From 771912bf4f952fd6de662fa633e48d48f6ffb228 Mon Sep 17 00:00:00 2001 From: toddouska Date: Thu, 3 Nov 2011 10:56:15 -0700 Subject: [PATCH] move client example and echoserver example to CyaSSL API only, echoclient and server are still OpenSSL compatibility --- cyassl/test.h | 37 ++++++----- examples/client/client.c | 106 +++++++++++++++---------------- examples/echoserver/echoserver.c | 58 ++++++++--------- 3 files changed, 102 insertions(+), 99 deletions(-) diff --git a/cyassl/test.h b/cyassl/test.h index cf9aa6ab7..5cabc725f 100644 --- a/cyassl/test.h +++ b/cyassl/test.h @@ -157,15 +157,17 @@ static int PasswordCallBack(char* passwd, int sz, int rw, void* userdata) #endif -static INLINE void showPeer(SSL* ssl) +static INLINE void showPeer(CYASSL* ssl) { #ifdef OPENSSL_EXTRA - SSL_CIPHER* cipher; - X509* peer = SSL_get_peer_certificate(ssl); + CYASSL_CIPHER* cipher; + CYASSL_X509* peer = CyaSSL_get_peer_certificate(ssl); if (peer) { - char* issuer = X509_NAME_oneline(X509_get_issuer_name(peer), 0, 0); - char* subject = X509_NAME_oneline(X509_get_subject_name(peer), 0, 0); + char* issuer = CyaSSL_X509_NAME_oneline( + CyaSSL_X509_get_issuer_name(peer), 0, 0); + char* subject = CyaSSL_X509_NAME_oneline( + CyaSSL_X509_get_subject_name(peer), 0, 0); byte serial[32]; int ret; int sz = sizeof(serial); @@ -191,10 +193,10 @@ static INLINE void showPeer(SSL* ssl) } else printf("peer has no cert!\n"); - printf("SSL version is %s\n", SSL_get_version(ssl)); + printf("SSL version is %s\n", CyaSSL_get_version(ssl)); - cipher = SSL_get_current_cipher(ssl); - printf("SSL cipher suite is %s\n", SSL_CIPHER_get_name(cipher)); + cipher = CyaSSL_get_current_cipher(ssl); + printf("SSL cipher suite is %s\n", CyaSSL_CIPHER_get_name(cipher)); #endif #if defined(SESSION_CERTS) && defined(SHOW_CERTS) @@ -420,7 +422,7 @@ static INLINE void tcp_set_nonblocking(SOCKET_T* sockfd) #ifndef NO_PSK -static INLINE unsigned int my_psk_client_cb(SSL* ssl, const char* hint, +static INLINE unsigned int my_psk_client_cb(CYASSL* ssl, const char* hint, char* identity, unsigned int id_max_len, unsigned char* key, unsigned int key_max_len) { @@ -439,7 +441,7 @@ static INLINE unsigned int my_psk_client_cb(SSL* ssl, const char* hint, } -static INLINE unsigned int my_psk_server_cb(SSL* ssl, const char* identity, +static INLINE unsigned int my_psk_server_cb(CYASSL* ssl, const char* identity, unsigned char* key, unsigned int key_max_len) { /* identity is OpenSSL testing default for openssl s_client, keep same */ @@ -545,13 +547,14 @@ static int myVerify(int preverify, X509_STORE_CTX* store) char buffer[80]; printf("In verification callback, error = %d, %s\n", store->error, - ERR_error_string(store->error, buffer)); + CyaSSL_ERR_error_string(store->error, buffer)); #ifdef OPENSSL_EXTRA - X509* peer = store->current_cert; + CYASSL_X509* peer = store->current_cert; if (peer) { - char* issuer = X509_NAME_oneline(X509_get_issuer_name(peer), 0, 0); - char* subject = X509_NAME_oneline(X509_get_subject_name(peer), 0, 0); - + char* issuer = CYASS_X509_NAME_oneline( + CYASSL_X509_get_issuer_name(peer), 0, 0); + char* subject = CYASSL_X509_NAME_oneline( + CYASSL_X509_get_subject_name(peer), 0, 0); printf("peer's cert info:\n issuer : %s\n subject: %s\n", issuer, subject); XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL); @@ -568,7 +571,7 @@ static int myVerify(int preverify, X509_STORE_CTX* store) #endif /* VERIFY_CALLBACK */ -static INLINE void SetDH(SSL* ssl) +static INLINE void SetDH(CYASSL* ssl) { /* dh1024 p */ static unsigned char p[] = @@ -595,7 +598,7 @@ static INLINE void SetDH(SSL* ssl) CyaSSL_SetTmpDH(ssl, p, sizeof(p), g, sizeof(g)); } -static INLINE void SetDHCtx(SSL_CTX* ctx) +static INLINE void SetDHCtx(CYASSL_CTX* ctx) { /* dh1024 p */ static unsigned char p[] = diff --git a/examples/client/client.c b/examples/client/client.c index ae108ebe8..d80195d12 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -23,7 +23,7 @@ #include #endif -#include +#include #include /* @@ -38,14 +38,14 @@ #endif #if defined(NON_BLOCKING) || defined(CYASSL_CALLBACKS) - void NonBlockingSSL_Connect(SSL* ssl) + void NonBlockingSSL_Connect(CyaSSL* ssl) { #ifndef CYASSL_CALLBACKS - int ret = SSL_connect(ssl); + int ret = CyaSSL_connect(ssl); #else int ret = CyaSSL_connect_ex(ssl, handShakeCB, timeoutCB, timeout); #endif - int error = SSL_get_error(ssl, 0); + int error = CyaSSL_get_error(ssl, 0); while (ret != SSL_SUCCESS && (error == SSL_ERROR_WANT_READ || error == SSL_ERROR_WANT_WRITE)) { if (error == SSL_ERROR_WANT_READ) @@ -58,11 +58,11 @@ sleep(1); #endif #ifndef CYASSL_CALLBACKS - ret = SSL_connect(ssl); + ret = CyaSSL_connect(ssl); #else ret = CyaSSL_connect_ex(ssl, handShakeCB, timeoutCB, timeout); #endif - error = SSL_get_error(ssl, 0); + error = CyaSSL_get_error(ssl, 0); } if (ret != SSL_SUCCESS) err_sys("SSL_connect failed"); @@ -74,13 +74,13 @@ void client_test(void* args) { SOCKET_T sockfd = 0; - SSL_METHOD* method = 0; - SSL_CTX* ctx = 0; - SSL* ssl = 0; + CYASSL_METHOD* method = 0; + CYASSL_CTX* ctx = 0; + CYASSL* ssl = 0; #ifdef TEST_RESUME - SSL* sslResume = 0; - SSL_SESSION* session = 0; + CYASSL* sslResume = 0; + CYASSL_SESSION* session = 0; char resumeMsg[] = "resuming cyassl!"; int resumeSz = sizeof(resumeMsg); #endif @@ -96,32 +96,32 @@ void client_test(void* args) ((func_args*)args)->return_code = -1; /* error state */ #if defined(CYASSL_DTLS) - method = DTLSv1_client_method(); + method = CyaDTLSv1_client_method(); #elif !defined(NO_TLS) - method = SSLv23_client_method(); + method = CyaSSLv23_client_method(); #else - method = SSLv3_client_method(); + method = CyaSSLv3_client_method(); #endif - ctx = SSL_CTX_new(method); + ctx = CyaSSL_CTX_new(method); #ifndef NO_PSK - SSL_CTX_set_psk_client_callback(ctx, my_psk_client_cb); + CyaSSL_CTX_set_psk_client_callback(ctx, my_psk_client_cb); #endif #ifdef OPENSSL_EXTRA - SSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); + CyaSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); #endif #if defined(CYASSL_SNIFFER) && !defined(HAVE_NTRU) && !defined(HAVE_ECC) /* don't use EDH, can't sniff tmp keys */ - SSL_CTX_set_cipher_list(ctx, "AES256-SHA"); + CyaSSL_CTX_set_cipher_list(ctx, "AES256-SHA"); #endif #ifndef NO_FILESYSTEM - if (SSL_CTX_load_verify_locations(ctx, caCert, 0) != SSL_SUCCESS) + if (CyaSSL_CTX_load_verify_locations(ctx, caCert, 0) != SSL_SUCCESS) err_sys("can't load ca file, Please run from CyaSSL home dir"); #ifdef HAVE_ECC - if (SSL_CTX_load_verify_locations(ctx, eccCert, 0) != SSL_SUCCESS) + if (CyaSSL_CTX_load_verify_locations(ctx, eccCert, 0) != SSL_SUCCESS) err_sys("can't load ca file, Please run from CyaSSL home dir"); #endif #else @@ -129,12 +129,12 @@ void client_test(void* args) #endif #ifdef VERIFY_CALLBACK - SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myVerify); + CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myVerify); #endif if (argc == 3) { /* ./client server securePort */ - SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); /* TODO: add ca cert */ + CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); /* TODO: add ca cert */ /* this is just to allow easy testing of other servers */ tcp_connect(&sockfd, argv[1], (short)atoi(argv[2])); } @@ -142,12 +142,12 @@ void client_test(void* args) /* ./client // plain mode */ /* for client cert authentication if server requests */ #ifndef NO_FILESYSTEM - if (SSL_CTX_use_certificate_file(ctx, cliCert, SSL_FILETYPE_PEM) + if (CyaSSL_CTX_use_certificate_file(ctx, cliCert, SSL_FILETYPE_PEM) != SSL_SUCCESS) err_sys("can't load client cert file, " "Please run from CyaSSL home dir"); - if (SSL_CTX_use_PrivateKey_file(ctx, cliKey, SSL_FILETYPE_PEM) + if (CyaSSL_CTX_use_PrivateKey_file(ctx, cliKey, SSL_FILETYPE_PEM) != SSL_SUCCESS) err_sys("can't load client key file, " "Please run from CyaSSL home dir"); @@ -167,13 +167,13 @@ void client_test(void* args) for (i = 0; i < times; i++) { tcp_connect(&sockfd, yasslIP, yasslPort); - ssl = SSL_new(ctx); - SSL_set_fd(ssl, sockfd); - if (SSL_connect(ssl) != SSL_SUCCESS) + ssl = CyaSSL_new(ctx); + CyaSSL_set_fd(ssl, sockfd); + if (CyaSSL_connect(ssl) != SSL_SUCCESS) err_sys("SSL_connect failed"); - SSL_shutdown(ssl); - SSL_free(ssl); + CyaSSL_shutdown(ssl); + CyaSSL_free(ssl); CloseSocket(sockfd); } avg = current_time() - start; @@ -181,15 +181,15 @@ void client_test(void* args) avg *= 1000; /* milliseconds */ printf("SSL_connect avg took:%6.3f milliseconds\n", avg); - SSL_CTX_free(ctx); + CyaSSL_CTX_free(ctx); ((func_args*)args)->return_code = 0; return; } else err_sys("usage: ./client server securePort"); - ssl = SSL_new(ctx); - SSL_set_fd(ssl, sockfd); + ssl = CyaSSL_new(ctx); + CyaSSL_set_fd(ssl, sockfd); if (argc != 3) CyaSSL_check_domain_name(ssl, "www.yassl.com"); #ifdef NON_BLOCKING @@ -197,10 +197,10 @@ void client_test(void* args) NonBlockingSSL_Connect(ssl); #else #ifndef CYASSL_CALLBACKS - if (SSL_connect(ssl) != SSL_SUCCESS) { /* see note at top of README */ - int err = SSL_get_error(ssl, 0); + if (CyaSSL_connect(ssl) != SSL_SUCCESS) {/* see note at top of README */ + int err = CyaSSL_get_error(ssl, 0); char buffer[80]; - printf("err = %d, %s\n", err, ERR_error_string(err, buffer)); + printf("err = %d, %s\n", err, CyaSSL_ERR_error_string(err, buffer)); err_sys("SSL_connect failed");/* if you're getting an error here */ } #else @@ -216,17 +216,17 @@ void client_test(void* args) msgSz = 28; strncpy(msg, "GET /index.html HTTP/1.0\r\n\r\n", msgSz); } - if (SSL_write(ssl, msg, msgSz) != msgSz) + if (CyaSSL_write(ssl, msg, msgSz) != msgSz) err_sys("SSL_write failed"); - input = SSL_read(ssl, reply, sizeof(reply)); + input = CyaSSL_read(ssl, reply, sizeof(reply)); if (input > 0) { reply[input] = 0; printf("Server response: %s\n", reply); if (argc == 3) { /* get html */ while (1) { - input = SSL_read(ssl, reply, sizeof(reply)); + input = CyaSSL_read(ssl, reply, sizeof(reply)); if (input > 0) { reply[input] = 0; printf("%s\n", reply); @@ -242,14 +242,14 @@ void client_test(void* args) strncpy(msg, "break", 6); msgSz = (int)strlen(msg); /* try to send session close */ - SSL_write(ssl, msg, msgSz); + CyaSSL_write(ssl, msg, msgSz); #endif - session = SSL_get_session(ssl); - sslResume = SSL_new(ctx); + session = CyaSSL_get_session(ssl); + sslResume = CyaSSL_new(ctx); #endif - SSL_shutdown(ssl); - SSL_free(ssl); + CyaSSL_shutdown(ssl); + CyaSSL_free(ssl); CloseSocket(sockfd); #ifdef TEST_RESUME @@ -264,36 +264,36 @@ void client_test(void* args) tcp_connect(&sockfd, argv[1], (short)atoi(argv[2])); else tcp_connect(&sockfd, yasslIP, yasslPort); - SSL_set_fd(sslResume, sockfd); - SSL_set_session(sslResume, session); + CyaSSL_set_fd(sslResume, sockfd); + CyaSSL_set_session(sslResume, session); showPeer(sslResume); - if (SSL_connect(sslResume) != SSL_SUCCESS) err_sys("SSL resume failed"); + if (CyaSSL_connect(sslResume) != SSL_SUCCESS) err_sys("SSL resume failed"); #ifdef OPENSSL_EXTRA - if (SSL_session_reused(sslResume)) + if (CyaSSL_session_reused(sslResume)) printf("reused session id\n"); else printf("didn't reuse session id!!!\n"); #endif - if (SSL_write(sslResume, resumeMsg, resumeSz) != resumeSz) + if (CyaSSL_write(sslResume, resumeMsg, resumeSz) != resumeSz) err_sys("SSL_write failed"); - input = SSL_read(sslResume, reply, sizeof(reply)); + input = CyaSSL_read(sslResume, reply, sizeof(reply)); if (input > 0) { reply[input] = 0; printf("Server resume response: %s\n", reply); } /* try to send session break */ - SSL_write(sslResume, msg, msgSz); + CyaSSL_write(sslResume, msg, msgSz); - SSL_shutdown(sslResume); - SSL_free(sslResume); + CyaSSL_shutdown(sslResume); + CyaSSL_free(sslResume); #endif /* TEST_RESUME */ - SSL_CTX_free(ctx); + CyaSSL_CTX_free(ctx); CloseSocket(sockfd); ((func_args*)args)->return_code = 0; diff --git a/examples/echoserver/echoserver.c b/examples/echoserver/echoserver.c index e9c540d34..11f4ccd81 100644 --- a/examples/echoserver/echoserver.c +++ b/examples/echoserver/echoserver.c @@ -23,7 +23,7 @@ #include #endif -#include +#include #include #ifndef NO_MAIN_DRIVER @@ -52,9 +52,9 @@ static void SignalReady(void* args) THREAD_RETURN CYASSL_THREAD echoserver_test(void* args) { - SOCKET_T sockfd = 0; - SSL_METHOD* method = 0; - SSL_CTX* ctx = 0; + SOCKET_T sockfd = 0; + CYASSL_METHOD* method = 0; + CYASSL_CTX* ctx = 0; int outCreated = 0; int shutdown = 0; @@ -75,23 +75,23 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args) tcp_listen(&sockfd); #if defined(CYASSL_DTLS) - method = DTLSv1_server_method(); + method = CyaDTLSv1_server_method(); #elif !defined(NO_TLS) - method = SSLv23_server_method(); + method = CyaSSLv23_server_method(); #else - method = SSLv3_server_method(); + method = CyaSSLv3_server_method(); #endif - ctx = SSL_CTX_new(method); - /* SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF); */ + ctx = CyaSSL_CTX_new(method); + /* CyaSSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF); */ #ifdef OPENSSL_EXTRA - SSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); + CyaSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); #endif #ifndef NO_FILESYSTEM #ifdef HAVE_NTRU /* ntru */ - if (SSL_CTX_use_certificate_file(ctx, ntruCert, SSL_FILETYPE_PEM) + if (CyaSSL_CTX_use_certificate_file(ctx, ntruCert, SSL_FILETYPE_PEM) != SSL_SUCCESS) err_sys("can't load ntru cert file, " "Please run from CyaSSL home dir"); @@ -102,23 +102,23 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args) "Please run from CyaSSL home dir"); #elif HAVE_ECC /* ecc */ - if (SSL_CTX_use_certificate_file(ctx, eccCert, SSL_FILETYPE_PEM) + if (CyaSSL_CTX_use_certificate_file(ctx, eccCert, SSL_FILETYPE_PEM) != SSL_SUCCESS) err_sys("can't load server cert file, " "Please run from CyaSSL home dir"); - if (SSL_CTX_use_PrivateKey_file(ctx, eccKey, SSL_FILETYPE_PEM) + if (CyaSSL_CTX_use_PrivateKey_file(ctx, eccKey, SSL_FILETYPE_PEM) != SSL_SUCCESS) err_sys("can't load server key file, " "Please run from CyaSSL home dir"); #else /* normal */ - if (SSL_CTX_use_certificate_file(ctx, svrCert, SSL_FILETYPE_PEM) + if (CyaSSL_CTX_use_certificate_file(ctx, svrCert, SSL_FILETYPE_PEM) != SSL_SUCCESS) err_sys("can't load server cert file, " "Please run from CyaSSL home dir"); - if (SSL_CTX_use_PrivateKey_file(ctx, svrKey, SSL_FILETYPE_PEM) + if (CyaSSL_CTX_use_PrivateKey_file(ctx, svrKey, SSL_FILETYPE_PEM) != SSL_SUCCESS) err_sys("can't load server key file, " "Please run from CyaSSL home dir"); @@ -131,10 +131,10 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args) SignalReady(args); while (!shutdown) { - SSL* ssl = 0; - char command[1024]; - int echoSz = 0; - int clientfd; + CYASSL* ssl = 0; + char command[1024]; + int echoSz = 0; + int clientfd; #ifndef CYASSL_DTLS SOCKADDR_IN_T client; @@ -146,17 +146,17 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args) #endif if (clientfd == -1) err_sys("tcp accept failed"); - ssl = SSL_new(ctx); + ssl = CyaSSL_new(ctx); if (ssl == NULL) err_sys("SSL_new failed"); - SSL_set_fd(ssl, clientfd); + CyaSSL_set_fd(ssl, clientfd); #if !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) CyaSSL_SetTmpDH_file(ssl, dhParam, SSL_FILETYPE_PEM); #else SetDH(ssl); /* will repick suites with DHE, higher than PSK */ #endif - if (SSL_accept(ssl) != SSL_SUCCESS) { + if (CyaSSL_accept(ssl) != SSL_SUCCESS) { printf("SSL_accept failed\n"); - SSL_free(ssl); + CyaSSL_free(ssl); CloseSocket(clientfd); continue; } @@ -164,7 +164,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args) showPeer(ssl); #endif - while ( (echoSz = SSL_read(ssl, command, sizeof(command))) > 0) { + while ( (echoSz = CyaSSL_read(ssl, command, sizeof(command))) > 0) { if ( strncmp(command, "quit", 4) == 0) { printf("client sent quit command: shutting down!\n"); @@ -198,7 +198,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args) strncpy(&command[echoSz], footer, sizeof(footer)); echoSz += sizeof(footer); - if (SSL_write(ssl, command, echoSz) != echoSz) + if (CyaSSL_write(ssl, command, echoSz) != echoSz) err_sys("SSL_write failed"); break; } @@ -208,13 +208,13 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args) fputs(command, fout); #endif - if (SSL_write(ssl, command, echoSz) != echoSz) + if (CyaSSL_write(ssl, command, echoSz) != echoSz) err_sys("SSL_write failed"); } #ifndef CYASSL_DTLS - SSL_shutdown(ssl); + CyaSSL_shutdown(ssl); #endif - SSL_free(ssl); + CyaSSL_free(ssl); CloseSocket(clientfd); #ifdef CYASSL_DTLS tcp_listen(&sockfd); @@ -223,7 +223,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args) } CloseSocket(sockfd); - SSL_CTX_free(ctx); + CyaSSL_CTX_free(ctx); #ifdef ECHO_OUT if (outCreated)