040. #ifdef HAVE_ENCRYPT_THEN_MAC
  2041. int disallowETM = 0;
  2042. #endif
  2043. #ifdef HAVE_WNR
  2044. const char* wnrConfigFile = wnrConfig;
  2045. #endif
  2046. #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
  2047. (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
  2048. !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
  2049. int useCertFolder = 0;
  2050. #endif
  2051. #ifdef WOLFSSL_SRTP
  2052. const char* dtlsSrtpProfiles = NULL;
  2053. #endif
  2054. #ifdef HAVE_SESSION_TICKET
  2055. int waitTicket = 0;
  2056. #endif /* HAVE_SESSION_TICKET */
  2057. #ifdef WOLFSSL_DTLS_CID
  2058. int useDtlsCID = 0;
  2059. char dtlsCID[DTLS_CID_BUFFER_SIZE] = { 0 };
  2060. #endif /* WOLFSSL_DTLS_CID */
  2061. #ifdef HAVE_RPK
  2062. int useRPK = 0;
  2063. #endif /* HAVE_RPK */
  2064. int fileFormat = WOLFSSL_FILETYPE_PEM;
  2065. #if defined(WOLFSSL_SYS_CRYPTO_POLICY)
  2066. const char * policy = NULL;
  2067. #endif /* WOLFSSL_SYS_CRYPTO_POLICY */
  2068. char buffer[WOLFSSL_MAX_ERROR_SZ];
  2069. int argc = ((func_args*)args)->argc;
  2070. char** argv = ((func_args*)args)->argv;
  2071. #ifdef WOLFSSL_STATIC_MEMORY
  2072. #if (defined(HAVE_ECC) && !defined(ALT_ECC_SIZE)) \
  2073. || defined(SESSION_CERTS)
  2074. /* big enough to handle most cases including session certs */
  2075. byte memory[320000];
  2076. #else
  2077. byte memory[80000];
  2078. #endif
  2079. byte memoryIO[34500]; /* max for IO buffer (TLS packet can be 16k) */
  2080. #if !defined(WOLFSSL_STATIC_MEMORY_LEAN)
  2081. WOLFSSL_MEM_CONN_STATS ssl_stats;
  2082. #if defined(DEBUG_WOLFSSL)
  2083. WOLFSSL_MEM_STATS mem_stats;
  2084. #endif
  2085. #endif
  2086. WOLFSSL_HEAP_HINT *heap = NULL;
  2087. #endif
  2088. #ifdef WOLFSSL_DUAL_ALG_CERTS
  2089. /* Set our preference for verification to be for both the native and
  2090. * alternative chains. Ultimately, its the server's choice. This will be
  2091. * used in the call to wolfSSL_UseCKS(). */
  2092. byte cks_order[3] = {
  2093. WOLFSSL_CKS_SIGSPEC_BOTH,
  2094. WOLFSSL_CKS_SIGSPEC_ALTERNATIVE,
  2095. WOLFSSL_CKS_SIGSPEC_NATIVE,
  2096. };
  2097. #endif /* WOLFSSL_DUAL_ALG_CERTS */
  2098. ((func_args*)args)->return_code = -1; /* error state */
  2099. #ifndef NO_RSA
  2100. verifyCert = caCertFile;
  2101. ourCert = cliCertFile;
  2102. ourKey = cliKeyFile;
  2103. #else
  2104. #ifdef HAVE_ECC
  2105. verifyCert = caEccCertFile;
  2106. ourCert = cliEccCertFile;
  2107. ourKey = cliEccKeyFile;
  2108. #elif defined(HAVE_ED25519)
  2109. verifyCert = caEdCertFile;
  2110. ourCert = cliEdCertFile;
  2111. ourKey = cliEdKeyFile;
  2112. #elif defined(HAVE_ED448)
  2113. verifyCert = caEd448CertFile;
  2114. ourCert = cliEd448CertFile;
  2115. ourKey = cliEd448KeyFile;
  2116. #else
  2117. verifyCert = NULL;
  2118. ourCert = NULL;
  2119. ourKey = NULL;
  2120. #endif
  2121. #endif
  2122. (void)session;
  2123. (void)sslResume;
  2124. (void)atomicUser;
  2125. (void)scr;
  2126. (void)forceScr;
  2127. (void)scrAppData;
  2128. (void)resumeScr;
  2129. (void)ourKey;
  2130. (void)ourCert;
  2131. (void)verifyCert;
  2132. (void)useClientCert;
  2133. (void)disableCRL;
  2134. (void)minDhKeyBits;
  2135. (void)alpnList;
  2136. (void)alpn_opt;
  2137. (void)updateKeysIVs;
  2138. (void)earlyData;
  2139. (void)useX25519;
  2140. (void)useX448;
  2141. (void)helloRetry;
  2142. (void)onlyKeyShare;
  2143. (void)useSupCurve;
  2144. (void)loadCertKeyIntoSSLObj;
  2145. (void)usePqc;
  2146. (void)pqcAlg;
  2147. (void)opensslPsk;
  2148. (void)fileFormat;
  2149. StackTrap();
  2150. /* Reinitialize the global myVerifyAction. */
  2151. myVerifyAction = VERIFY_OVERRIDE_ERROR;
  2152. #ifndef WOLFSSL_VXWORKS
  2153. /* Not used: All used */
  2154. while ((ch = mygetopt_long(argc, argv, "?:"
  2155. "ab:c:defgh:i;jk:l:mnop:q:rstu;v:wxyz"
  2156. "A:B:CDE:F:GH:IJKL:M:NO:PQRS:TUVW:XYZ:"
  2157. "01:23:4567:89"
  2158. "@#", long_options, 0)) != -1) {
  2159. switch (ch) {
  2160. case '?' :
  2161. if(myoptarg!=NULL) {
  2162. lng_index = atoi(myoptarg);
  2163. if(lng_index<0||lng_index>1){
  2164. lng_index = 0;
  2165. }
  2166. }
  2167. Usage();
  2168. XEXIT_T(EXIT_SUCCESS);
  2169. case 257 :
  2170. lng_index = 0;
  2171. Usage();
  2172. XEXIT_T(EXIT_SUCCESS);
  2173. case 258 :
  2174. lng_index = 1;
  2175. Usage();
  2176. XEXIT_T(EXIT_SUCCESS);
  2177. case 'g' :
  2178. sendGET = 1;
  2179. break;
  2180. case 'd' :
  2181. doPeerCheck = 0;
  2182. break;
  2183. case 'e' :
  2184. ShowCiphers();
  2185. XEXIT_T(EXIT_SUCCESS);
  2186. case 'D' :
  2187. myVerifyAction = VERIFY_OVERRIDE_DATE_ERR;
  2188. break;
  2189. case 'C' :
  2190. #ifdef HAVE_CRL
  2191. disableCRL = 1;
  2192. #endif
  2193. break;
  2194. case 'u' :
  2195. doDTLS = 1;
  2196. dtlsUDP = 1;
  2197. #if (defined(WOLFSSL_SCTP) || defined(WOLFSSL_DTLS_MTU)) && \
  2198. defined(WOLFSSL_DTLS)
  2199. dtlsMTU = atoi(myoptarg);
  2200. #endif
  2201. break;
  2202. #ifdef WOLFSSL_SRTP
  2203. case 260:
  2204. doDTLS = 1;
  2205. dtlsUDP = 1;
  2206. dtlsSrtpProfiles = myoptarg != NULL ? myoptarg :
  2207. "SRTP_AES128_CM_SHA1_80";
  2208. printf("Using SRTP Profile(s): %s\n", dtlsSrtpProfiles);
  2209. break;
  2210. #endif
  2211. #ifdef WOLFSSL_DTLS13
  2212. case 261:
  2213. #ifdef HAVE_SESSION_TICKET
  2214. waitTicket = 1;
  2215. #endif /* HAVE_SESSION_TICKET */
  2216. break;
  2217. #endif /* WOLFSSL_DTLS13 */
  2218. #ifdef WOLFSSL_DTLS_CID
  2219. case 262:
  2220. useDtlsCID = 1;
  2221. if (myoptarg != NULL) {
  2222. if (XSTRLEN(myoptarg) >= DTLS_CID_BUFFER_SIZE) {
  2223. err_sys("provided connection ID is too big");
  2224. }
  2225. else {
  2226. strcpy(dtlsCID, myoptarg);
  2227. }
  2228. }
  2229. break;
  2230. #endif /* WOLFSSL_CID */
  2231. case 'G' :
  2232. #ifdef WOLFSSL_SCTP
  2233. doDTLS = 1;
  2234. dtlsUDP = 1;
  2235. dtlsSCTP = 1;
  2236. #endif
  2237. break;
  2238. case 's' :
  2239. usePsk = 1;
  2240. break;
  2241. #ifdef WOLFSSL_TRUST_PEER_CERT
  2242. case 'E' :
  2243. trustCert = myoptarg;
  2244. break;
  2245. #endif
  2246. case 'm' :
  2247. matchName = 1;
  2248. break;
  2249. case 'x' :
  2250. useClientCert = 0;
  2251. break;
  2252. case 'X' :
  2253. externalTest = 1;
  2254. break;
  2255. case 'f' :
  2256. fewerPackets = 1;
  2257. break;
  2258. case 'U' :
  2259. #if defined(ATOMIC_USER) && !defined(WOLFSSL_AEAD_ONLY)
  2260. atomicUser = 1;
  2261. #endif
  2262. break;
  2263. case 'P' :
  2264. #ifdef HAVE_PK_CALLBACKS
  2265. pkCallbacks = 1;
  2266. #endif
  2267. break;
  2268. case 'h' :
  2269. host = myoptarg;
  2270. domain = myoptarg;
  2271. break;
  2272. case 'p' :
  2273. port = (word16)atoi(myoptarg);
  2274. #if !defined(NO_MAIN_DRIVER) || defined(USE_WINDOWS_API)
  2275. if (port == 0)
  2276. err_sys("port number cannot be 0");
  2277. #endif
  2278. break;
  2279. case 'v' :
  2280. if (myoptarg[0] == 'd') {
  2281. version = CLIENT_DOWNGRADE_VERSION;
  2282. break;
  2283. }
  2284. #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
  2285. else if (myoptarg[0] == 'e') {
  2286. version = EITHER_DOWNGRADE_VERSION;
  2287. #ifndef NO_CERTS
  2288. loadCertKeyIntoSSLObj = 1;
  2289. #endif
  2290. break;
  2291. }
  2292. #endif
  2293. version = atoi(myoptarg);
  2294. if (version < 0 || version > 4) {
  2295. Usage();
  2296. XEXIT_T(MY_EX_USAGE);
  2297. }
  2298. break;
  2299. case 'V' :
  2300. ShowVersions();
  2301. XEXIT_T(EXIT_SUCCESS);
  2302. case 'l' :
  2303. cipherList = myoptarg;
  2304. break;
  2305. case 'H' :
  2306. if (XSTRCMP(myoptarg, "defCipherList") == 0) {
  2307. printf("Using default cipher list for testing\n");
  2308. useDefCipherList = 1;
  2309. }
  2310. else if (XSTRCMP(myoptarg, "exitWithRet") == 0) {
  2311. printf("Skip exit() for testing\n");
  2312. exitWithRet = 1;
  2313. }
  2314. else if (XSTRCMP(myoptarg, "verifyFail") == 0) {
  2315. printf("Verify should fail\n");
  2316. myVerifyAction = VERIFY_FORCE_FAIL;
  2317. }
  2318. else if (XSTRCMP(myoptarg, "verifyInfo") == 0) {
  2319. printf("Verify should not override error\n");
  2320. myVerifyAction = VERIFY_USE_PREVERIFY;
  2321. }
  2322. else if (XSTRCMP(myoptarg, "useSupCurve") == 0) {
  2323. printf("Attempting to test use supported curve\n");
  2324. #if defined(HAVE_ECC) && defined(HAVE_SUPPORTED_CURVES)
  2325. useSupCurve = 1;
  2326. #else
  2327. printf("Supported curves not compiled in!\n");
  2328. #endif
  2329. }
  2330. else if (XSTRCMP(myoptarg, "loadSSL") == 0) {
  2331. printf("Load cert/key into wolfSSL object\n");
  2332. #ifndef NO_CERTS
  2333. loadCertKeyIntoSSLObj = 1;
  2334. #else
  2335. printf("Certs turned off with NO_CERTS!\n");
  2336. #endif
  2337. }
  2338. else if (XSTRCMP(myoptarg, "disallowETM") == 0) {
  2339. printf("Disallow Encrypt-Then-MAC\n");
  2340. #ifdef HAVE_ENCRYPT_THEN_MAC
  2341. disallowETM = 1;
  2342. #endif
  2343. }
  2344. else {
  2345. Usage();
  2346. XEXIT_T(MY_EX_USAGE);
  2347. }
  2348. break;
  2349. case 'A' :
  2350. customVerifyCert = 1;
  2351. verifyCert = myoptarg;
  2352. break;
  2353. case 'c' :
  2354. ourCert = myoptarg;
  2355. break;
  2356. case 'k' :
  2357. ourKey = myoptarg;
  2358. break;
  2359. case 'Z' :
  2360. #ifndef NO_DH
  2361. minDhKeyBits = atoi(myoptarg);
  2362. if (minDhKeyBits <= 0 || minDhKeyBits > 16000) {
  2363. Usage();
  2364. XEXIT_T(MY_EX_USAGE);
  2365. }
  2366. #endif
  2367. break;
  2368. case 'b' :
  2369. benchmark = atoi(myoptarg);
  2370. if (benchmark < 0 || benchmark > 1000000) {
  2371. Usage();
  2372. XEXIT_T(MY_EX_USAGE);
  2373. }
  2374. break;
  2375. case 'B' :
  2376. throughput = (size_t)atol(myoptarg);
  2377. for (; *myoptarg != '\0'; myoptarg++) {
  2378. if (*myoptarg == ',') {
  2379. block = atoi(myoptarg + 1);
  2380. break;
  2381. }
  2382. }
  2383. if (throughput == 0 || block <= 0) {
  2384. Usage();
  2385. XEXIT_T(MY_EX_USAGE);
  2386. }
  2387. break;
  2388. case 'N' :
  2389. nonBlocking = 1;
  2390. break;
  2391. case 'r' :
  2392. resumeSession = 1;
  2393. break;
  2394. case 'w' :
  2395. wc_shutdown = 1;
  2396. break;
  2397. case 'R' :
  2398. #ifdef HAVE_SECURE_RENEGOTIATION
  2399. scr = 1;
  2400. #endif
  2401. break;
  2402. case 'i' :
  2403. #ifdef HAVE_SECURE_RENEGOTIATION
  2404. scr = 1;
  2405. forceScr = 1;
  2406. if (XSTRCMP(myoptarg, "scr-app-data") == 0) {
  2407. scrAppData = 1;
  2408. }
  2409. #endif
  2410. break;
  2411. case 'z' :
  2412. #ifndef WOLFSSL_LEANPSK
  2413. wolfSSL_GetObjectSize();
  2414. #endif
  2415. break;
  2416. case 'S' :
  2417. if (XSTRCMP(myoptarg, "check") == 0) {
  2418. #ifdef HAVE_SNI
  2419. printf("SNI is: ON\n");
  2420. #else
  2421. printf("SNI is: OFF\n");
  2422. #endif
  2423. XEXIT_T(EXIT_SUCCESS);
  2424. }
  2425. #ifdef HAVE_SNI
  2426. sniHostName = myoptarg;
  2427. #endif
  2428. break;
  2429. case 'F' :
  2430. #ifdef HAVE_MAX_FRAGMENT
  2431. maxFragment = (byte)atoi(myoptarg);
  2432. if (maxFragment < WOLFSSL_MFL_MIN ||
  2433. maxFragment > WOLFSSL_MFL_MAX) {
  2434. Usage();
  2435. XEXIT_T(MY_EX_USAGE);
  2436. }
  2437. #endif
  2438. break;
  2439. case 'T' :
  2440. #ifdef HAVE_TRUNCATED_HMAC
  2441. truncatedHMAC = 1;
  2442. #endif
  2443. break;
  2444. case 'n' :
  2445. #ifdef HAVE_EXTENDED_MASTER
  2446. disableExtMasterSecret = 1;
  2447. #endif
  2448. break;
  2449. case 'W' :
  2450. #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
  2451. || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
  2452. {
  2453. word32 myoptargSz;
  2454. statusRequest = (byte)atoi(myoptarg);
  2455. if (statusRequest > OCSP_STAPLING_OPT_MAX) {
  2456. Usage();
  2457. XEXIT_T(MY_EX_USAGE);
  2458. }
  2459. myoptargSz = (word32)XSTRLEN(myoptarg);
  2460. if (myoptargSz > 0 &&
  2461. XTOUPPER((unsigned char)myoptarg[myoptargSz-1]) == 'M') {
  2462. mustStaple = 1;
  2463. }
  2464. }
  2465. #endif
  2466. break;
  2467. case 'o' :
  2468. #ifdef HAVE_OCSP
  2469. useOcsp = 1;
  2470. #endif
  2471. break;
  2472. case 'O' :
  2473. #ifdef HAVE_OCSP
  2474. useOcsp = 1;
  2475. ocspUrl = myoptarg;
  2476. #endif
  2477. break;
  2478. case 'a' :
  2479. #ifdef HAVE_ANON
  2480. useAnon = 1;
  2481. #endif
  2482. break;
  2483. case 'L' :
  2484. #ifdef HAVE_ALPN
  2485. alpnList = myoptarg;
  2486. if (alpnList[0] == 'C' && alpnList[1] == ':')
  2487. alpn_opt = WOLFSSL_ALPN_CONTINUE_ON_MISMATCH;
  2488. else if (alpnList[0] == 'F' && alpnList[1] == ':')
  2489. alpn_opt = WOLFSSL_ALPN_FAILED_ON_MISMATCH;
  2490. else {
  2491. Usage();
  2492. XEXIT_T(MY_EX_USAGE);
  2493. }
  2494. alpnList += 2;
  2495. #endif
  2496. break;
  2497. case 'M' :
  2498. doSTARTTLS = 1;
  2499. starttlsProt = myoptarg;
  2500. if (XSTRCMP(starttlsProt, "smtp") != 0) {
  2501. Usage();
  2502. XEXIT_T(MY_EX_USAGE);
  2503. }
  2504. break;
  2505. case 'q' :
  2506. #ifdef HAVE_WNR
  2507. wnrConfigFile = myoptarg;
  2508. #endif
  2509. break;
  2510. case 'J' :
  2511. #ifdef WOLFSSL_TLS13
  2512. helloRetry = 1;
  2513. #endif
  2514. break;
  2515. case 'K' :
  2516. #ifdef WOLFSSL_TLS13
  2517. noPskDheKe = 1;
  2518. #endif
  2519. break;
  2520. case 'I' :
  2521. #ifdef WOLFSSL_TLS13
  2522. updateKeysIVs = 1;
  2523. #endif
  2524. break;
  2525. case 'y' :
  2526. #if defined(WOLFSSL_TLS13) && \
  2527. defined(HAVE_SUPPORTED_CURVES) && !defined(NO_DH)
  2528. onlyKeyShare = 1;
  2529. #endif
  2530. break;
  2531. case 'Y' :
  2532. #if defined(WOLFSSL_TLS13) && \
  2533. defined(HAVE_SUPPORTED_CURVES) && defined(HAVE_ECC)
  2534. onlyKeyShare = 2;
  2535. #endif
  2536. break;
  2537. case 'j' :
  2538. useVerifyCb = 1;
  2539. break;
  2540. case 't' :
  2541. #ifdef HAVE_CURVE25519
  2542. useX25519 = 1;
  2543. #ifdef HAVE_ECC
  2544. useSupCurve = 1;
  2545. #if defined(WOLFSSL_TLS13) && \
  2546. defined(HAVE_SUPPORTED_CURVES)
  2547. onlyKeyShare = 2;
  2548. #endif
  2549. #endif
  2550. #endif
  2551. break;
  2552. case 'Q' :
  2553. #if defined(WOLFSSL_TLS13) && \
  2554. defined(WOLFSSL_POST_HANDSHAKE_AUTH)
  2555. postHandAuth = 1;
  2556. #endif
  2557. break;
  2558. case '0' :
  2559. #ifdef WOLFSSL_EARLY_DATA
  2560. earlyData = 1;
  2561. #endif
  2562. break;
  2563. case '1' :
  2564. lng_index = atoi(myoptarg);
  2565. if(lng_index<0||lng_index>1){
  2566. lng_index = 0;
  2567. }
  2568. break;
  2569. case '2' :
  2570. #if !defined(NO_DH) && !defined(HAVE_FIPS) && \
  2571. !defined(HAVE_SELFTEST) && !defined(WOLFSSL_OLD_PRIME_CHECK)
  2572. doDhKeyCheck = 0;
  2573. #endif
  2574. break;
  2575. case '3' :
  2576. #ifdef WOLFSSL_MULTICAST
  2577. doMcast = 1;
  2578. mcastID = (byte)(atoi(myoptarg) & 0xFF);
  2579. #endif
  2580. break;
  2581. case '4' :
  2582. #ifdef HAVE_SECURE_RENEGOTIATION
  2583. scr = 1;
  2584. forceScr = 1;
  2585. resumeScr = 1;
  2586. #endif
  2587. break;
  2588. case '5' :
  2589. #ifdef HAVE_TRUSTED_CA
  2590. trustedCaKeyId = 1;
  2591. #endif /* HAVE_TRUSTED_CA */
  2592. break;
  2593. case '6' :
  2594. #ifdef WOLFSSL_ASYNC_IO
  2595. nonBlocking = 1;
  2596. simulateWantWrite = 1;
  2597. #else
  2598. LOG_ERROR("Ignoring -6 since async I/O support not "
  2599. "compiled in.\n");
  2600. #endif
  2601. break;
  2602. case '7' :
  2603. minVersion = atoi(myoptarg);
  2604. if (minVersion < 0 || minVersion > 4) {
  2605. Usage();
  2606. XEXIT_T(MY_EX_USAGE);
  2607. }
  2608. break;
  2609. case '8' :
  2610. #ifdef HAVE_CURVE448
  2611. useX448 = 1;
  2612. #ifdef HAVE_ECC
  2613. useSupCurve = 1;
  2614. #if defined(WOLFSSL_TLS13) && \
  2615. defined(HAVE_SUPPORTED_CURVES)
  2616. onlyKeyShare = 2;
  2617. #endif
  2618. #endif
  2619. #endif
  2620. break;
  2621. case '9' :
  2622. #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
  2623. (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
  2624. !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
  2625. useCertFolder = 1;
  2626. #endif
  2627. break;
  2628. case '@' :
  2629. {
  2630. #ifdef HAVE_WC_INTROSPECTION
  2631. const char *conf_args = wolfSSL_configure_args();
  2632. if (conf_args) {
  2633. puts(conf_args);
  2634. XEXIT_T(EXIT_SUCCESS);
  2635. } else {
  2636. fputs("configure args not compiled in.\n",stderr);
  2637. XEXIT_T(MY_EX_USAGE);
  2638. }
  2639. #else
  2640. fputs("compiled without BUILD_INTROSPECTION.\n",stderr);
  2641. XEXIT_T(MY_EX_USAGE);
  2642. #endif
  2643. }
  2644. case '#' :
  2645. {
  2646. #ifdef HAVE_WC_INTROSPECTION
  2647. const char *cflags = wolfSSL_global_cflags();
  2648. if (cflags) {
  2649. puts(cflags);
  2650. XEXIT_T(EXIT_SUCCESS);
  2651. } else {
  2652. fputs("CFLAGS not compiled in.\n",stderr);
  2653. XEXIT_T(MY_EX_USAGE);
  2654. }
  2655. #else
  2656. fputs("compiled without BUILD_INTROSPECTION.\n",stderr);
  2657. XEXIT_T(MY_EX_USAGE);
  2658. #endif
  2659. }
  2660. #ifdef WOLFSSL_WOLFSENTRY_HOOKS
  2661. case 256:
  2662. #if !defined(NO_FILESYSTEM) && !defined(WOLFSENTRY_NO_JSON)
  2663. wolfsentry_config_path = myoptarg;
  2664. #endif
  2665. break;
  2666. #endif
  2667. #if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES) && \
  2668. defined(HAVE_PQC)
  2669. case 259:
  2670. usePqc = 1;
  2671. onlyKeyShare = 3;
  2672. pqcAlg = myoptarg;
  2673. break;
  2674. #endif
  2675. #ifdef WOLFSSL_SYS_CA_CERTS
  2676. case 263:
  2677. loadSysCaCerts = 1;
  2678. break;
  2679. #endif
  2680. case 264:
  2681. #ifdef HAVE_SUPPORTED_CURVES
  2682. #ifdef WOLFSSL_TLS13
  2683. onlyPskDheKe = 1;
  2684. #endif
  2685. #endif
  2686. break;
  2687. case 265:
  2688. #ifndef NO_PSK
  2689. opensslPsk = 1;
  2690. #endif
  2691. break;
  2692. case 266:
  2693. quieter = 1;
  2694. break;
  2695. case 267:
  2696. #ifdef HAVE_RPK
  2697. useRPK = 1;
  2698. #endif /* HAVE_RPK */
  2699. break;
  2700. case 268:
  2701. fileFormat = WOLFSSL_FILETYPE_ASN1;
  2702. break;
  2703. case 269:
  2704. #if defined(WOLFSSL_SYS_CRYPTO_POLICY)
  2705. policy = myoptarg;
  2706. #endif /* WOLFSSL_SYS_CRYPTO_POLICY */
  2707. break;
  2708. default:
  2709. Usage();
  2710. XEXIT_T(MY_EX_USAGE);
  2711. }
  2712. }
  2713. myoptind = 0; /* reset for test cases */
  2714. #endif /* !WOLFSSL_VXWORKS */
  2715. if (externalTest) {
  2716. /* detect build cases that wouldn't allow test against wolfssl.com */
  2717. int done = 0;
  2718. #ifdef NO_RSA
  2719. done += 1; /* require RSA for external tests */
  2720. #endif
  2721. if (!XSTRCMP(domain, "www.globalsign.com")) {
  2722. /* www.globalsign.com does not respond to ipv6 ocsp requests */
  2723. #if defined(TEST_IPV6) && defined(HAVE_OCSP)
  2724. done += 1;
  2725. #endif
  2726. /* www.globalsign.com has limited supported cipher suites */
  2727. #if defined(NO_AES) && defined(HAVE_OCSP)
  2728. done += 1;
  2729. #endif
  2730. /* www.globalsign.com only supports static RSA or ECDHE with AES */
  2731. /* We cannot expect users to have on static RSA so test for ECC only
  2732. * as some users will most likely be on 32-bit systems where ECC
  2733. * is not enabled by default */
  2734. #if defined(HAVE_OCSP) && !defined(HAVE_ECC)
  2735. done += 1;
  2736. #endif
  2737. }
  2738. #ifndef NO_PSK
  2739. if (usePsk) {
  2740. done += 1; /* don't perform external tests if PSK is enabled */
  2741. }
  2742. #endif
  2743. #ifdef NO_SHA
  2744. done += 1; /* external cert chain most likely has SHA */
  2745. #endif
  2746. #if !defined(HAVE_ECC) && !defined(WOLFSSL_STATIC_RSA) \
  2747. || ( defined(HAVE_ECC) && !defined(HAVE_SUPPORTED_CURVES) \
  2748. && !defined(WOLFSSL_STATIC_RSA) )
  2749. /* google needs ECDHE+Supported Curves or static RSA */
  2750. if (!XSTRCASECMP(domain, "www.google.com"))
  2751. done += 1;
  2752. #endif
  2753. #if !defined(HAVE_ECC) && !defined(WOLFSSL_STATIC_RSA)
  2754. /* wolfssl needs ECDHE or static RSA */
  2755. if (!XSTRCASECMP(domain, "www.wolfssl.com"))
  2756. done += 1;
  2757. #endif
  2758. #if !defined(WOLFSSL_SHA384)
  2759. if (!XSTRCASECMP(domain, "www.wolfssl.com")) {
  2760. /* wolfssl need sha384 for cert chain verify */
  2761. done += 1;
  2762. }
  2763. #endif
  2764. #if !defined(HAVE_AESGCM) && defined(NO_AES) && \
  2765. !(defined(HAVE_CHACHA) && defined(HAVE_POLY1305))
  2766. /* need at least one of these for external tests */
  2767. done += 1;
  2768. #endif
  2769. /* For the external test, if we disable AES, GoDaddy will reject the
  2770. * connection. They only currently support AES suites, RC4 and 3DES
  2771. * suites. With AES disabled we only offer PolyChacha suites. */
  2772. #if defined(NO_AES) && !defined(HAVE_AESGCM)
  2773. if (!XSTRCASECMP(domain, "www.wolfssl.com")) {
  2774. done += 1;
  2775. }
  2776. #endif
  2777. if (done) {
  2778. LOG_ERROR("external test can't be run in this mode\n");
  2779. ((func_args*)args)->return_code = 0;
  2780. XEXIT_T(EXIT_SUCCESS);
  2781. }
  2782. }
  2783. /* sort out DTLS versus TLS versions */
  2784. if (version == CLIENT_INVALID_VERSION) {
  2785. if (doDTLS)
  2786. version = CLIENT_DTLS_DEFAULT_VERSION;
  2787. else
  2788. version = CLIENT_DEFAULT_VERSION;
  2789. }
  2790. else {
  2791. if (doDTLS) {
  2792. if (version == 3) {
  2793. version = -2;
  2794. }
  2795. #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
  2796. else if (version == EITHER_DOWNGRADE_VERSION) {
  2797. version = -3;
  2798. }
  2799. #endif
  2800. else if (version == 4) {
  2801. #ifdef WOLFSSL_DTLS13
  2802. version = -4;
  2803. #else
  2804. err_sys("Bad DTLS version");
  2805. #endif /* WOLFSSL_DTLS13 */
  2806. }
  2807. else if (version == 2)
  2808. version = -1;
  2809. }
  2810. }
  2811. #ifndef HAVE_SESSION_TICKET
  2812. if ((version >= 4) && resumeSession) {
  2813. LOG_ERROR("Can't do TLS 1.3 resumption; need session tickets!\n");
  2814. }
  2815. #endif
  2816. #ifdef HAVE_WNR
  2817. if (wc_InitNetRandom(wnrConfigFile, NULL, 5000) != 0)
  2818. err_sys("can't load whitewood net random config file");
  2819. #endif
  2820. #ifdef HAVE_PQC
  2821. if (usePqc) {
  2822. if (version == CLIENT_DOWNGRADE_VERSION ||
  2823. version == EITHER_DOWNGRADE_VERSION)
  2824. LOG_ERROR(
  2825. "WARNING: If a TLS 1.3 connection is not negotiated, you "
  2826. "will not be using a post-quantum group.\n");
  2827. else if (version != 4 && version != -4)
  2828. err_sys("can only use post-quantum groups with TLS 1.3 or DTLS 1.3");
  2829. }
  2830. #endif
  2831. switch (version) {
  2832. #ifndef NO_OLD_TLS
  2833. #ifdef WOLFSSL_ALLOW_SSLV3
  2834. case 0:
  2835. method = wolfSSLv3_client_method_ex;
  2836. break;
  2837. #endif
  2838. #ifndef NO_TLS
  2839. #ifdef WOLFSSL_ALLOW_TLSV10
  2840. case 1:
  2841. method = wolfTLSv1_client_method_ex;
  2842. break;
  2843. #endif
  2844. case 2:
  2845. method = wolfTLSv1_1_client_method_ex;
  2846. break;
  2847. #endif /* !NO_TLS */
  2848. #endif /* !NO_OLD_TLS */
  2849. #ifndef NO_TLS
  2850. #ifndef WOLFSSL_NO_TLS12
  2851. case 3:
  2852. method = wolfTLSv1_2_client_method_ex;
  2853. break;
  2854. #endif
  2855. #ifdef WOLFSSL_TLS13
  2856. case 4:
  2857. method = wolfTLSv1_3_client_method_ex;
  2858. break;
  2859. #endif
  2860. case CLIENT_DOWNGRADE_VERSION:
  2861. if (!doDTLS) {
  2862. method = wolfSSLv23_client_method_ex;
  2863. }
  2864. else {
  2865. #ifdef WOLFSSL_DTLS
  2866. method = wolfDTLS_client_method_ex;
  2867. #else
  2868. err_sys("version not supported");
  2869. #endif /* WOLFSSL_DTLS */
  2870. }
  2871. break;
  2872. #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
  2873. case EITHER_DOWNGRADE_VERSION:
  2874. method = wolfSSLv23_method_ex;
  2875. break;
  2876. #endif
  2877. #endif /* NO_TLS */
  2878. #ifdef WOLFSSL_DTLS
  2879. #ifndef NO_OLD_TLS
  2880. case -1:
  2881. method = wolfDTLSv1_client_method_ex;
  2882. break;
  2883. #endif
  2884. #ifndef WOLFSSL_NO_TLS12
  2885. case -2:
  2886. method = wolfDTLSv1_2_client_method_ex;
  2887. break;
  2888. #endif
  2889. #ifdef WOLFSSL_DTLS13
  2890. case -4:
  2891. method = wolfDTLSv1_3_client_method_ex;
  2892. break;
  2893. #endif /* WOLFSSL_DTLS13 */
  2894. #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
  2895. case -3:
  2896. method = wolfDTLSv1_2_method_ex;
  2897. break;
  2898. #endif
  2899. #endif
  2900. default:
  2901. err_sys("Bad SSL version");
  2902. }
  2903. if (method == NULL)
  2904. err_sys("unable to get method");
  2905. #if defined(WOLFSSL_SYS_CRYPTO_POLICY)
  2906. if (policy != NULL) {
  2907. if (wolfSSL_crypto_policy_enable(policy) != WOLFSSL_SUCCESS) {
  2908. err_sys("wolfSSL_crypto_policy_enable failed");
  2909. }
  2910. }
  2911. #endif /* WOLFSSL_SYS_CRYPTO_POLICY */
  2912. #ifdef WOLFSSL_STATIC_MEMORY
  2913. #if defined(DEBUG_WOLFSSL) && !defined(WOLFSSL_STATIC_MEMORY_LEAN)
  2914. /* print off helper buffer sizes for use with static memory
  2915. * printing to stderr in case of debug mode turned on */
  2916. LOG_ERROR("static memory management size = %d\n",
  2917. wolfSSL_MemoryPaddingSz());
  2918. LOG_ERROR("calculated optimum general buffer size = %d\n",
  2919. wolfSSL_StaticBufferSz(memory, sizeof(memory), 0));
  2920. LOG_ERROR("calculated optimum IO buffer size = %d\n",
  2921. wolfSSL_StaticBufferSz(memoryIO, sizeof(memoryIO),
  2922. WOLFMEM_IO_POOL_FIXED));
  2923. #endif /* DEBUG_WOLFSSL */
  2924. if (wc_LoadStaticMemory(&heap, memory, sizeof(memory), WOLFMEM_GENERAL, 1)
  2925. != 0) {
  2926. err_sys("unable to load static memory");
  2927. }
  2928. #if defined(WOLFSSL_STATIC_MEMORY) && \
  2929. defined(WOLFSSL_STATIC_MEMORY_DEBUG_CALLBACK)
  2930. wolfSSL_SetDebugMemoryCb(ExampleDebugMemoryCb);
  2931. #endif
  2932. ctx = wolfSSL_CTX_new_ex(method(heap), heap);
  2933. if (ctx == NULL)
  2934. err_sys("unable to get ctx");
  2935. #ifdef WOLFSSL_CALLBACKS
  2936. wolfSSL_CTX_set_msg_callback(ctx, msgDebugCb);
  2937. #endif
  2938. if (wolfSSL_CTX_load_static_memory(&ctx, NULL, memoryIO, sizeof(memoryIO),
  2939. WOLFMEM_IO_POOL_FIXED | WOLFMEM_TRACK_STATS, 1) != WOLFSSL_SUCCESS) {
  2940. err_sys("unable to load static memory");
  2941. }
  2942. #else
  2943. if (method != NULL) {
  2944. ctx = wolfSSL_CTX_new(method(NULL));
  2945. if (ctx == NULL)
  2946. err_sys("unable to get ctx");
  2947. }
  2948. #endif
  2949. #ifdef WOLFSSL_SYS_CA_CERTS
  2950. if (loadSysCaCerts &&
  2951. wolfSSL_CTX_load_system_CA_certs(ctx) != WOLFSSL_SUCCESS) {
  2952. err_sys("wolfSSL_CTX_load_system_CA_certs failed");
  2953. }
  2954. #endif /* WOLFSSL_SYS_CA_CERTS */
  2955. if (minVersion != CLIENT_INVALID_VERSION) {
  2956. #ifdef WOLFSSL_DTLS
  2957. if (doDTLS) {
  2958. switch (minVersion) {
  2959. case 4:
  2960. #ifdef WOLFSSL_DTLS13
  2961. minVersion = WOLFSSL_DTLSV1_3;
  2962. break;
  2963. #else
  2964. err_sys("invalid minimum downgrade version");
  2965. #endif /* WOLFSSL_DTLS13 */
  2966. case 3:
  2967. minVersion = WOLFSSL_DTLSV1_2;
  2968. break;
  2969. case 2:
  2970. minVersion = WOLFSSL_DTLSV1;
  2971. break;
  2972. }
  2973. }
  2974. #endif /* WOLFSSL_DTLS */
  2975. if (wolfSSL_CTX_SetMinVersion(ctx, minVersion) != WOLFSSL_SUCCESS)
  2976. err_sys("can't set minimum downgrade version");
  2977. }
  2978. if (simulateWantWrite) {
  2979. #ifdef USE_WOLFSSL_IO
  2980. wolfSSL_CTX_SetIOSend(ctx, SimulateWantWriteIOSendCb);
  2981. #endif
  2982. }
  2983. #ifdef SINGLE_THREADED
  2984. if (wolfSSL_CTX_new_rng(ctx) != WOLFSSL_SUCCESS) {
  2985. wolfSSL_CTX_free(ctx); ctx = NULL;
  2986. err_sys("Single Threaded new rng at CTX failed");
  2987. }
  2988. #endif
  2989. #ifdef OPENSSL_COMPATIBLE_DEFAULTS
  2990. /* Restore wolfSSL verify defaults */
  2991. if (ctx) {
  2992. wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_DEFAULT, NULL);
  2993. }
  2994. #endif
  2995. #ifdef WOLFSSL_SRTP
  2996. if (dtlsSrtpProfiles != NULL) {
  2997. if (wolfSSL_CTX_set_tlsext_use_srtp(ctx, dtlsSrtpProfiles)
  2998. != WOLFSSL_SUCCESS) {
  2999. err_sys("unable to set DTLS SRTP profile");
  3000. }
  3001. }
  3002. #endif
  3003. #ifdef WOLFSSL_WOLFSENTRY_HOOKS
  3004. if (wolfsentry_setup(&wolfsentry, wolfsentry_config_path,
  3005. WOLFSENTRY_ROUTE_FLAG_DIRECTION_OUT) < 0) {
  3006. err_sys("unable to initialize wolfSentry");
  3007. }
  3008. if (wolfSSL_CTX_set_ConnectFilter(
  3009. ctx,
  3010. (NetworkFilterCallback_t)wolfSentry_NetworkFilterCallback,
  3011. wolfsentry) < 0) {
  3012. err_sys("unable to install wolfSentry_NetworkFilterCallback");
  3013. }
  3014. #endif
  3015. if (cipherList && !useDefCipherList) {
  3016. if (wolfSSL_CTX_set_cipher_list(ctx, cipherList) != WOLFSSL_SUCCESS) {
  3017. wolfSSL_CTX_free(ctx); ctx = NULL;
  3018. err_sys("client can't set cipher list 1");
  3019. }
  3020. }
  3021. #ifdef WOLFSSL_LEANPSK
  3022. if (!usePsk) {
  3023. usePsk = 1;
  3024. }
  3025. #endif
  3026. #if defined(NO_RSA) && !defined(HAVE_ECC) && !defined(HAVE_ED25519) && \
  3027. !defined(HAVE_ED448)
  3028. if (!usePsk) {
  3029. usePsk = 1;
  3030. }
  3031. #endif
  3032. if (fewerPackets)
  3033. wolfSSL_CTX_set_group_messages(ctx);
  3034. #if (defined(WOLFSSL_SCTP) || defined(WOLFSSL_DTLS_MTU)) && \
  3035. defined(WOLFSSL_DTLS)
  3036. if (dtlsMTU)
  3037. wolfSSL_CTX_dtls_set_mtu(ctx, (unsigned short)dtlsMTU);
  3038. #endif
  3039. #ifndef NO_DH
  3040. if (wolfSSL_CTX_SetMinDhKey_Sz(ctx, (word16)minDhKeyBits)
  3041. != WOLFSSL_SUCCESS) {
  3042. err_sys("Error setting minimum DH key size");
  3043. }
  3044. #endif
  3045. #ifdef HAVE_RPK
  3046. if (useRPK) {
  3047. char ctype[] = {WOLFSSL_CERT_TYPE_RPK};
  3048. char stype[] = {WOLFSSL_CERT_TYPE_RPK};
  3049. wolfSSL_CTX_set_client_cert_type(ctx, ctype, sizeof(ctype)/sizeof(ctype[0]));
  3050. wolfSSL_CTX_set_server_cert_type(ctx, stype, sizeof(stype)/sizeof(stype[0]));
  3051. usePsk = 0;
  3052. #ifdef HAVE_CRL
  3053. disableCRL = 1;
  3054. #endif
  3055. doPeerCheck = 0;
  3056. }
  3057. #endif /* HAVE_RPK */
  3058. if (usePsk) {
  3059. #ifndef NO_PSK
  3060. const char *defaultCipherList = cipherList;
  3061. wolfSSL_CTX_set_psk_client_callback(ctx, my_psk_client_cb);
  3062. #ifdef WOLFSSL_TLS13
  3063. #if !defined(WOLFSSL_PSK_TLS13_CB) && !defined(WOLFSSL_PSK_ONE_ID)
  3064. if (!opensslPsk) {
  3065. wolfSSL_CTX_set_psk_client_cs_callback(ctx, my_psk_client_cs_cb);
  3066. }
  3067. else
  3068. #endif
  3069. {
  3070. wolfSSL_CTX_set_psk_client_tls13_callback(ctx,
  3071. my_psk_client_tls13_cb);
  3072. }
  3073. #endif
  3074. if (defaultCipherList == NULL) {
  3075. #if defined(HAVE_AESGCM) && !defined(NO_DH)
  3076. #ifdef WOLFSSL_TLS13
  3077. defaultCipherList = "TLS13-AES128-GCM-SHA256"
  3078. #ifndef WOLFSSL_NO_TLS12
  3079. ":DHE-PSK-AES128-GCM-SHA256"
  3080. #endif
  3081. ;
  3082. #else
  3083. defaultCipherList = "DHE-PSK-AES128-GCM-SHA256";
  3084. #endif
  3085. #elif defined(HAVE_AESGCM) && defined(WOLFSSL_TLS13)
  3086. defaultCipherList = "TLS13-AES128-GCM-SHA256"
  3087. #ifndef WOLFSSL_NO_TLS12
  3088. ":PSK-AES128-GCM-SHA256"
  3089. #endif
  3090. ;
  3091. #elif defined(HAVE_NULL_CIPHER)
  3092. defaultCipherList = "PSK-NULL-SHA256";
  3093. #elif !defined(NO_AES_CBC)
  3094. defaultCipherList = "PSK-AES128-CBC-SHA256";
  3095. #else
  3096. defaultCipherList = "PSK-AES128-GCM-SHA256";
  3097. #endif
  3098. if (wolfSSL_CTX_set_cipher_list(ctx, defaultCipherList)
  3099. !=WOLFSSL_SUCCESS) {
  3100. wolfSSL_CTX_free(ctx); ctx = NULL;
  3101. err_sys("client can't set cipher list 2");
  3102. }
  3103. }
  3104. wolfSSL_CTX_set_psk_callback_ctx(ctx, (void*)defaultCipherList);
  3105. #endif
  3106. if (useClientCert) {
  3107. useClientCert = 0;
  3108. }
  3109. }
  3110. if (useAnon) {
  3111. #ifdef HAVE_ANON
  3112. if (cipherList == NULL || (cipherList && useDefCipherList)) {
  3113. const char* defaultCipherList;
  3114. wolfSSL_CTX_allow_anon_cipher(ctx);
  3115. defaultCipherList = "ADH-AES256-GCM-SHA384:"
  3116. "ADH-AES128-SHA";
  3117. if (wolfSSL_CTX_set_cipher_list(ctx,defaultCipherList)
  3118. != WOLFSSL_SUCCESS) {
  3119. wolfSSL_CTX_free(ctx); ctx = NULL;
  3120. err_sys("client can't set cipher list 4");
  3121. }
  3122. }
  3123. #endif
  3124. if (useClientCert) {
  3125. useClientCert = 0;
  3126. }
  3127. }
  3128. #ifdef WOLFSSL_SCTP
  3129. if (dtlsSCTP)
  3130. wolfSSL_CTX_dtls_set_sctp(ctx);
  3131. #endif
  3132. #ifdef WOLFSSL_ENCRYPTED_KEYS
  3133. wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
  3134. #endif
  3135. #ifdef WOLFSSL_SNIFFER
  3136. if (cipherList == NULL && version < 4) {
  3137. /* static RSA or ECC cipher suites */
  3138. const char* staticCipherList = "AES128-SHA:ECDH-ECDSA-AES128-SHA";
  3139. if (wolfSSL_CTX_set_cipher_list(ctx, staticCipherList) != WOLFSSL_SUCCESS) {
  3140. wolfSSL_CTX_free(ctx); ctx = NULL;
  3141. err_sys("client can't set cipher list 3");
  3142. }
  3143. }
  3144. #endif
  3145. #ifdef HAVE_OCSP
  3146. if (useOcsp) {
  3147. #if defined(HAVE_IO_TIMEOUT) && defined(HAVE_HTTP_CLIENT)
  3148. wolfIO_SetTimeout(DEFAULT_TIMEOUT_SEC);
  3149. #endif
  3150. if (ocspUrl != NULL) {
  3151. wolfSSL_CTX_SetOCSP_OverrideURL(ctx, ocspUrl);
  3152. wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_NO_NONCE
  3153. | WOLFSSL_OCSP_URL_OVERRIDE);
  3154. }
  3155. else {
  3156. wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_CHECKALL);
  3157. }
  3158. #ifdef WOLFSSL_NONBLOCK_OCSP
  3159. wolfSSL_CTX_SetOCSP_Cb(ctx, OCSPIOCb, OCSPRespFreeCb, NULL);
  3160. #endif
  3161. }
  3162. #endif
  3163. #ifdef USER_CA_CB
  3164. wolfSSL_CTX_SetCACb(ctx, CaCb);
  3165. #endif
  3166. #if defined(HAVE_EXT_CACHE) && !defined(NO_SESSION_CACHE)
  3167. wolfSSL_CTX_sess_set_get_cb(ctx, mySessGetCb);
  3168. wolfSSL_CTX_sess_set_new_cb(ctx, mySessNewCb);
  3169. wolfSSL_CTX_sess_set_remove_cb(ctx, mySessRemCb);
  3170. #endif
  3171. #ifndef NO_CERTS
  3172. if (useClientCert && !loadCertKeyIntoSSLObj){
  3173. #if defined(NO_FILESYSTEM) && defined(USE_CERT_BUFFERS_2048)
  3174. if (wolfSSL_CTX_use_certificate_chain_buffer_format(ctx,
  3175. client_cert_der_2048, sizeof_client_cert_der_2048,
  3176. WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS)
  3177. err_sys("can't load client cert buffer");
  3178. #elif !defined(TEST_LOAD_BUFFER)
  3179. if (wolfSSL_CTX_use_certificate_chain_file_format(ctx, ourCert, fileFormat)
  3180. != WOLFSSL_SUCCESS) {
  3181. wolfSSL_CTX_free(ctx); ctx = NULL;
  3182. err_sys("can't load client cert file, check file and run from"
  3183. " wolfSSL home dir");
  3184. }
  3185. #else
  3186. load_buffer(ctx, ourCert, WOLFSSL_CERT_CHAIN);
  3187. #endif
  3188. }
  3189. #ifdef HAVE_PK_CALLBACKS
  3190. pkCbInfo.ourKey = ourKey;
  3191. #endif
  3192. if (useClientCert && !loadCertKeyIntoSSLObj
  3193. #if defined(HAVE_PK_CALLBACKS) && defined(TEST_PK_PRIVKEY)
  3194. && !pkCallbacks
  3195. #endif
  3196. ) {
  3197. #ifdef NO_FILESYSTEM
  3198. if (wolfSSL_CTX_use_PrivateKey_buffer(ctx, client_key_der_2048,
  3199. sizeof_client_key_der_2048, SSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS)
  3200. err_sys("can't load client private key buffer");
  3201. #elif !defined(TEST_LOAD_BUFFER)
  3202. if (wolfSSL_CTX_use_PrivateKey_file(ctx, ourKey, fileFormat)
  3203. != WOLFSSL_SUCCESS) {
  3204. wolfSSL_CTX_free(ctx); ctx = NULL;
  3205. err_sys("can't load client private key file, check file and run "
  3206. "from wolfSSL home dir");
  3207. }
  3208. #else
  3209. load_buffer(ctx, ourKey, WOLFSSL_KEY);
  3210. #endif
  3211. }
  3212. if (!usePsk && !useAnon && !useVerifyCb && myVerifyAction != VERIFY_FORCE_FAIL) {
  3213. #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
  3214. (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
  3215. !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
  3216. if (useCertFolder) {
  3217. WOLFSSL_X509_STORE *store;
  3218. WOLFSSL_X509_LOOKUP *lookup;
  3219. store = wolfSSL_CTX_get_cert_store(ctx);
  3220. if (store == NULL) {
  3221. wolfSSL_CTX_free(ctx); ctx = NULL;
  3222. err_sys("can't get WOLFSSL_X509_STORE");
  3223. }
  3224. lookup = wolfSSL_X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir());
  3225. if (lookup == NULL) {
  3226. wolfSSL_CTX_free(ctx); ctx = NULL;
  3227. err_sys("can't add lookup");
  3228. }
  3229. if (wolfSSL_X509_LOOKUP_ctrl(lookup, WOLFSSL_X509_L_ADD_DIR, caCertFolder,
  3230. X509_FILETYPE_PEM, NULL) != WOLFSSL_SUCCESS) {
  3231. err_sys("X509_LOOKUP_ctrl w/ L_ADD_DIR failed");
  3232. }
  3233. } else {
  3234. #endif
  3235. #ifdef NO_FILESYSTEM
  3236. if (wolfSSL_CTX_load_verify_buffer(ctx, ca_cert_der_2048,
  3237. sizeof_ca_cert_der_2048, SSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) {
  3238. wolfSSL_CTX_free(ctx); ctx = NULL;
  3239. err_sys("can't load ca buffer, Please run from wolfSSL home dir");
  3240. }
  3241. #elif !defined(TEST_LOAD_BUFFER)
  3242. unsigned int verify_flags = 0;
  3243. #ifdef TEST_BEFORE_DATE
  3244. verify_flags |= WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY;
  3245. #endif
  3246. if (doPeerCheck != 0 &&
  3247. wolfSSL_CTX_load_verify_locations_ex(ctx, verifyCert, 0, verify_flags)
  3248. != WOLFSSL_SUCCESS) {
  3249. wolfSSL_CTX_free(ctx); ctx = NULL;
  3250. err_sys("can't load ca file, Please run from wolfSSL home dir");
  3251. }
  3252. #else
  3253. load_buffer(ctx, verifyCert, WOLFSSL_CA);
  3254. #endif /* !NO_FILESYSTEM */
  3255. #ifdef HAVE_ECC
  3256. /* load ecc verify too, echoserver uses it by default w/ ecc */
  3257. #ifdef NO_FILESYSTEM
  3258. if (doPeerCheck != 0 &&
  3259. wolfSSL_CTX_load_verify_buffer(ctx, ca_ecc_cert_der_256,
  3260. sizeof_ca_ecc_cert_der_256, SSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) {
  3261. wolfSSL_CTX_free(ctx); ctx = NULL;
  3262. err_sys("can't load ecc ca buffer");
  3263. }
  3264. #elif !defined(TEST_LOAD_BUFFER)
  3265. if (doPeerCheck != 0 && !customVerifyCert &&
  3266. wolfSSL_CTX_load_verify_locations_ex(ctx, eccCertFile, 0, verify_flags)
  3267. != WOLFSSL_SUCCESS) {
  3268. wolfSSL_CTX_free(ctx); ctx = NULL;
  3269. err_sys("can't load ecc ca file, Please run from wolfSSL home dir");
  3270. }
  3271. #else
  3272. load_buffer(ctx, eccCertFile, WOLFSSL_CA);
  3273. #endif /* !TEST_LOAD_BUFFER */
  3274. #endif /* HAVE_ECC */
  3275. #if defined(WOLFSSL_TRUST_PEER_CERT) && !defined(NO_FILESYSTEM)
  3276. if (trustCert) {
  3277. if (wolfSSL_CTX_trust_peer_cert(ctx, trustCert,
  3278. WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
  3279. wolfSSL_CTX_free(ctx); ctx = NULL;
  3280. err_sys("can't load trusted peer cert file");
  3281. }
  3282. }
  3283. #endif /* WOLFSSL_TRUST_PEER_CERT && !NO_FILESYSTEM */
  3284. #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
  3285. (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
  3286. !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
  3287. }
  3288. #endif
  3289. }
  3290. if (useVerifyCb || myVerifyAction == VERIFY_FORCE_FAIL ||
  3291. myVerifyAction == VERIFY_USE_PREVERIFY) {
  3292. wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, myVerify);
  3293. }
  3294. else if (!usePsk && !useAnon && doPeerCheck == 0) {
  3295. wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_NONE, NULL);
  3296. }
  3297. else if (!usePsk && !useAnon && myVerifyAction == VERIFY_OVERRIDE_DATE_ERR) {
  3298. wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, myVerify);
  3299. }
  3300. #endif /* !NO_CERTS */
  3301. #ifdef WOLFSSL_ASYNC_CRYPT
  3302. ret = wolfAsync_DevOpen(&devId);
  3303. if (ret < 0) {
  3304. LOG_ERROR("Async device open failed\nRunning without async\n");
  3305. }
  3306. wolfSSL_CTX_SetDevId(ctx, devId);
  3307. #endif /* WOLFSSL_ASYNC_CRYPT */
  3308. #ifdef HAVE_SNI
  3309. if (sniHostName) {
  3310. if (wolfSSL_CTX_UseSNI(ctx, WOLFSSL_SNI_HOST_NAME, sniHostName,
  3311. (word16) XSTRLEN(sniHostName)) != WOLFSSL_SUCCESS) {
  3312. wolfSSL_CTX_free(ctx); ctx = NULL;
  3313. err_sys("UseSNI failed");
  3314. }
  3315. }
  3316. #endif
  3317. #ifdef HAVE_MAX_FRAGMENT
  3318. if (maxFragment)
  3319. if (wolfSSL_CTX_UseMaxFragment(ctx, maxFragment) != WOLFSSL_SUCCESS) {
  3320. wolfSSL_CTX_free(ctx); ctx = NULL;
  3321. err_sys("UseMaxFragment failed");
  3322. }
  3323. #endif
  3324. #ifdef HAVE_TRUNCATED_HMAC
  3325. if (truncatedHMAC)
  3326. if (wolfSSL_CTX_UseTruncatedHMAC(ctx) != WOLFSSL_SUCCESS) {
  3327. wolfSSL_CTX_free(ctx); ctx = NULL;
  3328. err_sys("UseTruncatedHMAC failed");
  3329. }
  3330. #endif
  3331. #ifdef HAVE_SESSION_TICKET
  3332. if (wolfSSL_CTX_UseSessionTicket(ctx) != WOLFSSL_SUCCESS) {
  3333. wolfSSL_CTX_free(ctx); ctx = NULL;
  3334. err_sys("UseSessionTicket failed");
  3335. }
  3336. #endif
  3337. #ifdef HAVE_EXTENDED_MASTER
  3338. if (disableExtMasterSecret)
  3339. if (wolfSSL_CTX_DisableExtendedMasterSecret(ctx) != WOLFSSL_SUCCESS) {
  3340. wolfSSL_CTX_free(ctx); ctx = NULL;
  3341. err_sys("DisableExtendedMasterSecret failed");
  3342. }
  3343. #endif
  3344. #if defined(HAVE_SUPPORTED_CURVES)
  3345. #if defined(HAVE_CURVE25519)
  3346. if (useX25519) {
  3347. if (wolfSSL_CTX_UseSupportedCurve(ctx, WOLFSSL_ECC_X25519)
  3348. != WOLFSSL_SUCCESS) {
  3349. err_sys("unable to support X25519");
  3350. }
  3351. }
  3352. #endif /* HAVE_CURVE25519 */
  3353. #if defined(HAVE_CURVE448)
  3354. if (useX448) {
  3355. if (wolfSSL_CTX_UseSupportedCurve(ctx, WOLFSSL_ECC_X448)
  3356. != WOLFSSL_SUCCESS) {
  3357. err_sys("unable to support X448");
  3358. }
  3359. }
  3360. #endif /* HAVE_CURVE448 */
  3361. #ifdef HAVE_ECC
  3362. if (useSupCurve) {
  3363. #if !defined(NO_ECC_SECP) && \
  3364. (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES))
  3365. if (wolfSSL_CTX_UseSupportedCurve(ctx, WOLFSSL_ECC_SECP384R1)
  3366. != WOLFSSL_SUCCESS) {
  3367. err_sys("unable to support secp384r1");
  3368. }
  3369. #endif
  3370. #if !defined(NO_ECC_SECP) && \
  3371. (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES))
  3372. if (wolfSSL_CTX_UseSupportedCurve(ctx, WOLFSSL_ECC_SECP256R1)
  3373. != WOLFSSL_SUCCESS) {
  3374. err_sys("unable to support secp256r1");
  3375. }
  3376. #endif
  3377. }
  3378. #endif /* HAVE_ECC */
  3379. #ifdef HAVE_FFDHE_2048
  3380. if (useSupCurve) {
  3381. if (wolfSSL_CTX_UseSupportedCurve(ctx, WOLFSSL_FFDHE_2048)
  3382. != WOLFSSL_SUCCESS) {
  3383. err_sys("unable to support FFDHE 2048");
  3384. }
  3385. }
  3386. #endif
  3387. #endif /* HAVE_SUPPORTED_CURVES */
  3388. #ifdef WOLFSSL_TLS13
  3389. if (noPskDheKe)
  3390. wolfSSL_CTX_no_dhe_psk(ctx);
  3391. #ifdef HAVE_SUPPORTED_CURVES
  3392. if (onlyPskDheKe)
  3393. wolfSSL_CTX_only_dhe_psk(ctx);
  3394. #endif
  3395. #endif
  3396. #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
  3397. if (postHandAuth) {
  3398. if (wolfSSL_CTX_allow_post_handshake_auth(ctx) != 0) {
  3399. err_sys("unable to support post handshake auth");
  3400. }
  3401. }
  3402. #endif
  3403. if (benchmark) {
  3404. ((func_args*)args)->return_code =
  3405. ClientBenchmarkConnections(ctx, host, port, dtlsUDP, dtlsSCTP,
  3406. benchmark, resumeSession, useX25519,
  3407. useX448, usePqc, pqcAlg, helloRetry,
  3408. onlyKeyShare, version, earlyData);
  3409. wolfSSL_CTX_free(ctx); ctx = NULL;
  3410. XEXIT_T(EXIT_SUCCESS);
  3411. }
  3412. if (throughput) {
  3413. ((func_args*)args)->return_code =
  3414. ClientBenchmarkThroughput(ctx, host, port, dtlsUDP, dtlsSCTP,
  3415. block, throughput, useX25519, useX448,
  3416. usePqc, pqcAlg, exitWithRet, version,
  3417. onlyKeyShare);
  3418. wolfSSL_CTX_free(ctx); ctx = NULL;
  3419. if (((func_args*)args)->return_code != EXIT_SUCCESS && !exitWithRet)
  3420. XEXIT_T(EXIT_SUCCESS);
  3421. else
  3422. goto exit;
  3423. }
  3424. #if defined(WOLFSSL_MDK_ARM)
  3425. wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_NONE, NULL);
  3426. #endif
  3427. #if defined(OPENSSL_EXTRA)
  3428. if (wolfSSL_CTX_get_read_ahead(ctx) != 0) {
  3429. wolfSSL_CTX_free(ctx); ctx = NULL;
  3430. err_sys("bad read ahead default value");
  3431. }
  3432. if (wolfSSL_CTX_set_read_ahead(ctx, 1) != WOLFSSL_SUCCESS) {
  3433. wolfSSL_CTX_free(ctx); ctx = NULL;
  3434. err_sys("error setting read ahead value");
  3435. }
  3436. #endif
  3437. #if defined(WOLFSSL_STATIC_MEMORY) && defined(DEBUG_WOLFSSL) && \
  3438. !defined(WOLFSSL_STATIC_MEMORY_LEAN)
  3439. LOG_ERROR("Before creating SSL\n");
  3440. if (wolfSSL_CTX_is_static_memory(ctx, &mem_stats) != 1)
  3441. err_sys("ctx not using static memory");
  3442. if (wolfSSL_PrintStats(&mem_stats) != 1) /* function in test.h */
  3443. err_sys("error printing out memory stats");
  3444. #endif
  3445. if (doMcast) {
  3446. #ifdef WOLFSSL_MULTICAST
  3447. wolfSSL_CTX_mcast_set_member_id(ctx, mcastID);
  3448. if (wolfSSL_CTX_set_cipher_list(ctx, "WDM-NULL-SHA256")
  3449. != WOLFSSL_SUCCESS) {
  3450. wolfSSL_CTX_free(ctx); ctx = NULL;
  3451. err_sys("Couldn't set multicast cipher list.");
  3452. }
  3453. #endif
  3454. }
  3455. #ifdef HAVE_PK_CALLBACKS
  3456. if (pkCallbacks)
  3457. SetupPkCallbacks(ctx);
  3458. #endif
  3459. ssl = wolfSSL_new(ctx);
  3460. if (ssl == NULL) {
  3461. wolfSSL_CTX_free(ctx); ctx = NULL;
  3462. err_sys("unable to get SSL object");
  3463. }
  3464. #ifdef WOLFSSL_DUAL_ALG_CERTS
  3465. if (!wolfSSL_UseCKS(ssl, cks_order, sizeof(cks_order))) {
  3466. wolfSSL_CTX_free(ctx); ctx = NULL;
  3467. err_sys("unable to set the CKS order.");
  3468. }
  3469. #endif /* WOLFSSL_DUAL_ALG_CERTS */
  3470. #ifndef NO_PSK
  3471. if (usePsk) {
  3472. #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_TLS13) && \
  3473. defined(TEST_PSK_USE_SESSION)
  3474. SSL_set_psk_use_session_callback(ssl, my_psk_use_session_cb);
  3475. #endif
  3476. }
  3477. #endif
  3478. #ifndef NO_CERTS
  3479. if (useClientCert && loadCertKeyIntoSSLObj){
  3480. #ifdef NO_FILESYSTEM
  3481. if (wolfSSL_use_certificate_buffer(ssl, client_cert_der_2048,
  3482. sizeof_client_cert_der_2048, SSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) {
  3483. wolfSSL_CTX_free(ctx); ctx = NULL;
  3484. err_sys("can't load client cert buffer");
  3485. }
  3486. #elif !defined(TEST_LOAD_BUFFER)
  3487. if (wolfSSL_use_certificate_chain_file_format(ssl, ourCert, fileFormat)
  3488. != WOLFSSL_SUCCESS) {
  3489. wolfSSL_CTX_free(ctx); ctx = NULL;
  3490. err_sys("can't load client cert file, check file and run from"
  3491. " wolfSSL home dir");
  3492. }
  3493. #else
  3494. load_ssl_buffer(ssl, ourCert, WOLFSSL_CERT_CHAIN);
  3495. #endif
  3496. }
  3497. if (loadCertKeyIntoSSLObj
  3498. #if defined(HAVE_PK_CALLBACKS) && defined(TEST_PK_PRIVKEY)
  3499. && !pkCallbacks
  3500. #endif
  3501. ) {
  3502. #ifdef NO_FILESYSTEM
  3503. if (wolfSSL_CTX_use_PrivateKey_buffer(ctx, client_key_der_2048,
  3504. sizeof_client_key_der_2048, SSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS)
  3505. err_sys("can't load client private key buffer");
  3506. #elif !defined(TEST_LOAD_BUFFER)
  3507. if (wolfSSL_use_PrivateKey_file(ssl, ourKey, fileFormat)
  3508. != WOLFSSL_SUCCESS) {
  3509. wolfSSL_CTX_free(ctx); ctx = NULL;
  3510. err_sys("can't load client private key file, check file and run "
  3511. "from wolfSSL home dir");
  3512. }
  3513. #else
  3514. load_ssl_buffer(ssl, ourKey, WOLFSSL_KEY);
  3515. #endif
  3516. }
  3517. #endif /* !NO_CERTS */
  3518. #if defined(OPENSSL_EXTRA) || defined(HAVE_SECRET_CALLBACK)
  3519. wolfSSL_KeepArrays(ssl);
  3520. #endif
  3521. #ifdef HAVE_PK_CALLBACKS
  3522. /* This must be before SetKeyShare */
  3523. if (pkCallbacks) {
  3524. SetupPkCallbackContexts(ssl, &pkCbInfo);
  3525. }
  3526. #endif
  3527. #if defined(WOLFSSL_STATIC_MEMORY) && defined(DEBUG_WOLFSSL) && \
  3528. !defined(WOLFSSL_STATIC_MEMORY_LEAN)
  3529. LOG_ERROR("After creating SSL\n");
  3530. if (wolfSSL_CTX_is_static_memory(ctx, &mem_stats) != 1)
  3531. err_sys("ctx not using static memory");
  3532. if (wolfSSL_PrintStats(&mem_stats) != 1) /* function in test.h */
  3533. err_sys("error printing out memory stats");
  3534. #endif
  3535. #if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES)
  3536. if (!helloRetry && (version >= 4 || version <= -4)) {
  3537. SetKeyShare(ssl, onlyKeyShare, useX25519, useX448, usePqc,
  3538. pqcAlg, 0);
  3539. }
  3540. else {
  3541. wolfSSL_NoKeyShares(ssl);
  3542. }
  3543. #endif
  3544. if (doMcast) {
  3545. #ifdef WOLFSSL_MULTICAST
  3546. /* DTLS multicast secret for testing only */
  3547. #define CLI_SRV_RANDOM_SZ 32 /* RAN_LEN (see internal.h) */
  3548. #define PMS_SZ 512 /* ENCRYPT_LEN (see internal.h) */
  3549. byte pms[PMS_SZ]; /* pre master secret */
  3550. byte cr[CLI_SRV_RANDOM_SZ]; /* client random */
  3551. byte sr[CLI_SRV_RANDOM_SZ]; /* server random */
  3552. const byte suite[2] = {0, 0xfe}; /* WDM_WITH_NULL_SHA256 */
  3553. XMEMSET(pms, 0x23, sizeof(pms));
  3554. XMEMSET(cr, 0xA5, sizeof(cr));
  3555. XMEMSET(sr, 0x5A, sizeof(sr));
  3556. if (wolfSSL_set_secret(ssl, 1, pms, sizeof(pms), cr, sr, suite)
  3557. != WOLFSSL_SUCCESS) {
  3558. wolfSSL_CTX_free(ctx); ctx = NULL;
  3559. err_sys("unable to set mcast secret");
  3560. }
  3561. #endif
  3562. }
  3563. #ifdef HAVE_SESSION_TICKET
  3564. wolfSSL_set_SessionTicket_cb(ssl, sessionTicketCB, (void*)"initial session");
  3565. #endif
  3566. #ifdef HAVE_TRUSTED_CA
  3567. if (trustedCaKeyId) {
  3568. if (wolfSSL_UseTrustedCA(ssl, WOLFSSL_TRUSTED_CA_PRE_AGREED,
  3569. NULL, 0) != WOLFSSL_SUCCESS) {
  3570. err_sys("UseTrustedCA failed");
  3571. }
  3572. }
  3573. #endif
  3574. #ifdef HAVE_ALPN
  3575. if (alpnList != NULL) {
  3576. printf("ALPN accepted protocols list : %s\n", alpnList);
  3577. wolfSSL_UseALPN(ssl, alpnList, (word32)XSTRLEN(alpnList), alpn_opt);
  3578. }
  3579. #endif
  3580. #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \
  3581. defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
  3582. if (statusRequest) {
  3583. if (version == 4 &&
  3584. (statusRequest == OCSP_STAPLINGV2 || \
  3585. statusRequest == OCSP_STAPLINGV2_MULTI)) {
  3586. err_sys("Cannot use OCSP Stapling V2 with TLSv1.3");
  3587. }
  3588. if (wolfSSL_CTX_EnableOCSPStapling(ctx) != WOLFSSL_SUCCESS)
  3589. err_sys("can't enable OCSP Stapling Certificate Manager");
  3590. if (mustStaple) {
  3591. if (wolfSSL_CTX_EnableOCSPMustStaple(ctx) != WOLFSSL_SUCCESS)
  3592. err_sys("can't enable OCSP Must Staple");
  3593. }
  3594. switch (statusRequest) {
  3595. #ifdef HAVE_CERTIFICATE_STATUS_REQUEST
  3596. case OCSP_STAPLING:
  3597. if (wolfSSL_UseOCSPStapling(ssl, WOLFSSL_CSR_OCSP,
  3598. WOLFSSL_CSR_OCSP_USE_NONCE) != WOLFSSL_SUCCESS) {
  3599. wolfSSL_free(ssl); ssl = NULL;
  3600. CloseSocket(sockfd);
  3601. wolfSSL_CTX_free(ctx); ctx = NULL;
  3602. err_sys("UseCertificateStatusRequest failed");
  3603. }
  3604. break;
  3605. #endif
  3606. #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
  3607. case OCSP_STAPLINGV2:
  3608. if (wolfSSL_UseOCSPStaplingV2(ssl,
  3609. WOLFSSL_CSR2_OCSP, WOLFSSL_CSR2_OCSP_USE_NONCE)
  3610. != WOLFSSL_SUCCESS) {
  3611. wolfSSL_free(ssl); ssl = NULL;
  3612. CloseSocket(sockfd);
  3613. wolfSSL_CTX_free(ctx); ctx = NULL;
  3614. err_sys("UseCertificateStatusRequest failed");
  3615. }
  3616. break;
  3617. case OCSP_STAPLINGV2_MULTI:
  3618. if (wolfSSL_UseOCSPStaplingV2(ssl,
  3619. WOLFSSL_CSR2_OCSP_MULTI, 0)
  3620. != WOLFSSL_SUCCESS) {
  3621. wolfSSL_free(ssl); ssl = NULL;
  3622. CloseSocket(sockfd);
  3623. wolfSSL_CTX_free(ctx); ctx = NULL;
  3624. err_sys("UseCertificateStatusRequest failed");
  3625. }
  3626. break;
  3627. #endif
  3628. default:
  3629. err_sys("Invalid OCSP Stapling option");
  3630. }
  3631. wolfSSL_CTX_EnableOCSP(ctx, 0);
  3632. }
  3633. #endif
  3634. #if !defined(NO_DH) && !defined(WOLFSSL_OLD_PRIME_CHECK) && \
  3635. !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
  3636. if (!doDhKeyCheck)
  3637. wolfSSL_SetEnableDhKeyTest(ssl, 0);
  3638. #endif
  3639. #ifdef HAVE_ENCRYPT_THEN_MAC
  3640. if (disallowETM)
  3641. wolfSSL_AllowEncryptThenMac(ssl, 0);
  3642. #endif
  3643. tcp_connect(&sockfd, host, port, dtlsUDP, dtlsSCTP, ssl);
  3644. if (wolfSSL_set_fd(ssl, sockfd) != WOLFSSL_SUCCESS) {
  3645. wolfSSL_free(ssl); ssl = NULL;
  3646. CloseSocket(sockfd);
  3647. wolfSSL_CTX_free(ctx); ctx = NULL;
  3648. err_sys("error in setting fd");
  3649. }
  3650. if (simulateWantWrite) {
  3651. if (dtlsUDP) {
  3652. wolfSSL_SetIOWriteCtx(ssl, (void*)&sockfd);
  3653. udp_connect(&sockfd, host, port);
  3654. }
  3655. }
  3656. /* STARTTLS */
  3657. if (doSTARTTLS) {
  3658. if (StartTLS_Init(&sockfd) != WOLFSSL_SUCCESS) {
  3659. wolfSSL_free(ssl); ssl = NULL;
  3660. CloseSocket(sockfd);
  3661. wolfSSL_CTX_free(ctx); ctx = NULL;
  3662. err_sys("error during STARTTLS protocol");
  3663. }
  3664. }
  3665. #if defined(HAVE_CRL) && !defined(NO_FILESYSTEM)
  3666. if (disableCRL == 0 && !useVerifyCb) {
  3667. #if defined(HAVE_IO_TIMEOUT) && defined(HAVE_HTTP_CLIENT)
  3668. wolfIO_SetTimeout(DEFAULT_TIMEOUT_SEC);
  3669. #endif
  3670. if (wolfSSL_EnableCRL(ssl, WOLFSSL_CRL_CHECKALL) != WOLFSSL_SUCCESS) {
  3671. wolfSSL_free(ssl); ssl = NULL;
  3672. CloseSocket(sockfd);
  3673. wolfSSL_CTX_free(ctx); ctx = NULL;
  3674. err_sys("can't enable crl check");
  3675. }
  3676. if (wolfSSL_LoadCRL(ssl, crlPemDir, WOLFSSL_FILETYPE_PEM, 0)
  3677. != WOLFSSL_SUCCESS) {
  3678. wolfSSL_free(ssl); ssl = NULL;
  3679. CloseSocket(sockfd);
  3680. wolfSSL_CTX_free(ctx); ctx = NULL;
  3681. err_sys("can't load crl, check crlfile and date validity");
  3682. }
  3683. if (wolfSSL_SetCRL_Cb(ssl, CRL_CallBack) != WOLFSSL_SUCCESS) {
  3684. wolfSSL_free(ssl); ssl = NULL;
  3685. CloseSocket(sockfd);
  3686. wolfSSL_CTX_free(ctx); ctx = NULL;
  3687. err_sys("can't set crl callback");
  3688. }
  3689. }
  3690. #endif
  3691. #ifdef HAVE_SECURE_RENEGOTIATION
  3692. if (scr) {
  3693. if (wolfSSL_UseSecureRenegotiation(ssl) != WOLFSSL_SUCCESS) {
  3694. wolfSSL_free(ssl); ssl = NULL;
  3695. CloseSocket(sockfd);
  3696. wolfSSL_CTX_free(ctx); ctx = NULL;
  3697. err_sys("can't enable secure renegotiation");
  3698. }
  3699. }
  3700. #endif
  3701. #if defined(ATOMIC_USER) && !defined(WOLFSSL_AEAD_ONLY)
  3702. if (atomicUser)
  3703. SetupAtomicUser(ctx, ssl);
  3704. #endif
  3705. #ifdef WOLFSSL_DTLS_CID
  3706. if (useDtlsCID) {
  3707. ret = wolfSSL_dtls_cid_use(ssl);
  3708. if (ret != WOLFSSL_SUCCESS)
  3709. err_sys("Can't enable DTLS ConnectionID");
  3710. ret = wolfSSL_dtls_cid_set(ssl, (unsigned char*)dtlsCID,
  3711. (word32)XSTRLEN(dtlsCID));
  3712. if (ret != WOLFSSL_SUCCESS)
  3713. err_sys("Can't set DTLS ConnectionID");
  3714. }
  3715. #endif /* WOLFSSL_DTLS_CID */
  3716. if (matchName && doPeerCheck)
  3717. wolfSSL_check_domain_name(ssl, domain);
  3718. #ifndef WOLFSSL_CALLBACKS
  3719. if (nonBlocking) {
  3720. #ifdef WOLFSSL_DTLS
  3721. if (doDTLS) {
  3722. wolfSSL_dtls_set_using_nonblock(ssl, 1);
  3723. }
  3724. #endif
  3725. tcp_set_nonblocking(&sockfd);
  3726. ret = NonBlockingSSL_Connect(ssl);
  3727. }
  3728. else {
  3729. #ifdef WOLFSSL_EARLY_DATA
  3730. if (usePsk && earlyData)
  3731. EarlyData(ctx, ssl, kEarlyMsg, sizeof(kEarlyMsg)-1, buffer);
  3732. #endif
  3733. do {
  3734. err = 0; /* reset error */
  3735. ret = wolfSSL_connect(ssl);
  3736. if (ret != WOLFSSL_SUCCESS) {
  3737. err = wolfSSL_get_error(ssl, 0);
  3738. #ifdef WOLFSSL_ASYNC_CRYPT
  3739. if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
  3740. ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
  3741. if (ret < 0) break;
  3742. }
  3743. #endif
  3744. }
  3745. } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
  3746. }
  3747. #else
  3748. timeoutConnect.tv_sec = DEFAULT_TIMEOUT_SEC;
  3749. timeoutConnect.tv_usec = 0;
  3750. ret = NonBlockingSSL_Connect(ssl); /* will keep retrying on timeout */
  3751. #endif
  3752. if (ret != WOLFSSL_SUCCESS) {
  3753. err = wolfSSL_get_error(ssl, 0);
  3754. LOG_ERROR("wolfSSL_connect error %d, %s\n", err,
  3755. wolfSSL_ERR_error_string((unsigned long)err, buffer));
  3756. /* cleanup */
  3757. wolfSSL_free(ssl); ssl = NULL;
  3758. wolfSSL_CTX_free(ctx); ctx = NULL;
  3759. CloseSocket(sockfd);
  3760. if (!exitWithRet)
  3761. err_sys("wolfSSL_connect failed");
  3762. /* see note at top of README */
  3763. /* if you're getting an error here */
  3764. ((func_args*)args)->return_code = err;
  3765. goto exit;
  3766. }
  3767. showPeerEx(ssl, lng_index);
  3768. showPeerPEM(ssl);
  3769. /* if the caller requested a particular cipher, check here that either
  3770. * a canonical name of the established cipher matches the requested
  3771. * cipher name, or the requested cipher name is marked as an alias
  3772. * that matches the established cipher.
  3773. */
  3774. if (cipherList && !useDefCipherList && (! XSTRSTR(cipherList, ":"))) {
  3775. WOLFSSL_CIPHER* established_cipher = wolfSSL_get_current_cipher(ssl);
  3776. byte requested_cipherSuite0, requested_cipherSuite;
  3777. int requested_cipherFlags;
  3778. if (established_cipher &&
  3779. /* don't test for pseudo-ciphers like "ALL" and "DEFAULT". */
  3780. (wolfSSL_get_cipher_suite_from_name(cipherList,
  3781. &requested_cipherSuite0,
  3782. &requested_cipherSuite,
  3783. &requested_cipherFlags) == 0)) {
  3784. word32 established_cipher_id =
  3785. wolfSSL_CIPHER_get_id(established_cipher);
  3786. byte established_cipherSuite0 = (established_cipher_id >> 8) & 0xff;
  3787. byte established_cipherSuite = established_cipher_id & 0xff;
  3788. const char *established_cipher_name =
  3789. wolfSSL_get_cipher_name_from_suite(established_cipherSuite0,
  3790. established_cipherSuite);
  3791. const char *established_cipher_name_iana =
  3792. wolfSSL_get_cipher_name_iana_from_suite(established_cipherSuite0,
  3793. established_cipherSuite);
  3794. if (established_cipher_name == NULL)
  3795. err_sys("error looking up name of established cipher");
  3796. if (strcmp(cipherList, established_cipher_name) &&
  3797. ((established_cipher_name_iana == NULL) ||
  3798. strcmp(cipherList, established_cipher_name_iana))) {
  3799. if (! (requested_cipherFlags & WOLFSSL_CIPHER_SUITE_FLAG_NAMEALIAS))
  3800. err_sys("Unexpected mismatch between names of requested and established ciphers.");
  3801. else if ((requested_cipherSuite0 != established_cipherSuite0) ||
  3802. (requested_cipherSuite != established_cipherSuite))
  3803. err_sys("Mismatch between IDs of requested and established ciphers.");
  3804. }
  3805. }
  3806. }
  3807. #if defined(HAVE_OCSP) && !defined(NO_ASN_TIME)
  3808. #ifdef HAVE_STRFTIME
  3809. {
  3810. struct tm tm;
  3811. char date[32];
  3812. ret = wolfSSL_get_ocsp_producedDate_tm(ssl, &tm);
  3813. if ((ret == 0) && (strftime(date, sizeof date, "%Y-%m-%d %H:%M:%S %z", &tm) > 0))
  3814. printf("OCSP response timestamp: %s\n", date);
  3815. }
  3816. #else
  3817. {
  3818. byte date[MAX_DATE_SIZE];
  3819. int asn_date_format;
  3820. ret = wolfSSL_get_ocsp_producedDate(ssl, date, sizeof date, &asn_date_format);
  3821. if (ret == 0)
  3822. printf("OCSP response timestamp: %s (ASN.1 type %d)\n", (char *)date, asn_date_format);
  3823. }
  3824. #endif
  3825. #endif
  3826. #if defined(OPENSSL_EXTRA) || defined(HAVE_SECRET_CALLBACK)
  3827. printf("Session timeout set to %ld seconds\n", wolfSSL_get_timeout(ssl));
  3828. {
  3829. byte* rnd;
  3830. byte* pt;
  3831. size_t size;
  3832. /* get size of buffer then print */
  3833. size = wolfSSL_get_client_random(NULL, NULL, 0);
  3834. if (size == 0) {
  3835. wolfSSL_free(ssl); ssl = NULL;
  3836. CloseSocket(sockfd);
  3837. wolfSSL_CTX_free(ctx); ctx = NULL;
  3838. err_sys("error getting client random buffer size");
  3839. }
  3840. rnd = (byte*)XMALLOC(size, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  3841. if (rnd == NULL) {
  3842. wolfSSL_free(ssl); ssl = NULL;
  3843. CloseSocket(sockfd);
  3844. wolfSSL_CTX_free(ctx); ctx = NULL;
  3845. err_sys("error creating client random buffer");
  3846. }
  3847. size = wolfSSL_get_client_random(ssl, rnd, size);
  3848. if (size == 0) {
  3849. XFREE(rnd, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  3850. wolfSSL_free(ssl); ssl = NULL;
  3851. CloseSocket(sockfd);
  3852. wolfSSL_CTX_free(ctx); ctx = NULL;
  3853. err_sys("error getting client random buffer");
  3854. }
  3855. printf("Client Random : ");
  3856. for (pt = rnd; pt < rnd + size; pt++) printf("%02X", *pt);
  3857. printf("\n");
  3858. XFREE(rnd, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  3859. }
  3860. #endif
  3861. #if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && (defined(HAVE_STUNNEL) || \
  3862. defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY) || \
  3863. defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_OPENSSH)))
  3864. #if !defined(NO_SESSION_CACHE) && \
  3865. (defined(HAVE_SESSION_TICKET) || defined(SESSION_CERTS)) && \
  3866. !defined(NO_FILESYSTEM)
  3867. #ifndef NO_BIO
  3868. /* print out session to stdout */
  3869. {
  3870. WOLFSSL_BIO* bio = wolfSSL_BIO_new_fp(stdout, BIO_NOCLOSE);
  3871. if (bio != NULL) {
  3872. if (wolfSSL_SESSION_print(bio, wolfSSL_get_session(ssl)) !=
  3873. WOLFSSL_SUCCESS) {
  3874. wolfSSL_BIO_printf(bio, "BIO error printing session\n");
  3875. }
  3876. }
  3877. wolfSSL_BIO_free(bio);
  3878. }
  3879. #endif /* !NO_BIO */
  3880. #endif
  3881. #endif
  3882. if (doSTARTTLS && starttlsProt != NULL) {
  3883. if (XSTRCMP(starttlsProt, "smtp") == 0) {
  3884. if (SMTP_Shutdown(ssl, wc_shutdown) != WOLFSSL_SUCCESS) {
  3885. wolfSSL_free(ssl); ssl = NULL;
  3886. CloseSocket(sockfd);
  3887. wolfSSL_CTX_free(ctx); ctx = NULL;
  3888. err_sys("error closing STARTTLS connection");
  3889. }
  3890. }
  3891. wolfSSL_free(ssl); ssl = NULL;
  3892. CloseSocket(sockfd);
  3893. wolfSSL_CTX_free(ctx); ctx = NULL;
  3894. ((func_args*)args)->return_code = 0;
  3895. WOLFSSL_RETURN_FROM_THREAD(0);
  3896. }
  3897. #ifdef HAVE_ALPN
  3898. if (alpnList != NULL) {
  3899. char *protocol_name = NULL;
  3900. word16 protocol_nameSz = 0;
  3901. err = wolfSSL_ALPN_GetProtocol(ssl, &protocol_name, &protocol_nameSz);
  3902. if (err == WOLFSSL_SUCCESS)
  3903. printf("Received ALPN protocol : %s (%d)\n",
  3904. protocol_name, protocol_nameSz);
  3905. else if (err == WC_NO_ERR_TRACE(WOLFSSL_ALPN_NOT_FOUND))
  3906. printf("No ALPN response received (no match with server)\n");
  3907. else
  3908. printf("Getting ALPN protocol name failed\n");
  3909. }
  3910. #endif
  3911. #ifdef WOLFSSL_DTLS_CID
  3912. if (useDtlsCID && wolfSSL_dtls_cid_is_enabled(ssl)) {
  3913. unsigned char receivedCID[DTLS_CID_BUFFER_SIZE];
  3914. unsigned int receivedCIDSz;
  3915. printf("CID extension was negotiated\n");
  3916. ret = wolfSSL_dtls_cid_get_tx_size(ssl, &receivedCIDSz);
  3917. if (ret == WOLFSSL_SUCCESS && receivedCIDSz > 0) {
  3918. ret = wolfSSL_dtls_cid_get_tx(ssl, receivedCID,
  3919. DTLS_CID_BUFFER_SIZE - 1);
  3920. if (ret != WOLFSSL_SUCCESS)
  3921. err_sys("Can't get negotiated DTLS CID\n");
  3922. printf("Sending CID is ");
  3923. printBuffer(receivedCID, receivedCIDSz);
  3924. printf("\n");
  3925. }
  3926. else {
  3927. printf("other peer provided empty CID\n");
  3928. }
  3929. }
  3930. #endif /* WOLFSSL_DTLS_CID */
  3931. #ifdef HAVE_SECURE_RENEGOTIATION
  3932. if (scr && forceScr) {
  3933. if (nonBlocking) {
  3934. if (!resumeScr) {
  3935. if (wolfSSL_Rehandshake(ssl) != WOLFSSL_SUCCESS) {
  3936. err = wolfSSL_get_error(ssl, 0);
  3937. if (err == WOLFSSL_ERROR_WANT_READ ||
  3938. err == WOLFSSL_ERROR_WANT_WRITE) {
  3939. if (scrAppData) {
  3940. ret = ClientWrite(ssl,
  3941. "msg sent during renegotiation",
  3942. sizeof("msg sent during renegotiation") - 1,
  3943. "", 1);
  3944. }
  3945. else {
  3946. ret = 0;
  3947. }
  3948. if (ret != 0) {
  3949. ret = WOLFSSL_FAILURE;
  3950. }
  3951. else {
  3952. do {
  3953. #ifdef WOLFSSL_ASYNC_CRYPT
  3954. if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
  3955. ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
  3956. if (ret < 0) break;
  3957. }
  3958. #endif
  3959. if (err == WC_NO_ERR_TRACE(APP_DATA_READY)) {
  3960. if (wolfSSL_read(ssl, reply,
  3961. sizeof(reply)-1) < 0) {
  3962. err_sys("APP DATA should be present "
  3963. "but error returned");
  3964. }
  3965. printf("Received message during "
  3966. "renegotiation: %s\n", reply);
  3967. }
  3968. err = 0;
  3969. if ((ret = wolfSSL_connect(ssl))
  3970. != WOLFSSL_SUCCESS) {
  3971. err = wolfSSL_get_error(ssl, ret);
  3972. }
  3973. } while (ret != WOLFSSL_SUCCESS &&
  3974. (err == WOLFSSL_ERROR_WANT_READ ||
  3975. err == WOLFSSL_ERROR_WANT_WRITE ||
  3976. err == WC_NO_ERR_TRACE(APP_DATA_READY) ||
  3977. err == WC_NO_ERR_TRACE(WC_PENDING_E)));
  3978. }
  3979. if (ret == WOLFSSL_SUCCESS) {
  3980. printf("NON-BLOCKING RENEGOTIATION SUCCESSFUL\n");
  3981. }
  3982. }
  3983. if (ret != WOLFSSL_SUCCESS) {
  3984. err = wolfSSL_get_error(ssl, 0);
  3985. LOG_ERROR("wolfSSL_Rehandshake error %d, %s\n", err,
  3986. wolfSSL_ERR_error_string(err, buffer));
  3987. wolfSSL_free(ssl); ssl = NULL;
  3988. CloseSocket(sockfd);
  3989. wolfSSL_CTX_free(ctx); ctx = NULL;
  3990. err_sys("non-blocking wolfSSL_Rehandshake failed");
  3991. }
  3992. }
  3993. }
  3994. else {
  3995. LOG_ERROR("not doing secure resumption with non-blocking");
  3996. }
  3997. } else {
  3998. if (!resumeScr) {
  3999. printf("Beginning secure renegotiation.\n");
  4000. if ((ret = wolfSSL_Rehandshake(ssl)) != WOLFSSL_SUCCESS) {
  4001. err = wolfSSL_get_error(ssl, 0);
  4002. #ifdef WOLFSSL_ASYNC_CRYPT
  4003. while (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
  4004. err = 0;
  4005. ret = wolfSSL_negotiate(ssl);
  4006. if (ret != WOLFSSL_SUCCESS) {
  4007. err = wolfSSL_get_error(ssl, 0);
  4008. if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
  4009. ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
  4010. if (ret < 0) break;
  4011. }
  4012. }
  4013. }
  4014. #endif
  4015. if (ret != WOLFSSL_SUCCESS) {
  4016. printf("err = %d, %s\n", err,
  4017. wolfSSL_ERR_error_string(err, buffer));
  4018. wolfSSL_free(ssl); ssl = NULL;
  4019. CloseSocket(sockfd);
  4020. wolfSSL_CTX_free(ctx); ctx = NULL;
  4021. err_sys("wolfSSL_Rehandshake failed");
  4022. }
  4023. }
  4024. else {
  4025. printf("RENEGOTIATION SUCCESSFUL\n");
  4026. }
  4027. }
  4028. else {
  4029. printf("Beginning secure resumption.\n");
  4030. if ((ret = wolfSSL_SecureResume(ssl)) != WOLFSSL_SUCCESS) {
  4031. err = wolfSSL_get_error(ssl, 0);
  4032. #ifdef WOLFSSL_ASYNC_CRYPT
  4033. while (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
  4034. err = 0;
  4035. ret = wolfSSL_negotiate(ssl);
  4036. if (ret != WOLFSSL_SUCCESS) {
  4037. err = wolfSSL_get_error(ssl, 0);
  4038. if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
  4039. ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
  4040. if (ret < 0) break;
  4041. }
  4042. }
  4043. }
  4044. #endif
  4045. if (ret != WOLFSSL_SUCCESS) {
  4046. printf("err = %d, %s\n", err,
  4047. wolfSSL_ERR_error_string(err, buffer));
  4048. wolfSSL_free(ssl); ssl = NULL;
  4049. CloseSocket(sockfd);
  4050. wolfSSL_CTX_free(ctx); ctx = NULL;
  4051. err_sys("wolfSSL_SecureResume failed");
  4052. }
  4053. }
  4054. else {
  4055. printf("SECURE RESUMPTION SUCCESSFUL\n");
  4056. }
  4057. }
  4058. }
  4059. }
  4060. #endif /* HAVE_SECURE_RENEGOTIATION */
  4061. XMEMSET(msg, 0, sizeof(msg));
  4062. if (sendGET) {
  4063. printf("SSL connect ok, sending GET...\n");
  4064. msgSz = (int)XSTRLEN(kHttpGetMsg);
  4065. XMEMCPY(msg, kHttpGetMsg, (size_t)msgSz);
  4066. }
  4067. else {
  4068. msgSz = (int)XSTRLEN(kHelloMsg);
  4069. XMEMCPY(msg, kHelloMsg, (size_t)msgSz);
  4070. }
  4071. /* allow some time for exporting the session */
  4072. #ifdef WOLFSSL_SESSION_EXPORT_DEBUG
  4073. TEST_DELAY();
  4074. #endif /* WOLFSSL_SESSION_EXPORT_DEBUG */
  4075. #ifdef WOLFSSL_SRTP
  4076. if (dtlsSrtpProfiles != NULL) {
  4077. err = client_srtp_test(ssl, (func_args*)args);
  4078. if (err != 0) {
  4079. if (exitWithRet) {
  4080. ((func_args*)args)->return_code = err;
  4081. wolfSSL_free(ssl); ssl = NULL;
  4082. CloseSocket(sockfd);
  4083. wolfSSL_CTX_free(ctx); ctx = NULL;
  4084. goto exit;
  4085. }
  4086. /* else */
  4087. err_sys("SRTP check failed");
  4088. }
  4089. }
  4090. #endif /* WOLFSSL_SRTP */
  4091. #ifdef WOLFSSL_TLS13
  4092. if (updateKeysIVs)
  4093. wolfSSL_update_keys(ssl);
  4094. #endif
  4095. err = ClientWriteRead(ssl, msg, msgSz, reply, sizeof(reply)-1, 1, "",
  4096. exitWithRet);
  4097. if (exitWithRet && (err != 0)) {
  4098. ((func_args*)args)->return_code = err;
  4099. wolfSSL_free(ssl); ssl = NULL;
  4100. CloseSocket(sockfd);
  4101. wolfSSL_CTX_free(ctx); ctx = NULL;
  4102. goto exit;
  4103. }
  4104. #if defined(WOLFSSL_TLS13)
  4105. if (updateKeysIVs || postHandAuth)
  4106. (void)ClientWrite(ssl, msg, msgSz, "", 0);
  4107. #endif
  4108. #if defined(HAVE_SESSION_TICKET)
  4109. while (waitTicket == 1) {
  4110. unsigned char ticketBuf[SESSION_TICKET_LEN];
  4111. int zeroReturn = 0;
  4112. word32 size;
  4113. (void)zeroReturn;
  4114. size = sizeof(ticketBuf);
  4115. err = wolfSSL_get_SessionTicket(ssl, ticketBuf, &size);
  4116. if (err < 0)
  4117. err_sys("wolfSSL_get_SessionTicket failed");
  4118. if (size == 0) {
  4119. err = process_handshake_messages(ssl, !nonBlocking, &zeroReturn);
  4120. if (err < 0)
  4121. err_sys("error waiting for session ticket ");
  4122. }
  4123. else {
  4124. waitTicket = 0;
  4125. }
  4126. }
  4127. #endif
  4128. #ifndef NO_SESSION_CACHE
  4129. if (resumeSession) {
  4130. session = wolfSSL_get1_session(ssl);
  4131. }
  4132. #endif
  4133. #if !defined(NO_SESSION_CACHE) && (defined(OPENSSL_EXTRA) || \
  4134. defined(HAVE_EXT_CACHE))
  4135. if (session != NULL && resumeSession) {
  4136. flatSessionSz = wolfSSL_i2d_SSL_SESSION(session, NULL);
  4137. if (flatSessionSz != 0) {
  4138. int checkSz = wolfSSL_i2d_SSL_SESSION(session, &flatSession);
  4139. if (flatSession == NULL)
  4140. err_sys("error creating flattened session buffer");
  4141. if (checkSz != flatSessionSz) {
  4142. XFREE(flatSession, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  4143. err_sys("flat session size check failure");
  4144. }
  4145. /* using heap based flat session, free original session */
  4146. wolfSSL_SESSION_free(session);
  4147. session = NULL;
  4148. }
  4149. }
  4150. #endif
  4151. ret = wolfSSL_shutdown(ssl);
  4152. if (wc_shutdown && ret == WOLFSSL_SHUTDOWN_NOT_DONE) {
  4153. while (tcp_select(wolfSSL_get_fd(ssl), DEFAULT_TIMEOUT_SEC) ==
  4154. TEST_RECV_READY) {
  4155. ret = wolfSSL_shutdown(ssl); /* bidirectional shutdown */
  4156. if (ret == WOLFSSL_SUCCESS) {
  4157. printf("Bidirectional shutdown complete\n");
  4158. break;
  4159. }
  4160. else if (ret != WOLFSSL_SHUTDOWN_NOT_DONE) {
  4161. LOG_ERROR("Bidirectional shutdown failed\n");
  4162. break;
  4163. }
  4164. }
  4165. if (ret != WOLFSSL_SUCCESS)
  4166. LOG_ERROR("Bidirectional shutdown failed\n");
  4167. }
  4168. #if defined(ATOMIC_USER) && !defined(WOLFSSL_AEAD_ONLY)
  4169. if (atomicUser)
  4170. FreeAtomicUser(ssl);
  4171. #endif
  4172. /* display collected statistics */
  4173. #if defined(WOLFSSL_STATIC_MEMORY) && !defined(WOLFSSL_STATIC_MEMORY_LEAN)
  4174. if (wolfSSL_is_static_memory(ssl, &ssl_stats) != 1)
  4175. err_sys("static memory was not used with ssl");
  4176. LOG_ERROR("\nprint off SSL memory stats\n");
  4177. LOG_ERROR("*** This is memory state before wolfSSL_free is called\n");
  4178. wolfSSL_PrintStatsConn(&ssl_stats);
  4179. #endif
  4180. wolfSSL_free(ssl); ssl = NULL;
  4181. CloseSocket(sockfd);
  4182. #ifndef NO_SESSION_CACHE
  4183. if (resumeSession) {
  4184. sslResume = wolfSSL_new(ctx);
  4185. if (sslResume == NULL) {
  4186. wolfSSL_CTX_free(ctx); ctx = NULL;
  4187. err_sys("unable to get SSL object");
  4188. }
  4189. #if !defined(NO_DH) && !defined(WOLFSSL_OLD_PRIME_CHECK) && \
  4190. !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
  4191. if (!doDhKeyCheck)
  4192. wolfSSL_SetEnableDhKeyTest(sslResume, 0);
  4193. #endif
  4194. #ifdef HAVE_PK_CALLBACKS
  4195. if (pkCallbacks) {
  4196. SetupPkCallbackContexts(sslResume, &pkCbInfo);
  4197. }
  4198. #endif
  4199. if (dtlsUDP) {
  4200. TEST_DELAY();
  4201. }
  4202. tcp_connect(&sockfd, host, port, dtlsUDP, dtlsSCTP, sslResume);
  4203. if (wolfSSL_set_fd(sslResume, sockfd) != WOLFSSL_SUCCESS) {
  4204. wolfSSL_free(sslResume); sslResume = NULL;
  4205. CloseSocket(sockfd);
  4206. wolfSSL_CTX_free(ctx); ctx = NULL;
  4207. err_sys("error in setting fd");
  4208. }
  4209. if (simulateWantWrite) {
  4210. if (dtlsUDP) {
  4211. wolfSSL_SetIOWriteCtx(ssl, (void*)&sockfd);
  4212. udp_connect(&sockfd, host, port);
  4213. }
  4214. }
  4215. #ifdef HAVE_ALPN
  4216. if (alpnList != NULL) {
  4217. printf("ALPN accepted protocols list : %s\n", alpnList);
  4218. wolfSSL_UseALPN(sslResume, alpnList, (word32)XSTRLEN(alpnList),
  4219. alpn_opt);
  4220. }
  4221. #endif
  4222. #ifdef HAVE_SECURE_RENEGOTIATION
  4223. if (scr) {
  4224. if (wolfSSL_UseSecureRenegotiation(sslResume) != WOLFSSL_SUCCESS) {
  4225. wolfSSL_free(sslResume); sslResume = NULL;
  4226. CloseSocket(sockfd);
  4227. wolfSSL_CTX_free(ctx); ctx = NULL;
  4228. err_sys("can't enable secure renegotiation");
  4229. }
  4230. }
  4231. #endif
  4232. #if !defined(NO_SESSION_CACHE) && (defined(OPENSSL_EXTRA) || \
  4233. defined(HAVE_EXT_CACHE))
  4234. if (flatSession) {
  4235. const byte* constFlatSession = flatSession;
  4236. session = wolfSSL_d2i_SSL_SESSION(NULL,
  4237. &constFlatSession, flatSessionSz);
  4238. }
  4239. #endif
  4240. wolfSSL_set_session(sslResume, session);
  4241. #if !defined(NO_SESSION_CACHE) && (defined(OPENSSL_EXTRA) || \
  4242. defined(HAVE_EXT_CACHE))
  4243. XFREE(flatSession, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  4244. #endif
  4245. wolfSSL_SESSION_free(session);
  4246. session = NULL;
  4247. #ifdef HAVE_SESSION_TICKET
  4248. wolfSSL_set_SessionTicket_cb(sslResume, sessionTicketCB,
  4249. (void*)"resumed session");
  4250. #endif
  4251. #ifndef WOLFSSL_CALLBACKS
  4252. if (nonBlocking) {
  4253. #ifdef WOLFSSL_DTLS
  4254. if (doDTLS) {
  4255. wolfSSL_dtls_set_using_nonblock(sslResume, 1);
  4256. }
  4257. #endif
  4258. tcp_set_nonblocking(&sockfd);
  4259. ret = NonBlockingSSL_Connect(sslResume);
  4260. }
  4261. else {
  4262. #ifdef WOLFSSL_EARLY_DATA
  4263. #ifndef HAVE_SESSION_TICKET
  4264. if (!usePsk) {
  4265. }
  4266. else
  4267. #endif
  4268. if (earlyData) {
  4269. EarlyData(ctx, sslResume, kEarlyMsg, sizeof(kEarlyMsg)-1, buffer);
  4270. }
  4271. #endif
  4272. do {
  4273. err = 0; /* reset error */
  4274. ret = wolfSSL_connect(sslResume);
  4275. if (ret != WOLFSSL_SUCCESS) {
  4276. err = wolfSSL_get_error(sslResume, 0);
  4277. #ifdef WOLFSSL_ASYNC_CRYPT
  4278. if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
  4279. ret = wolfSSL_AsyncPoll(sslResume,
  4280. WOLF_POLL_FLAG_CHECK_HW);
  4281. if (ret < 0) break;
  4282. }
  4283. #endif
  4284. }
  4285. } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
  4286. }
  4287. #else
  4288. timeoutConnect.tv_sec = DEFAULT_TIMEOUT_SEC;
  4289. timeoutConnect.tv_usec = 0;
  4290. ret = NonBlockingSSL_Connect(sslResume); /* will keep retrying on timeout */
  4291. #endif
  4292. if (ret != WOLFSSL_SUCCESS) {
  4293. LOG_ERROR("wolfSSL_connect resume error %d, %s\n", err,
  4294. wolfSSL_ERR_error_string((unsigned long)err, buffer));
  4295. wolfSSL_free(sslResume); sslResume = NULL;
  4296. CloseSocket(sockfd);
  4297. wolfSSL_CTX_free(ctx); ctx = NULL;
  4298. err_sys("wolfSSL_connect resume failed");
  4299. }
  4300. showPeerEx(sslResume, lng_index);
  4301. showPeerPEM(sslResume);
  4302. if (wolfSSL_session_reused(sslResume))
  4303. printf("reused session id\n");
  4304. else
  4305. LOG_ERROR("didn't reuse session id!!!\n");
  4306. #ifdef HAVE_ALPN
  4307. if (alpnList != NULL) {
  4308. char *protocol_name = NULL;
  4309. word16 protocol_nameSz = 0;
  4310. printf("Sending ALPN accepted list : %s\n", alpnList);
  4311. err = wolfSSL_ALPN_GetProtocol(sslResume, &protocol_name,
  4312. &protocol_nameSz);
  4313. if (err == WOLFSSL_SUCCESS)
  4314. printf("Received ALPN protocol : %s (%d)\n",
  4315. protocol_name, protocol_nameSz);
  4316. else if (err == WC_NO_ERR_TRACE(WOLFSSL_ALPN_NOT_FOUND))
  4317. printf("Not received ALPN response (no match with server)\n");
  4318. else
  4319. printf("Getting ALPN protocol name failed\n");
  4320. }
  4321. #endif
  4322. /* allow some time for exporting the session */
  4323. #ifdef WOLFSSL_SESSION_EXPORT_DEBUG
  4324. TEST_DELAY();
  4325. #endif /* WOLFSSL_SESSION_EXPORT_DEBUG */
  4326. #ifdef HAVE_SECURE_RENEGOTIATION
  4327. if (scr && forceScr) {
  4328. if (nonBlocking) {
  4329. printf("not doing secure renegotiation on example with"
  4330. " nonblocking yet\n");
  4331. } else {
  4332. if (!resumeScr) {
  4333. printf("Beginning secure renegotiation.\n");
  4334. if (wolfSSL_Rehandshake(sslResume) != WOLFSSL_SUCCESS) {
  4335. err = wolfSSL_get_error(sslResume, 0);
  4336. LOG_ERROR("err = %d, %s\n", err,
  4337. wolfSSL_ERR_error_string(err, buffer));
  4338. wolfSSL_free(sslResume); sslResume = NULL;
  4339. CloseSocket(sockfd);
  4340. wolfSSL_CTX_free(ctx); ctx = NULL;
  4341. err_sys("wolfSSL_Rehandshake failed");
  4342. }
  4343. else {
  4344. printf("RENEGOTIATION SUCCESSFUL\n");
  4345. }
  4346. }
  4347. else {
  4348. printf("Beginning secure resumption.\n");
  4349. if (wolfSSL_SecureResume(sslResume) != WOLFSSL_SUCCESS) {
  4350. err = wolfSSL_get_error(sslResume, 0);
  4351. LOG_ERROR("err = %d, %s\n", err,
  4352. wolfSSL_ERR_error_string(err, buffer));
  4353. wolfSSL_free(sslResume); sslResume = NULL;
  4354. CloseSocket(sockfd);
  4355. wolfSSL_CTX_free(ctx); ctx = NULL;
  4356. err_sys("wolfSSL_SecureResume failed");
  4357. }
  4358. else {
  4359. printf("SECURE RESUMPTION SUCCESSFUL\n");
  4360. }
  4361. }
  4362. }
  4363. }
  4364. #endif /* HAVE_SECURE_RENEGOTIATION */
  4365. XMEMSET(msg, 0, sizeof(msg));
  4366. if (sendGET) {
  4367. msgSz = (int)XSTRLEN(kHttpGetMsg);
  4368. XMEMCPY(msg, kHttpGetMsg, (size_t)msgSz);
  4369. }
  4370. else {
  4371. msgSz = (int)XSTRLEN(kResumeMsg);
  4372. XMEMCPY(msg, kResumeMsg, (size_t)msgSz);
  4373. }
  4374. (void)ClientWriteRead(sslResume, msg, msgSz, reply, sizeof(reply)-1,
  4375. sendGET, " resume", 0);
  4376. ret = wolfSSL_shutdown(sslResume);
  4377. if (wc_shutdown && ret == WOLFSSL_SHUTDOWN_NOT_DONE)
  4378. wolfSSL_shutdown(sslResume); /* bidirectional shutdown */
  4379. /* display collected statistics */
  4380. #if defined(WOLFSSL_STATIC_MEMORY) && !defined(WOLFSSL_STATIC_MEMORY_LEAN)
  4381. if (wolfSSL_is_static_memory(sslResume, &ssl_stats) != 1)
  4382. err_sys("static memory was not used with ssl");
  4383. LOG_ERROR("\nprint off SSLresume memory stats\n");
  4384. LOG_ERROR("*** This is memory state before wolfSSL_free is called\n");
  4385. wolfSSL_PrintStatsConn(&ssl_stats);
  4386. #endif
  4387. wolfSSL_free(sslResume); sslResume = NULL;
  4388. CloseSocket(sockfd);
  4389. }
  4390. #endif /* !NO_SESSION_CACHE */
  4391. wolfSSL_CTX_free(ctx); ctx = NULL;
  4392. ((func_args*)args)->return_code = 0;
  4393. exit:
  4394. #ifdef WOLFSSL_WOLFSENTRY_HOOKS
  4395. wolfsentry_ret =
  4396. wolfsentry_shutdown(WOLFSENTRY_CONTEXT_ARGS_OUT_EX4(&wolfsentry, NULL));
  4397. if (wolfsentry_ret < 0) {
  4398. LOG_ERROR(
  4399. "wolfsentry_shutdown() returned " WOLFSENTRY_ERROR_FMT "\n",
  4400. WOLFSENTRY_ERROR_FMT_ARGS(wolfsentry_ret));
  4401. }
  4402. #endif
  4403. #ifdef WOLFSSL_ASYNC_CRYPT
  4404. wolfAsync_DevClose(&devId);
  4405. #endif
  4406. #if defined(HAVE_ECC) && defined(FP_ECC) && defined(HAVE_THREAD_LS) \
  4407. && defined(HAVE_STACK_SIZE)
  4408. wc_ecc_fp_free(); /* free per thread cache */
  4409. #endif
  4410. /* There are use cases when these assignments are not read. To avoid
  4411. * potential confusion those warnings have been handled here.
  4412. */
  4413. (void) useClientCert;
  4414. (void) verifyCert;
  4415. (void) ourCert;
  4416. (void) ourKey;
  4417. (void) useVerifyCb;
  4418. (void) customVerifyCert;
  4419. WOLFSSL_RETURN_FROM_THREAD(0);
  4420. }
  4421. #endif /* !NO_WOLFSSL_CLIENT && !NO_TLS */
  4422. /* so overall tests can pull in test function */
  4423. #ifndef NO_MAIN_DRIVER
  4424. int main(int argc, char** argv)
  4425. {
  4426. func_args args;
  4427. StartTCP();
  4428. #if defined(WOLFSSL_SRTP) && defined(WOLFSSL_COND)
  4429. args.srtp_helper = NULL;
  4430. #endif
  4431. args.argc = argc;
  4432. args.argv = argv;
  4433. args.return_code = 0;
  4434. #if defined(DEBUG_WOLFSSL) && !defined(WOLFSSL_MDK_SHELL) && !defined(STACK_TRAP)
  4435. wolfSSL_Debugging_ON();
  4436. #endif
  4437. wolfSSL_Init();
  4438. ChangeToWolfRoot();
  4439. #if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_TLS)
  4440. #ifdef HAVE_STACK_SIZE
  4441. StackSizeCheck(&args, client_test);
  4442. #else
  4443. client_test(&args);
  4444. #endif
  4445. #else
  4446. fprintf(stderr, "Client not compiled in!\n");
  4447. #endif
  4448. wolfSSL_Cleanup();
  4449. #ifdef HAVE_WNR
  4450. if (wc_FreeNetRandom() < 0)
  4451. err_sys("Failed to free netRandom context");
  4452. #endif /* HAVE_WNR */
  4453. return args.return_code;
  4454. }
  4455. int myoptind = 0;
  4456. char* myoptarg = NULL;
  4457. #endif /* NO_MAIN_DRIVER */