Merge branch 'master' of https://github.com/wolfssl/wolfssl

IDE/ROWLEY-CROSSWORKS-ARM/README.md

@@ -31,8 +31,8 @@ To enable Freescale MMCAU:
 
 1. [Download the MMCAU library](http://www.freescale.com/products/arm-processors/kinetis-cortex-m/k-series/k7x-glcd-mcus/crypto-acceleration-unit-cau-and-mmcau-software-library:CAUAP).
 2. Copy the `lib_mmcau.a` and `cau_api.h` files into the project.
-3. Add `-L $(ProjectDir) -l lib_mmcau.a` to project "Additional Linker Options" OR goto "Build Configuration" and check "MMCAU".
+3. Enable the `FREESCALE_MMCAU` define in `user_settings.h` and make sure its value is `1`.
-4. Enable the "FREESCALE_MMCAU" define in "user_settings.h" and make sure its value is 1.
+4. Add the `lib_mmcau.a` file to `Source Files` in the application project.
 
 # Project Files
 

IDE/ROWLEY-CROSSWORKS-ARM/benchmark_main.c

@@ -66,4 +66,19 @@ RSA 1024 decryption took 573.000 milliseconds, avg over 1 iterations
 DH  1024 key generation  253.000 milliseconds, avg over 1 iterations
 DH  1024 key agreement   311.000 milliseconds, avg over 1 iterations
 Benchmark Test 1: Return code 0
+
+SAMPLE OUTPUT: Freescale K64 running at 96MHz with MMCAU enabled:
+Benchmark Test 1:
+AES      25 kB took 0.019 seconds,    1.285 MB/s
+ARC4     25 kB took 0.033 seconds,    0.740 MB/s
+RABBIT   25 kB took 0.028 seconds,    0.872 MB/s
+3DES     25 kB took 0.026 seconds,    0.939 MB/s
+MD5      25 kB took 0.005 seconds,    4.883 MB/s
+SHA      25 kB took 0.008 seconds,    3.052 MB/s
+SHA-256  25 kB took 0.013 seconds,    1.878 MB/s
+RSA 1024 encryption took 89.000 milliseconds, avg over 1 iterations
+RSA 1024 decryption took 573.000 milliseconds, avg over 1 iterations
+DH  1024 key generation  250.000 milliseconds, avg over 1 iterations
+DH  1024 key agreement   308.000 milliseconds, avg over 1 iterations
+Benchmark Test 1: Return code 0
 */

IDE/ROWLEY-CROSSWORKS-ARM/wolfssl.hzp

@@ -306,10 +306,6 @@
     Name="ARM_Release"
     batch_build_configurations="V7EM THUMB * Release"
     inherited_configurations="ARM;V7EM;Release;Kineits;Flash;THUMB" />
-  <configuration
-    Name="MMCAU"
-    hidden="Yes"
-    linker_additional_options="-L $(ProjectDir) -l lib_mmcau.a" />
   <configuration
     Name="Common"
     build_intermediate_directory="$(ProjectName)_$(Configuration)"

Makefile.am

@@ -72,10 +72,7 @@ include support/include.am
 include wolfcrypt/benchmark/include.am
 include wolfcrypt/src/include.am
 include wolfcrypt/test/include.am
-include examples/client/include.am
+include examples/include.am
-include examples/server/include.am
-include examples/echoclient/include.am
-include examples/echoserver/include.am
 include testsuite/include.am
 include tests/include.am
 include sslSniffer/sslSnifferTest/include.am

configure.ac

@@ -1830,6 +1830,81 @@ then
 fi
 
 
+# wolfSSL JNI
+AC_ARG_ENABLE([jni],
+    [  --enable-jni            Enable wolfSSL JNI (default: disabled)],
+    [ ENABLED_JNI=$enableval ],
+    [ ENABLED_JNI=no ]
+    )
+if test "$ENABLED_JNI" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_JNI"
+
+    # Enable prereqs if not already enabled
+    if test "x$ENABLED_DTLS" = "xno"
+    then
+        ENABLED_DTLS="yes"
+        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DTLS"
+    fi
+    if test "x$ENABLED_OPENSSLEXTRA" = "xno"
+    then
+        ENABLED_OPENSSLEXTRA="yes"
+        AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA"
+    fi
+    if test "x$ENABLED_CRL" = "xno"
+    then
+        ENABLED_CRL="yes"
+        AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL"
+        AM_CONDITIONAL([BUILD_CRL], [test "x$ENABLED_CRL" = "xyes"])
+    fi
+    if test "x$ENABLED_OCSP" = "xno"
+    then
+        ENABLED_OCSP="yes"
+        AM_CFLAGS="$AM_CFLAGS -DHAVE_OCSP"
+        AM_CONDITIONAL([BUILD_OCSP], [test "x$ENABLED_OCSP" = "xyes"])
+    fi
+    if test "x$ENABLED_CRL_MONITOR" = "xno"
+    then
+        ENABLED_CRL_MONITOR="yes"
+        AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL_MONITOR"
+    fi
+    if test "x$ENABLED_SAVESESSION" = "xno"
+    then
+        ENABLED_SAVESESSION="yes"
+        AM_CFLAGS="$AM_CFLAGS -DPERSIST_SESSION_CACHE"
+    fi
+    if test "x$ENABLED_SAVECERT" = "xno"
+    then
+        ENABLED_SAVECERT="yes"
+        AM_CFLAGS="$AM_CFLAGS -DPERSIST_CERT_CACHE"
+    fi
+    if test "x$ENABLED_ATOMICUSER" = "xno"
+    then
+        ENABLED_ATOMICUSER="yes"
+        AM_CFLAGS="$AM_CFLAGS -DATOMIC_USER"
+    fi
+    if test "x$ENABLED_ECC" = "xno"
+    then
+        ENABLED_ECC="yes"
+        AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC"
+    fi
+    if test "x$ENABLED_PKCALLBACKS" = "xno"
+    then
+        ENABLED_PKCALLBACKS="yes"
+        AM_CFLAGS="$AM_CFLAGS -DHAVE_PK_CALLBACKS"
+    fi
+    if test "x$ENABLED_DH" = "xno"
+    then
+        ENABLED_DH="yes"
+        AM_CFLAGS="$AM_CFLAGS -DHAVE_DH"
+    fi
+    if test "x$ENABLED_PSK" = "xno"
+    then
+        ENABLED_PSK="yes"
+    fi
+fi
+
+
 # lighty Support
 AC_ARG_ENABLE([lighty],
     [  --enable-lighty         Enable lighttpd/lighty (default: disabled)],
@@ -2156,75 +2231,6 @@ fi
 AM_CONDITIONAL([BUILD_MCAPI], [test "x$ENABLED_MCAPI" = "xyes"])
 
 
-# wolfSSL JNI
-AC_ARG_ENABLE([jni],
-    [  --enable-jni            Enable wolfSSL JNI (default: disabled)],
-    [ ENABLED_JNI=$enableval ],
-    [ ENABLED_JNI=no ]
-    )
-if test "$ENABLED_JNI" = "yes"
-then
-    # Enable prereqs if not already enabled
-    if test "x$ENABLED_DTLS" = "xno"
-    then
-        ENABLED_DTLS="yes"
-        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DTLS"
-    fi
-    if test "x$ENABLED_OPENSSLEXTRA" = "xno"
-    then
-        ENABLED_OPENSSLEXTRA="yes"
-        AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA"
-    fi
-    if test "x$ENABLED_CRL" = "xno"
-    then
-        ENABLED_CRL="yes"
-        AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL"
-        AM_CONDITIONAL([BUILD_CRL], [test "x$ENABLED_CRL" = "xyes"])
-    fi
-    if test "x$ENABLED_OCSP" = "xno"
-    then
-        ENABLED_OCSP="yes"
-        AM_CFLAGS="$AM_CFLAGS -DHAVE_OCSP"
-        AM_CONDITIONAL([BUILD_OCSP], [test "x$ENABLED_OCSP" = "xyes"])
-    fi
-    if test "x$ENABLED_CRL_MONITOR" = "xno"
-    then
-        ENABLED_CRL_MONITOR="yes"
-        AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL_MONITOR"
-    fi
-    if test "x$ENABLED_SAVESESSION" = "xno"
-    then
-        ENABLED_SAVESESSION="yes"
-        AM_CFLAGS="$AM_CFLAGS -DPERSIST_SESSION_CACHE"
-    fi
-    if test "x$ENABLED_SAVECERT" = "xno"
-    then
-        ENABLED_SAVECERT="yes"
-        AM_CFLAGS="$AM_CFLAGS -DPERSIST_CERT_CACHE"
-    fi
-    if test "x$ENABLED_ATOMICUSER" = "xno"
-    then
-        ENABLED_ATOMICUSER="yes"
-        AM_CFLAGS="$AM_CFLAGS -DATOMIC_USER"
-    fi
-    if test "x$ENABLED_ECC" = "xno"
-    then
-        ENABLED_ECC="yes"
-        AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC"
-    fi
-    if test "x$ENABLED_PKCALLBACKS" = "xno"
-    then
-        ENABLED_PKCALLBACKS="yes"
-        AM_CFLAGS="$AM_CFLAGS -DHAVE_PK_CALLBACKS"
-    fi
-    if test "x$ENABLED_DH" = "xno"
-    then
-        ENABLED_DH="yes"
-        AM_CFLAGS="$AM_CFLAGS -DHAVE_DH"
-    fi
-fi
-
-
 # Check for build-type conflicts
 AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes" && \
        test "x$ENABLED_LEANPSK" = "xyes"],

examples/client/client.c

@@ -127,6 +127,165 @@ static void ShowCiphers(void)
         printf("%s\n", ciphers);
 }
 
+int ClientBenchmarkConnections(WOLFSSL_CTX* ctx, char* host, word16 port,
+    int doDTLS, int benchmark, int resumeSession)
+{
+    /* time passed in number of connects give average */
+    int times = benchmark;
+    int loops = resumeSession ? 2 : 1;
+    int i = 0;
+    WOLFSSL_SESSION* benchSession = NULL;
+
+    while (loops--) {
+        int benchResume = resumeSession && loops == 0;
+        double start = current_time(), avg;
+
+        for (i = 0; i < times; i++) {
+            SOCKET_T sockfd;
+            WOLFSSL* ssl = wolfSSL_new(ctx);
+
+            tcp_connect(&sockfd, host, port, doDTLS, ssl);
+
+            if (benchResume)
+                wolfSSL_set_session(ssl, benchSession);
+            wolfSSL_set_fd(ssl, sockfd);
+            if (wolfSSL_connect(ssl) != SSL_SUCCESS)
+                err_sys("SSL_connect failed");
+
+            wolfSSL_shutdown(ssl);
+            if (i == (times-1) && resumeSession) {
+                benchSession = wolfSSL_get_session(ssl);
+            }
+            wolfSSL_free(ssl);
+            CloseSocket(sockfd);
+        }
+        avg = current_time() - start;
+        avg /= times;
+        avg *= 1000;   /* milliseconds */
+        if (benchResume)
+            printf("wolfSSL_resume  avg took: %8.3f milliseconds\n", avg);
+        else
+            printf("wolfSSL_connect avg took: %8.3f milliseconds\n", avg);
+    }
+
+    return EXIT_SUCCESS;
+}
+
+int ClientBenchmarkThroughput(WOLFSSL_CTX* ctx, char* host, word16 port,
+    int doDTLS, int throughput)
+{
+    double start, conn_time = 0, tx_time = 0, rx_time = 0;
+    SOCKET_T sockfd;
+    WOLFSSL* ssl;
+    int ret;
+
+    start = current_time();
+    ssl = wolfSSL_new(ctx);
+    tcp_connect(&sockfd, host, port, doDTLS, ssl);
+    wolfSSL_set_fd(ssl, sockfd);
+    if (wolfSSL_connect(ssl) == SSL_SUCCESS) {
+        /* Perform throughput test */
+        char *tx_buffer, *rx_buffer;
+
+        /* Record connection time */
+        conn_time = current_time() - start;
+
+        /* Allocate TX/RX buffers */
+        tx_buffer = (char*)malloc(TEST_BUFFER_SIZE);
+        rx_buffer = (char*)malloc(TEST_BUFFER_SIZE);
+        if(tx_buffer && rx_buffer) {
+            WC_RNG rng;
+
+            /* Startup the RNG */
+            ret = wc_InitRng(&rng);
+            if(ret == 0) {
+                int xfer_bytes;
+
+                /* Generate random data to send */
+                ret = wc_RNG_GenerateBlock(&rng, (byte*)tx_buffer, TEST_BUFFER_SIZE);
+                wc_FreeRng(&rng);
+                if(ret != 0) {
+                    err_sys("wc_RNG_GenerateBlock failed");
+                }
+
+                /* Perform TX and RX of bytes */
+                xfer_bytes = 0;
+                while(throughput > xfer_bytes) {
+                    int len, rx_pos, select_ret;
+
+                    /* Determine packet size */
+                    len = min(TEST_BUFFER_SIZE, throughput - xfer_bytes);
+
+                    /* Perform TX */
+                    start = current_time();
+                    if (wolfSSL_write(ssl, tx_buffer, len) != len) {
+                        int writeErr = wolfSSL_get_error(ssl, 0);
+                        printf("wolfSSL_write error %d!\n", writeErr);
+                        err_sys("wolfSSL_write failed");
+                    }
+                    tx_time += current_time() - start;
+
+                    /* Perform RX */
+                    select_ret = tcp_select(sockfd, 1); /* Timeout=1 second */
+                    if (select_ret == TEST_RECV_READY) {
+                        start = current_time();
+                        rx_pos = 0;
+                        while(rx_pos < len) {
+                            ret = wolfSSL_read(ssl, &rx_buffer[rx_pos], len - rx_pos);
+                            if(ret <= 0) {
+                                int readErr = wolfSSL_get_error(ssl, 0);
+                                if (readErr != SSL_ERROR_WANT_READ) {
+                                    printf("wolfSSL_read error %d!\n", readErr);
+                                    err_sys("wolfSSL_read failed");
+                                }
+                            }
+                            else {
+                                rx_pos += ret;
+                            }
+                        }
+                        rx_time += current_time() - start;
+                    }
+
+                    /* Compare TX and RX buffers */
+                    if(XMEMCMP(tx_buffer, rx_buffer, len) != 0) {
+                        err_sys("Compare TX and RX buffers failed");
+                    }
+
+                    /* Update overall position */
+                    xfer_bytes += len;
+                }
+            }
+            else {
+                err_sys("wc_InitRng failed");
+            }
+        }
+        else {
+            err_sys("Client buffer malloc failed");
+        }
+        if(tx_buffer) free(tx_buffer);
+        if(rx_buffer) free(rx_buffer);
+    }
+    else {
+        err_sys("wolfSSL_connect failed");
+    }
+
+    wolfSSL_shutdown(ssl);
+    wolfSSL_free(ssl);
+    CloseSocket(sockfd);
+
+    printf("wolfSSL Client Benchmark %d bytes\n"
+        "\tConnect %8.3f ms\n"
+        "\tTX      %8.3f ms (%8.3f MBps)\n"
+        "\tRX      %8.3f ms (%8.3f MBps)\n",
+        throughput,
+        conn_time * 1000,
+        tx_time * 1000, throughput / tx_time / 1024 / 1024,
+        rx_time * 1000, throughput / rx_time / 1024 / 1024
+    );
+
+    return EXIT_SUCCESS;
+}
+
 
 static void Usage(void)
 {
@@ -137,7 +296,7 @@ static void Usage(void)
     printf("-p <num>    Port to connect on, not 0, default %d\n", wolfSSLPort);
     printf("-v <num>    SSL version [0-3], SSLv3(0) - TLS1.2(3)), default %d\n",
                                  CLIENT_DEFAULT_VERSION);
-    printf("-l <str>    Cipher list\n");
+    printf("-l <str>    Cipher suite list (: delimited)\n");
     printf("-c <file>   Certificate file,           default %s\n", cliCert);
     printf("-k <file>   Key file,                   default %s\n", cliKey);
     printf("-A <file>   Certificate Authority file, default %s\n", caCert);
@@ -149,6 +308,7 @@ static void Usage(void)
 #ifdef HAVE_ALPN
     printf("-L <str>    Application-Layer Protocole Name ({C,F}:<list>)\n");
 #endif
+    printf("-B <num>    Benchmark throughput using <num> bytes and print stats\n");
     printf("-s          Use pre Shared keys\n");
     printf("-t          Track wolfSSL memory use\n");
     printf("-d          Disable peer checks\n");
@@ -156,7 +316,7 @@ static void Usage(void)
     printf("-e          List Every cipher suite available, \n");
     printf("-g          Send server HTTP GET\n");
     printf("-u          Use UDP DTLS,"
-           " add -v 2 for DTLSv1 (default), -v 3 for DTLSv1.2\n");
+           " add -v 2 for DTLSv1, -v 3 for DTLSv1.2 (default)\n");
     printf("-m          Match domain name in cert\n");
     printf("-N          Use Non-blocking sockets\n");
     printf("-r          Resume session\n");
@@ -200,7 +360,7 @@ static void Usage(void)
 
 THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
 {
-    SOCKET_T sockfd = 0;
+    SOCKET_T sockfd = WOLFSSL_SOCKET_INVALID;
 
     WOLFSSL_METHOD*  method  = 0;
     WOLFSSL_CTX*     ctx     = 0;
@@ -228,6 +388,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
     int    useAnon  = 0;
     int    sendGET  = 0;
     int    benchmark = 0;
+    int    throughput = 0;
     int    doDTLS    = 0;
     int    matchName = 0;
     int    doPeerCheck = 1;
@@ -300,7 +461,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
     StackTrap();
 
     while ((ch = mygetopt(argc, argv,
-                          "?gdeDusmNrwRitfxXUPCh:p:v:l:A:c:k:Z:b:zS:L:ToO:an:"))
+                          "?gdeDusmNrwRitfxXUPCh:p:v:l:A:c:k:Z:b:zS:L:ToO:aB:"))
                                                                         != -1) {
         switch (ch) {
             case '?' :
@@ -426,6 +587,14 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
                 }
                 break;
 
+            case 'B' :
+                throughput = atoi(myoptarg);
+                if (throughput <= 0) {
+                    Usage();
+                    exit(MY_EX_USAGE);
+                }
+                break;
+
             case 'N' :
                 nonBlocking = 1;
                 break;
@@ -633,9 +802,10 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
     if (ctx == NULL)
         err_sys("unable to get ctx");
 
-    if (cipherList)
+    if (cipherList) {
         if (wolfSSL_CTX_set_cipher_list(ctx, cipherList) != SSL_SUCCESS)
             err_sys("client can't set cipher list 1");
+    }
 
 #ifdef WOLFSSL_LEANPSK
     usePsk = 1;
@@ -770,45 +940,16 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
 #endif
 
     if (benchmark) {
-        /* time passed in number of connects give average */
+        ((func_args*)args)->return_code =
-        int times = benchmark;
+            ClientBenchmarkConnections(ctx, host, port, doDTLS, benchmark, resumeSession);
-        int loops = resumeSession ? 2 : 1;
-        int i = 0;
-        WOLFSSL_SESSION* benchSession = NULL;
-
-        while (loops--) {
-            int benchResume = resumeSession && loops == 0;
-            double start = current_time(), avg;
-
-            for (i = 0; i < times; i++) {
-                tcp_connect(&sockfd, host, port, doDTLS);
-
-                ssl = wolfSSL_new(ctx);
-                if (benchResume)
-                    wolfSSL_set_session(ssl, benchSession);
-                wolfSSL_set_fd(ssl, sockfd);
-                if (wolfSSL_connect(ssl) != SSL_SUCCESS)
-                    err_sys("SSL_connect failed");
-
-                wolfSSL_shutdown(ssl);
-                if (i == (times-1) && resumeSession) {
-                    benchSession = wolfSSL_get_session(ssl);
-                }
-                wolfSSL_free(ssl);
-                CloseSocket(sockfd);
-            }
-            avg = current_time() - start;
-            avg /= times;
-            avg *= 1000;   /* milliseconds */
-            if (benchResume)
-                printf("wolfSSL_resume  avg took: %8.3f milliseconds\n", avg);
-            else
-                printf("wolfSSL_connect avg took: %8.3f milliseconds\n", avg);
-        }
-
         wolfSSL_CTX_free(ctx);
-        ((func_args*)args)->return_code = 0;
+        exit(EXIT_SUCCESS);
+    }
 
+    if(throughput) {
+        ((func_args*)args)->return_code =
+            ClientBenchmarkThroughput(ctx, host, port, doDTLS, throughput);
+        wolfSSL_CTX_free(ctx);
         exit(EXIT_SUCCESS);
     }
 
@@ -830,15 +971,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
     }
 #endif
 
-    if (doDTLS) {
+    tcp_connect(&sockfd, host, port, doDTLS, ssl);
-        SOCKADDR_IN_T addr;
-        build_addr(&addr, host, port, 1);
-        wolfSSL_dtls_set_peer(ssl, &addr, sizeof(addr));
-        tcp_socket(&sockfd, 1);
-    }
-    else {
-        tcp_connect(&sockfd, host, port, 0);
-    }
 
 #ifdef HAVE_POLY1305
     /* use old poly to connect with google and wolfssl.com server */
@@ -986,21 +1119,15 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
 #ifndef NO_SESSION_CACHE
     if (resumeSession) {
         if (doDTLS) {
-            SOCKADDR_IN_T addr;
+#ifdef USE_WINDOWS_API
-            #ifdef USE_WINDOWS_API 
+            Sleep(500);
-                Sleep(500);
+#elif defined(WOLFSSL_TIRTOS)
-            #elif defined(WOLFSSL_TIRTOS)
+            Task_sleep(1);
-                Task_sleep(1);
+#else
-            #else
+            sleep(1);
-                sleep(1);
+#endif
-            #endif
-            build_addr(&addr, host, port, 1);
-            wolfSSL_dtls_set_peer(sslResume, &addr, sizeof(addr));
-            tcp_socket(&sockfd, 1);
-        }
-        else {
-            tcp_connect(&sockfd, host, port, 0);
         }
+        tcp_connect(&sockfd, host, port, doDTLS, sslResume);
         wolfSSL_set_fd(sslResume, sockfd);
 #ifdef HAVE_ALPN
         if (alpnList != NULL) {

examples/client/client.h

@@ -23,3 +23,11 @@
 
 THREAD_RETURN WOLFSSL_THREAD client_test(void* args);
 
+/* Measures average time to create, connect and disconnect a connection (TPS). 
+Benchmark = number of connections. */
+int ClientBenchmarkConnections(WOLFSSL_CTX* ctx, char* host, word16 port, 
+	int doDTLS, int benchmark, int resumeSession);
+
+/* Measures throughput in kbps. Throughput = number of bytes */	
+int ClientBenchmarkThroughput(WOLFSSL_CTX* ctx, char* host, word16 port, 
+	int doDTLS, int throughput);

examples/echoclient/echoclient.c

@@ -164,16 +164,7 @@ void echoclient_test(void* args)
     #endif
 
     ssl = SSL_new(ctx);
-
+    tcp_connect(&sockfd, yasslIP, port, doDTLS, ssl);
-    if (doDTLS) {
-        SOCKADDR_IN_T addr;
-        build_addr(&addr, yasslIP, port, 1);
-        CyaSSL_dtls_set_peer(ssl, &addr, sizeof(addr));
-        tcp_socket(&sockfd, 1);
-    }
-    else {
-        tcp_connect(&sockfd, yasslIP, port, 0);
-    }
         
     SSL_set_fd(ssl, sockfd);
 #if defined(USE_WINDOWS_API) && defined(CYASSL_DTLS) && defined(NO_MAIN_DRIVER)

examples/echoserver/echoserver.c

@@ -248,7 +248,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
                 err_sys("recvfrom failed");
         }
 #endif
-        if (clientfd == -1) err_sys("tcp accept failed");
+        if (WOLFSSL_SOCKET_IS_INVALID(clientfd)) err_sys("tcp accept failed");
 
         ssl = CyaSSL_new(ctx);
         if (ssl == NULL) err_sys("SSL_new failed");

examples/include.am

@@ -0,0 +1,7 @@
+# vim:ft=automake
+# All paths should be given relative to the root
+
+include examples/client/include.am
+include examples/echoclient/include.am
+include examples/echoserver/include.am
+include examples/server/include.am

examples/server/server.c

@@ -81,10 +81,11 @@ static void NonBlockingSSL_Accept(SSL* ssl)
                                   error == SSL_ERROR_WANT_WRITE)) {
         int currTimeout = 1;
 
-        if (error == SSL_ERROR_WANT_READ)
+        if (error == SSL_ERROR_WANT_READ) {
-            printf("... server would read block\n");
+            /* printf("... server would read block\n"); */
-        else
+        } else {
-            printf("... server would write block\n");
+            /* printf("... server would write block\n"); */
+        }
 
 #ifdef CYASSL_DTLS
         currTimeout = CyaSSL_dtls_get_current_timeout(ssl);
@@ -118,6 +119,68 @@ static void NonBlockingSSL_Accept(SSL* ssl)
         err_sys("SSL_accept failed");
 }
 
+/* Echo number of bytes specified by -e arg */
+int ServerEchoData(SSL* ssl, int clientfd, int echoData, int throughput)
+{
+    int ret = 0;
+    char* buffer = (char*)malloc(TEST_BUFFER_SIZE);
+    if(buffer) {
+        double start, rx_time = 0, tx_time = 0;
+        int xfer_bytes = 0;
+        while((echoData && throughput == 0) || (!echoData && xfer_bytes < throughput)) {
+            int select_ret = tcp_select(clientfd, 1); /* Timeout=1 second */
+            if (select_ret == TEST_RECV_READY) {
+                int len = min(TEST_BUFFER_SIZE, throughput - xfer_bytes);
+                int rx_pos = 0;
+                if(throughput) {
+                    start = current_time();
+                }
+                while(rx_pos < len) {
+                    ret = SSL_read(ssl, &buffer[rx_pos], len - rx_pos);
+                    if (ret <= 0) {
+                        int readErr = SSL_get_error(ssl, 0);
+                        if (readErr != SSL_ERROR_WANT_READ) {
+                            printf("SSL_read error %d!\n", readErr);
+                            err_sys("SSL_read failed");
+                        }
+                    }
+                    else {
+                        rx_pos += ret;
+                    }
+                }
+                if(throughput) {
+                    rx_time += current_time() - start;
+                    start = current_time();
+                }
+                if (SSL_write(ssl, buffer, len) != len) {
+                    err_sys("SSL_write failed");
+                }
+                if(throughput) {
+                    tx_time += current_time() - start;
+                }
+
+                xfer_bytes += len;
+            }
+        }
+        free(buffer);
+
+        if(throughput) {
+            printf("wolfSSL Server Benchmark %d bytes\n"
+                "\tRX      %8.3f ms (%8.3f MBps)\n"
+                "\tTX      %8.3f ms (%8.3f MBps)\n",
+                throughput,
+                tx_time * 1000, throughput / tx_time / 1024 / 1024,
+                rx_time * 1000, throughput / rx_time / 1024 / 1024
+            );
+        }
+    }
+    else {
+        err_sys("Server buffer malloc failed");
+    }
+
+    return EXIT_SUCCESS;
+}
+
 
 static void Usage(void)
 {
@@ -127,7 +190,7 @@ static void Usage(void)
     printf("-p <num>    Port to listen on, not 0, default %d\n", yasslPort);
     printf("-v <num>    SSL version [0-3], SSLv3(0) - TLS1.2(3)), default %d\n",
                                  SERVER_DEFAULT_VERSION);
-    printf("-l <str>    Cipher list\n");
+    printf("-l <str>    Cipher suite list (: delimited)\n");
     printf("-c <file>   Certificate file,           default %s\n", svrCert);
     printf("-k <file>   Key file,                   default %s\n", svrKey);
     printf("-A <file>   Certificate Authority file, default %s\n", cliCert);
@@ -144,7 +207,7 @@ static void Usage(void)
     printf("-s          Use pre Shared keys\n");
     printf("-t          Track wolfSSL memory use\n");
     printf("-u          Use UDP DTLS,"
-           " add -v 2 for DTLSv1 (default), -v 3 for DTLSv1.2\n");
+           " add -v 2 for DTLSv1, -v 3 for DTLSv1.2 (default)\n");
     printf("-f          Fewer packets/group messages\n");
     printf("-R          Create server ready file, for external monitor\n");
     printf("-r          Allow one client Resumption\n");
@@ -164,20 +227,22 @@ static void Usage(void)
 #ifndef NO_PSK
     printf("-I          Do not send PSK identity hint\n");
 #endif
+    printf("-i          Loop indefinitely (allow repeated connections)\n");
+    printf("-e          Echo data mode (return raw bytes received)\n");
+    printf("-B <num>    Benchmark throughput using <num> bytes and print stats\n");
 }
 
 THREAD_RETURN CYASSL_THREAD server_test(void* args)
 {
-    SOCKET_T sockfd   = 0;
+    SOCKET_T sockfd   = WOLFSSL_SOCKET_INVALID;
-    SOCKET_T clientfd = 0;
+    SOCKET_T clientfd = WOLFSSL_SOCKET_INVALID;
 
     SSL_METHOD* method = 0;
     SSL_CTX*    ctx    = 0;
     SSL*        ssl    = 0;
 
-    char   msg[] = "I hear you fa shizzle!";
+    const char msg[] = "I hear you fa shizzle!";
     char   input[80];
-    int    idx;
     int    ch;
     int    version = SERVER_DEFAULT_VERSION;
     int    doCliCertCheck = 1;
@@ -194,8 +259,13 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
     int    pkCallbacks  = 0;
     int    serverReadyFile = 0;
     int    wc_shutdown     = 0;
-    int    resume = 0;            /* do resume, and resume count */
+    int    resume = 0;
+    int    resumeCount = 0;
+    int    loopIndefinitely = 0;
+    int    echoData = 0;
+    int    throughput = 0;
     int    minDhKeyBits = DEFAULT_MIN_DHKEY_BITS;
+    int    doListen = 1;
     int    ret;
     char*  alpnList = NULL;
     unsigned char alpn_opt = 0;
@@ -244,7 +314,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
     fdOpenSession(Task_self());
 #endif
 
-    while ((ch = mygetopt(argc, argv, "?dbstnNufrRawPIp:v:l:A:c:k:Z:S:oO:D:L:"))
+    while ((ch = mygetopt(argc, argv, "?dbstnNufrRawPIp:v:l:A:c:k:Z:S:oO:D:L:ieB:"))
                          != -1) {
         switch (ch) {
             case '?' :
@@ -400,6 +470,23 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
 
                 #endif
                 break;
+
+            case 'i' :
+                loopIndefinitely = 1;
+                break;
+
+            case 'e' :
+                echoData = 1;
+                break;
+
+            case 'B':
+                throughput = atoi(myoptarg);
+                if (throughput <= 0) {
+                    Usage();
+                    exit(MY_EX_USAGE);
+                }
+                break;
+
             default:
                 Usage();
                 exit(MY_EX_USAGE);
@@ -593,173 +680,182 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
             err_sys("UseSNI failed");
 #endif
 
-while (1) {  /* allow resume option */
+    while (1) {
-    if (resume > 1) {  /* already did listen, just do accept */
+        /* allow resume option */
-        if (doDTLS == 0) {
+        if(resumeCount > 1) {
-            SOCKADDR_IN_T client;
+            if (doDTLS == 0) {
-            socklen_t client_len = sizeof(client);
+                SOCKADDR_IN_T client;
-            clientfd = accept(sockfd, (struct sockaddr*)&client,
+                socklen_t client_len = sizeof(client);
-                             (ACCEPT_THIRD_T)&client_len);
+                clientfd = accept(sockfd, (struct sockaddr*)&client,
-        } else {
+                                 (ACCEPT_THIRD_T)&client_len);
-            tcp_listen(&sockfd, &port, useAnyAddr, doDTLS);
+            } else {
-            clientfd = sockfd;
+                tcp_listen(&sockfd, &port, useAnyAddr, doDTLS);
+                clientfd = sockfd;
+            }
+            if(WOLFSSL_SOCKET_IS_INVALID(clientfd)) {
+                err_sys("tcp accept failed");
+            }
         }
-        #ifdef USE_WINDOWS_API
-            if (clientfd == INVALID_SOCKET) err_sys("tcp accept failed");
-        #else
-            if (clientfd == -1) err_sys("tcp accept failed");
-        #endif
-    }
 
-    ssl = SSL_new(ctx);
+        ssl = SSL_new(ctx);
-    if (ssl == NULL)
+        if (ssl == NULL)
-        err_sys("unable to get SSL");
+            err_sys("unable to get SSL");
 
 #ifndef NO_HANDSHAKE_DONE_CB
-    wolfSSL_SetHsDoneCb(ssl, myHsDoneCb, NULL);
+        wolfSSL_SetHsDoneCb(ssl, myHsDoneCb, NULL);
 #endif
 #ifdef HAVE_CRL
-    CyaSSL_EnableCRL(ssl, 0);
+        CyaSSL_EnableCRL(ssl, 0);
-    CyaSSL_LoadCRL(ssl, crlPemDir, SSL_FILETYPE_PEM, CYASSL_CRL_MONITOR |
+        CyaSSL_LoadCRL(ssl, crlPemDir, SSL_FILETYPE_PEM, CYASSL_CRL_MONITOR |
-                                                     CYASSL_CRL_START_MON);
+                                                         CYASSL_CRL_START_MON);
-    CyaSSL_SetCRL_Cb(ssl, CRL_CallBack);
+        CyaSSL_SetCRL_Cb(ssl, CRL_CallBack);
 #endif
 #ifdef HAVE_OCSP
-    if (useOcsp) {
+        if (useOcsp) {
-        if (ocspUrl != NULL) {
+            if (ocspUrl != NULL) {
-            CyaSSL_CTX_SetOCSP_OverrideURL(ctx, ocspUrl);
+                CyaSSL_CTX_SetOCSP_OverrideURL(ctx, ocspUrl);
-            CyaSSL_CTX_EnableOCSP(ctx, CYASSL_OCSP_NO_NONCE
+                CyaSSL_CTX_EnableOCSP(ctx, CYASSL_OCSP_NO_NONCE
-                                                    | CYASSL_OCSP_URL_OVERRIDE);
+                                                        | CYASSL_OCSP_URL_OVERRIDE);
+            }
+            else
+                CyaSSL_CTX_EnableOCSP(ctx, CYASSL_OCSP_NO_NONCE);
         }
-        else
-            CyaSSL_CTX_EnableOCSP(ctx, CYASSL_OCSP_NO_NONCE);
-    }
 #endif
 #ifdef HAVE_PK_CALLBACKS
-    if (pkCallbacks)
+        if (pkCallbacks)
-        SetupPkCallbacks(ctx, ssl);
+            SetupPkCallbacks(ctx, ssl);
 #endif
 
-    if (resume < 2) {  /* do listen and accept */
+        /* do accept */
         tcp_accept(&sockfd, &clientfd, (func_args*)args, port, useAnyAddr,
-                   doDTLS, serverReadyFile);
+                       doDTLS, serverReadyFile, doListen);
-    }
+        doListen = 0; /* Don't listen next time */
 
-    SSL_set_fd(ssl, clientfd);
+        SSL_set_fd(ssl, clientfd);
 
 #ifdef HAVE_ALPN
-    if (alpnList != NULL) {
+        if (alpnList != NULL) {
-        printf("ALPN accepted protocols list : %s\n", alpnList);
+            printf("ALPN accepted protocols list : %s\n", alpnList);
-        wolfSSL_UseALPN(ssl, alpnList, (word32)XSTRLEN(alpnList), alpn_opt);
+            wolfSSL_UseALPN(ssl, alpnList, (word32)XSTRLEN(alpnList), alpn_opt);
-    }
+        }
 #endif
 
 #ifdef WOLFSSL_DTLS
-    if (doDTLS) {
+        if (doDTLS) {
-        SOCKADDR_IN_T cliaddr;
+            SOCKADDR_IN_T cliaddr;
-        byte          b[1500];
+            byte          b[1500];
-        int           n;
+            int           n;
-        socklen_t     len = sizeof(cliaddr);
+            socklen_t     len = sizeof(cliaddr);
 
-        /* For DTLS, peek at the next datagram so we can get the client's
+            /* For DTLS, peek at the next datagram so we can get the client's
-         * address and set it into the ssl object later to generate the
+             * address and set it into the ssl object later to generate the
-         * cookie. */
+             * cookie. */
-        n = (int)recvfrom(sockfd, (char*)b, sizeof(b), MSG_PEEK,
+            n = (int)recvfrom(sockfd, (char*)b, sizeof(b), MSG_PEEK,
-                          (struct sockaddr*)&cliaddr, &len);
+                              (struct sockaddr*)&cliaddr, &len);
-        if (n <= 0)
+            if (n <= 0)
-            err_sys("recvfrom failed");
+                err_sys("recvfrom failed");
 
-        wolfSSL_dtls_set_peer(ssl, &cliaddr, len);
+            wolfSSL_dtls_set_peer(ssl, &cliaddr, len);
-    }
+        }
 #endif
-    if (usePsk == 0 || useAnon == 1 || cipherList != NULL || needDH == 1) {
+        if (usePsk == 0 || useAnon == 1 || cipherList != NULL || needDH == 1) {
-        #if !defined(NO_FILESYSTEM) && !defined(NO_DH) && !defined(NO_ASN)
+            #if !defined(NO_FILESYSTEM) && !defined(NO_DH) && !defined(NO_ASN)
-            CyaSSL_SetTmpDH_file(ssl, ourDhParam, SSL_FILETYPE_PEM);
+                CyaSSL_SetTmpDH_file(ssl, ourDhParam, SSL_FILETYPE_PEM);
-        #elif !defined(NO_DH)
+            #elif !defined(NO_DH)
-            SetDH(ssl);  /* repick suites with DHE, higher priority than PSK */
+                SetDH(ssl);  /* repick suites with DHE, higher priority than PSK */
-        #endif
+            #endif
-    }
+        }
 
 #ifndef CYASSL_CALLBACKS
-    if (nonBlocking) {
+        if (nonBlocking) {
-        CyaSSL_set_using_nonblock(ssl, 1);
+            CyaSSL_set_using_nonblock(ssl, 1);
-        tcp_set_nonblocking(&clientfd);
+            tcp_set_nonblocking(&clientfd);
-        NonBlockingSSL_Accept(ssl);
+            NonBlockingSSL_Accept(ssl);
-    } else if (SSL_accept(ssl) != SSL_SUCCESS) {
+        } else if (SSL_accept(ssl) != SSL_SUCCESS) {
-        int err = SSL_get_error(ssl, 0);
+            int err = SSL_get_error(ssl, 0);
-        char buffer[CYASSL_MAX_ERROR_SZ];
+            char buffer[CYASSL_MAX_ERROR_SZ];
-        printf("error = %d, %s\n", err, ERR_error_string(err, buffer));
+            printf("error = %d, %s\n", err, ERR_error_string(err, buffer));
-        err_sys("SSL_accept failed");
+            err_sys("SSL_accept failed");
-    }
+        }
 #else
-    NonBlockingSSL_Accept(ssl);
+        NonBlockingSSL_Accept(ssl);
 #endif
-    showPeer(ssl);
+        showPeer(ssl);
 
 #ifdef HAVE_ALPN
-    if (alpnList != NULL) {
+        if (alpnList != NULL) {
-        int err;
+            int err;
-        char *protocol_name = NULL, *list = NULL;
+            char *protocol_name = NULL, *list = NULL;
-        word16 protocol_nameSz = 0, listSz = 0;
+            word16 protocol_nameSz = 0, listSz = 0;
 
-        err = wolfSSL_ALPN_GetProtocol(ssl, &protocol_name, &protocol_nameSz);
+            err = wolfSSL_ALPN_GetProtocol(ssl, &protocol_name, &protocol_nameSz);
-        if (err == SSL_SUCCESS)
+            if (err == SSL_SUCCESS)
-            printf("Sent ALPN protocol : %s (%d)\n",
+                printf("Sent ALPN protocol : %s (%d)\n",
-                   protocol_name, protocol_nameSz);
+                       protocol_name, protocol_nameSz);
-        else if (err == SSL_ALPN_NOT_FOUND)
+            else if (err == SSL_ALPN_NOT_FOUND)
-            printf("No ALPN response sent (no match)\n");
+                printf("No ALPN response sent (no match)\n");
-        else
+            else
-            printf("Getting ALPN protocol name failed\n");
+                printf("Getting ALPN protocol name failed\n");
 
-        err = wolfSSL_ALPN_GetPeerProtocol(ssl, &list, &listSz);
+            err = wolfSSL_ALPN_GetPeerProtocol(ssl, &list, &listSz);
-        if (err == SSL_SUCCESS)
+            if (err == SSL_SUCCESS)
-            printf("List of protocol names sent by Client: %s (%d)\n",
+                printf("List of protocol names sent by Client: %s (%d)\n",
-                   list, listSz);
+                       list, listSz);
-        else
+            else
-            printf("Get list of client's protocol name failed\n");
+                printf("Get list of client's protocol name failed\n");
 
-        XFREE(list, NULL, DYNAMIC_TMP_OUT_BUFFER);
+            XFREE(list, NULL, DYNAMIC_TMP_OUT_BUFFER);
-    }
+        }
+#endif
+        if(echoData == 0 && throughput == 0) {
+            ret = SSL_read(ssl, input, sizeof(input)-1);
+            if (ret > 0) {
+                input[ret] = 0;
+                printf("Client message: %s\n", input);
+
+            }
+            else if (ret < 0) {
+                int readErr = SSL_get_error(ssl, 0);
+                if (readErr != SSL_ERROR_WANT_READ)
+                    err_sys("SSL_read failed");
+            }
+
+            if (SSL_write(ssl, msg, sizeof(msg)) != sizeof(msg))
+                err_sys("SSL_write failed");
+        }
+        else {
+            ServerEchoData(ssl, clientfd, echoData, throughput);
+        }
+
+#if defined(WOLFSSL_MDK_SHELL) && defined(HAVE_MDK_RTX)
+        os_dly_wait(500) ;
+#elif defined (CYASSL_TIRTOS)
+        Task_yield();
 #endif
 
-    idx = SSL_read(ssl, input, sizeof(input)-1);
+        if (doDTLS == 0) {
-    if (idx > 0) {
+            ret = SSL_shutdown(ssl);
-        input[idx] = 0;
+            if (wc_shutdown && ret == SSL_SHUTDOWN_NOT_DONE)
-        printf("Client message: %s\n", input);
+                SSL_shutdown(ssl);    /* bidirectional shutdown */
+        }
+        SSL_free(ssl);
 
-    }
-    else if (idx < 0) {
-        int readErr = SSL_get_error(ssl, 0);
-        if (readErr != SSL_ERROR_WANT_READ)
-            err_sys("SSL_read failed");
-    }
-
-    if (SSL_write(ssl, msg, sizeof(msg)) != sizeof(msg))
-        err_sys("SSL_write failed");
-        
-    #if defined(WOLFSSL_MDK_SHELL) && defined(HAVE_MDK_RTX)
-        os_dly_wait(500) ;
-    #elif defined (CYASSL_TIRTOS)
-        Task_yield();
-    #endif
-
-    if (doDTLS == 0) {
-        ret = SSL_shutdown(ssl);
-        if (wc_shutdown && ret == SSL_SHUTDOWN_NOT_DONE)
-            SSL_shutdown(ssl);    /* bidirectional shutdown */
-    }
-    SSL_free(ssl);
-    if (resume == 1) {
         CloseSocket(clientfd);
-        resume++;           /* only do one resume for testing */
+
-        continue;
+        if (resume == 1 && resumeCount == 0) {
-    }
+            resumeCount++;           /* only do one resume for testing */
-    break;  /* out of while loop, done with normal and resume option */
+            continue;
-}
+        }
+        resumeCount = 0;
+
+        if(!loopIndefinitely) {
+            break;  /* out of while loop, done with normal and resume option */
+        }
+    } /* while(1) */
+
+    CloseSocket(sockfd);
     SSL_CTX_free(ctx);
 
-    CloseSocket(clientfd);
-    CloseSocket(sockfd);
     ((func_args*)args)->return_code = 0;
 
 

examples/server/server.h

@@ -22,3 +22,7 @@
 #pragma once
 
 THREAD_RETURN WOLFSSL_THREAD server_test(void* args);
+
+/* Echo bytes using buffer of TEST_BUFFER_SIZE until [echoData] bytes are complete. */
+/* If [bechmarkThroughput] set the statistcs will be output at the end */
+int ServerEchoData(WOLFSSL* ssl, int clientfd, int echoData, int benchmarkThroughput);

scripts/benchmark.test

@@ -0,0 +1,115 @@
+#!/bin/sh
+
+#benchmark.test
+
+if [ "$#" -lt 2 ]; then
+    echo "Usage: $0 [mode] [num] [clientargs] [serverargs]" >&2
+    echo "    [mode]: 1=Connection Rate (TPS), 2=Throughput Bytes" >&2
+    echo "    [num]: Mode 1=Connection Count, Mode 2=Bytes to TX/RX" >&2
+    echo "    [clientargs]: Passed to client (see \"./example/client/client -?\" for help)" >&2
+    echo "                  Example: Use different cipher suite: \"-l DHE-RSA-AES256-SHA\"" >&2
+    echo "    [serverargs]: Passed to server (see \"./example/server/server -?\" for help)" >&2
+    echo "                  Example: Disable client certificate check: \"-d\"" >&2
+    echo "Note: If additional client or server args contains spaces wrap with double quotes" >&2
+    exit 1
+fi
+
+# Use unique benchmark port so it won't conflict with any other tests
+bench_port=11113
+no_pid=-1
+server_pid=$no_pid
+counter=0
+client_result=-1
+
+remove_ready_file() {
+    if test -e /tmp/wolfssl_server_ready; then
+        echo "removing exisitng server_ready file"
+        rm /tmp/wolfssl_server_ready
+    fi
+}
+
+
+do_cleanup() {
+    echo "in cleanup"
+
+    if  [ $server_pid != $no_pid ]
+    then
+        echo "killing server"
+        kill -9 $server_pid
+    fi
+    remove_ready_file
+}
+
+do_trap() {
+    echo "got trap"
+    do_cleanup
+    exit -1
+}
+
+trap do_trap INT TERM
+
+# Start server in loop continuous mode (-L) with echo data (-e) enabled and non-blocking (-N)
+echo "\nStarting example server for benchmark test"
+remove_ready_file
+# benchmark connections
+if [ $1 == 1 ]
+then
+    # start server in loop mode with port
+    ./examples/server/server -i -p $bench_port $4 &
+    server_pid=$!
+fi
+
+# benchmark throughput
+if [ $1 == 2 ]
+then
+    # start server in loop mode, non-blocking, benchmark throughput with port
+    ./examples/server/server -i -N -B $2 -p $bench_port $4 &
+    server_pid=$!
+fi
+
+
+echo "Waiting for server_ready file..."
+while [ ! -s /tmp/wolfssl_server_ready -a "$counter" -lt 20 ]; do
+    sleep 0.1
+    counter=$((counter+ 1))
+done
+
+# benchmark connections
+if [ $1 == 1 ]
+then
+    echo "Starting example client to benchmark connection average time"
+    # start client to benchmark average time for each connection using port
+    ./examples/client/client -b $2 -p $bench_port $3
+    client_result=$?
+fi
+
+# benchmark throughput
+if [ $1 == 2 ]
+then
+    echo "Starting example client to benchmark throughput"
+    # start client in non-blocking mode, benchmark throughput using port
+    ./examples/client/client -N -B $2 -p $bench_port $3
+    client_result=$?
+fi
+
+if [ $client_result != 0 ]
+then
+    echo "Client failed!"
+    do_cleanup
+    exit 1
+fi
+
+# End server
+kill -6 $server_pid
+server_result=$?
+remove_ready_file
+
+if [ $server_result != 0 ]
+then
+    echo "Server failed!"
+    exit 1
+fi
+
+echo "\nSuccess!\n"
+
+exit 0

scripts/include.am

@@ -10,6 +10,7 @@ endif
 
 if BUILD_EXAMPLES
 dist_noinst_SCRIPTS+= scripts/resume.test
+EXTRA_DIST+= scripts/benchmark.test 
 
 if BUILD_CRL
 # make revoked test rely on completion of resume test

src/ssl.c

@@ -17066,5 +17066,29 @@ int wolfSSL_ED25519_verify(const unsigned char *msg, unsigned int msgSz,
 }
 
 #endif /* OPENSSL_EXTRA && HAVE_ED25519 */
+
+#ifdef WOLFSSL_JNI
+
+int wolfSSL_set_jobject(WOLFSSL* ssl, void* objPtr)
+{
+    WOLFSSL_ENTER("wolfSSL_set_jobject");
+    if (ssl != NULL)
+    {
+        ssl->jObjectRef = objPtr;
+        return SSL_SUCCESS;
+    }
+    return SSL_FAILURE;
+}
+
+void* wolfSSL_get_jobject(WOLFSSL* ssl)
+{
+    WOLFSSL_ENTER("wolfSSL_get_jobject");
+    if (ssl != NULL)
+        return ssl->jObjectRef;
+    return NULL;
+}
+
+#endif /* WOLFSSL_JNI */
+
 #endif /* WOLFCRYPT_ONLY */
 

tests/api.c

@@ -357,7 +357,7 @@ static THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args)
     }
 
     ssl = wolfSSL_new(ctx);
-    tcp_accept(&sockfd, &clientfd, (func_args*)args, port, 0, 0, 0);
+    tcp_accept(&sockfd, &clientfd, (func_args*)args, port, 0, 0, 0, 1);
     CloseSocket(sockfd);
 
     wolfSSL_set_fd(ssl, clientfd);
@@ -467,9 +467,8 @@ static void test_client_nofail(void* args)
         goto done2;
     }
 
-    tcp_connect(&sockfd, wolfSSLIP, ((func_args*)args)->signal->port, 0);
-
     ssl = wolfSSL_new(ctx);
+    tcp_connect(&sockfd, wolfSSLIP, ((func_args*)args)->signal->port, 0, ssl);
     wolfSSL_set_fd(ssl, sockfd);
     if (wolfSSL_connect(ssl) != SSL_SUCCESS)
     {
@@ -557,7 +556,7 @@ static THREAD_RETURN WOLFSSL_THREAD run_wolfssl_server(void* args)
 
     ssl = wolfSSL_new(ctx);
 
-    tcp_accept(&sfd, &cfd, (func_args*)args, port, 0, 0, 0);
+    tcp_accept(&sfd, &cfd, (func_args*)args, port, 0, 0, 0, 1);
     CloseSocket(sfd);
 
     wolfSSL_set_fd(ssl, cfd);
@@ -650,9 +649,8 @@ static void run_wolfssl_client(void* args)
     if (callbacks->ctx_ready)
         callbacks->ctx_ready(ctx);
 
-    tcp_connect(&sfd, wolfSSLIP, ((func_args*)args)->signal->port, 0);
-
     ssl = wolfSSL_new(ctx);
+    tcp_connect(&sfd, wolfSSLIP, ((func_args*)args)->signal->port, 0, ssl);
     wolfSSL_set_fd(ssl, sfd);
 
     if (callbacks->ssl_ready)

wolfssl/internal.h

@@ -2484,6 +2484,9 @@ struct WOLFSSL {
         SessionSecretCb sessionSecretCb;
         void*           sessionSecretCtx;
 #endif /* HAVE_SECRET_CALLBACK */
+#ifdef WOLFSSL_JNI
+        void* jObjectRef;     /* reference to WolfSSLSession in JNI wrapper */
+#endif /* WOLFSSL_JNI */
 };
 
 

wolfssl/ssl.h

@@ -1682,6 +1682,11 @@ WOLFSSL_API void wolfSSL_CTX_set_servername_callback(WOLFSSL_CTX *,
 WOLFSSL_API void wolfSSL_CTX_set_servername_arg(WOLFSSL_CTX *, void*);
 #endif /* HAVE_STUNNEL */
 
+#ifdef WOLFSSL_JNI
+WOLFSSL_API int wolfSSL_set_jobject(WOLFSSL* ssl, void* objPtr);
+WOLFSSL_API void* wolfSSL_get_jobject(WOLFSSL* ssl);
+#endif /* WOLFSSL_JNI */
+
 #ifdef __cplusplus
     }  /* extern "C" */
 #endif

wolfssl/test.h

@@ -61,11 +61,11 @@
     #include <sys/socket.h>
     #include <ti/sysbios/knl/Task.h>
     struct hostent {
-    	char *h_name; /* official name of host */
+        char *h_name; /* official name of host */
-    	char **h_aliases; /* alias list */
+        char **h_aliases; /* alias list */
-    	int h_addrtype; /* host address type */
+        int h_addrtype; /* host address type */
-    	int h_length; /* length of address */
+        int h_length; /* length of address */
-    	char **h_addr_list; /* list of addresses from name server */
+        char **h_addr_list; /* list of addresses from name server */
     };
     #define SOCKET_T int
 #elif defined(WOLFSSL_VXWORKS)
@@ -79,7 +79,7 @@
     #include <fcntl.h>
     #include <sys/time.h>
     #include <netdb.h>
-	#include <pthread.h>
+    #include <pthread.h>
     #define SOCKET_T int
 #else
     #include <string.h>
@@ -118,6 +118,39 @@
     #pragma warning(disable:4244 4996)
 #endif
 
+/* Buffer for benchmark tests */
+#ifndef TEST_BUFFER_SIZE
+#define TEST_BUFFER_SIZE 16384
+#endif
+
+#ifndef WOLFSSL_HAVE_MIN
+    #define WOLFSSL_HAVE_MIN
+    static INLINE word32 min(word32 a, word32 b)
+    {
+        return a > b ? b : a;
+    }
+#endif /* WOLFSSL_HAVE_MIN */
+
+/* Socket Handling */
+#ifndef WOLFSSL_SOCKET_INVALID
+#ifdef USE_WINDOWS_API
+    #define WOLFSSL_SOCKET_INVALID  INVALID_SOCKET
+#elif defined(WOLFSSL_TIRTOS)
+    #define WOLFSSL_SOCKET_INVALID  -1
+#else
+    #define WOLFSSL_SOCKET_INVALID  0
+#endif
+#endif /* WOLFSSL_SOCKET_INVALID */
+
+#ifndef WOLFSSL_SOCKET_IS_INVALID
+#ifdef USE_WINDOWS_API
+    #define WOLFSSL_SOCKET_IS_INVALID(s)  ((s) == WOLFSSL_SOCKET_INVALID)
+#elif defined(WOLFSSL_TIRTOS)
+    #define WOLFSSL_SOCKET_IS_INVALID(s)  ((s) == WOLFSSL_SOCKET_INVALID)
+#else
+    #define WOLFSSL_SOCKET_IS_INVALID(s)  ((s) < WOLFSSL_SOCKET_INVALID)
+#endif
+#endif /* WOLFSSL_SOCKET_IS_INVALID */
 
 #if defined(__MACH__) || defined(USE_WINDOWS_API)
     #ifndef _SOCKLEN_T
@@ -542,16 +575,9 @@ static INLINE void tcp_socket(SOCKET_T* sockfd, int udp)
     else
         *sockfd = socket(AF_INET_V, SOCK_STREAM, 0);
 
-#ifdef USE_WINDOWS_API
+    if(WOLFSSL_SOCKET_IS_INVALID(*sockfd)) {
-    if (*sockfd == INVALID_SOCKET)
         err_sys("socket failed\n");
-#elif defined(WOLFSSL_TIRTOS)
+    }
-    if (*sockfd == -1)
-        err_sys("socket failed\n");
-#else
-    if (*sockfd < 0)
-        err_sys("socket failed\n");
-#endif
 
 #ifndef USE_WINDOWS_API
 #ifdef SO_NOSIGPIPE
@@ -583,10 +609,13 @@ static INLINE void tcp_socket(SOCKET_T* sockfd, int udp)
 }
 
 static INLINE void tcp_connect(SOCKET_T* sockfd, const char* ip, word16 port,
-                               int udp)
+                               int udp, WOLFSSL* ssl)
 {
     SOCKADDR_IN_T addr;
     build_addr(&addr, ip, port, udp);
+    if(udp) {
+        wolfSSL_dtls_set_peer(ssl, &addr, sizeof(addr));
+    }
     tcp_socket(sockfd, udp);
 
     if (!udp) {
@@ -769,7 +798,7 @@ static INLINE void udp_accept(SOCKET_T* sockfd, SOCKET_T* clientfd,
 
 static INLINE void tcp_accept(SOCKET_T* sockfd, SOCKET_T* clientfd,
                               func_args* args, word16 port, int useAnyAddr,
-                              int udp, int ready_file)
+                              int udp, int ready_file, int do_listen)
 {
     SOCKADDR_IN_T client;
     socklen_t client_len = sizeof(client);
@@ -779,49 +808,47 @@ static INLINE void tcp_accept(SOCKET_T* sockfd, SOCKET_T* clientfd,
         return;
     }
 
-    tcp_listen(sockfd, &port, useAnyAddr, udp);
+    if(do_listen) {
+        tcp_listen(sockfd, &port, useAnyAddr, udp);
 
-#if defined(_POSIX_THREADS) && defined(NO_MAIN_DRIVER) && !defined(__MINGW32__)
+    #if defined(_POSIX_THREADS) && defined(NO_MAIN_DRIVER) && !defined(__MINGW32__)
-    /* signal ready to tcp_accept */
+        /* signal ready to tcp_accept */
-    {
+        {
-    tcp_ready* ready = args->signal;
+        tcp_ready* ready = args->signal;
-    pthread_mutex_lock(&ready->mutex);
+        pthread_mutex_lock(&ready->mutex);
-    ready->ready = 1;
+        ready->ready = 1;
-    ready->port = port;
+        ready->port = port;
-    pthread_cond_signal(&ready->cond);
+        pthread_cond_signal(&ready->cond);
-    pthread_mutex_unlock(&ready->mutex);
+        pthread_mutex_unlock(&ready->mutex);
-    }
+        }
-#elif defined (WOLFSSL_TIRTOS)
+    #elif defined (WOLFSSL_TIRTOS)
-    /* Need mutex? */
+        /* Need mutex? */
-    tcp_ready* ready = args->signal;
+        tcp_ready* ready = args->signal;
-    ready->ready = 1;
+        ready->ready = 1;
-    ready->port = port;
+        ready->port = port;
-#endif
-
-    if (ready_file) {
-#ifndef NO_FILESYSTEM
-    #ifndef USE_WINDOWS_API
-        FILE* srf = fopen("/tmp/wolfssl_server_ready", "w");
-    #else
-        FILE* srf = fopen("wolfssl_server_ready", "w");
     #endif
 
-        if (srf) {
+        if (ready_file) {
-            fputs("ready", srf);
+    #ifndef NO_FILESYSTEM
-            fclose(srf);
+        #ifndef USE_WINDOWS_API
+            FILE* srf = fopen("/tmp/wolfssl_server_ready", "w");
+        #else
+            FILE* srf = fopen("wolfssl_server_ready", "w");
+        #endif
+
+            if (srf) {
+                fputs("ready", srf);
+                fclose(srf);
+            }
+    #endif
         }
-#endif
     }
 
     *clientfd = accept(*sockfd, (struct sockaddr*)&client,
                       (ACCEPT_THIRD_T)&client_len);
-#ifdef USE_WINDOWS_API
+    if(WOLFSSL_SOCKET_IS_INVALID(*clientfd)) {
-    if (*clientfd == INVALID_SOCKET)
         err_sys("tcp accept failed");
-#else
+    }
-    if (*clientfd == -1)
-        err_sys("tcp accept failed");
-#endif
 }
 
 
@@ -1138,13 +1165,13 @@ static INLINE int OpenNitroxDevice(int dma_mode,int dev_id)
 /* do back x number of directories */
 static INLINE void ChangeDirBack(int x)
 {
-	char path[MAX_PATH];
+    char path[MAX_PATH];
-	XMEMSET(path, 0, MAX_PATH);
+    XMEMSET(path, 0, MAX_PATH);
-	XSTRNCAT(path, ".\\", MAX_PATH);
+    XSTRNCAT(path, ".\\", MAX_PATH);
-	while (x-- > 0) {
+    while (x-- > 0) {
-		XSTRNCAT(path, "..\\", MAX_PATH);
+        XSTRNCAT(path, "..\\", MAX_PATH);
-	}
+    }
-	SetCurrentDirectoryA(path);
+    SetCurrentDirectoryA(path);
 }
 
 /* does current dir contain str */
@@ -1180,14 +1207,14 @@ static INLINE int CurrentDir(const char* str)
 static INLINE void ChangeDirBack(int x)
 {
     char path[MAX_PATH];
-	XMEMSET(path, 0, MAX_PATH);
+    XMEMSET(path, 0, MAX_PATH);
-	XSTRNCAT(path, "./", MAX_PATH);
+    XSTRNCAT(path, "./", MAX_PATH);
-	while (x-- > 0) {
+    while (x-- > 0) {
         XSTRNCAT(path, "../", MAX_PATH);
-	}
+    }
-	if (chdir(path) < 0) {
+    if (chdir(path) < 0) {
-		printf("chdir to %s failed\n", path);
+        printf("chdir to %s failed\n", path);
-	}
+    }
 }
 
 /* does current dir contain str */
@@ -1911,17 +1938,17 @@ static INLINE const char* mymktemp(char *tempfn, int len, int num)
     } key_ctx;
 
     static key_ctx myKey_ctx;
-    static WC_RNG rng;
+    static WC_RNG myKey_rng;
 
     static INLINE int TicketInit(void)
     {
-        int ret = wc_InitRng(&rng);
+        int ret = wc_InitRng(&myKey_rng);
         if (ret != 0) return ret;
 
-        ret = wc_RNG_GenerateBlock(&rng, myKey_ctx.key, sizeof(myKey_ctx.key));
+        ret = wc_RNG_GenerateBlock(&myKey_rng, myKey_ctx.key, sizeof(myKey_ctx.key));
         if (ret != 0) return ret;
 
-        ret = wc_RNG_GenerateBlock(&rng, myKey_ctx.name,sizeof(myKey_ctx.name));
+        ret = wc_RNG_GenerateBlock(&myKey_rng, myKey_ctx.name,sizeof(myKey_ctx.name));
         if (ret != 0) return ret;
 
         return 0;
@@ -1929,7 +1956,7 @@ static INLINE const char* mymktemp(char *tempfn, int len, int num)
 
     static INLINE void TicketCleanup(void)
     {
-        wc_FreeRng(&rng);
+        wc_FreeRng(&myKey_rng);
     }
 
     static INLINE int myTicketEncCb(WOLFSSL* ssl,
@@ -1951,7 +1978,7 @@ static INLINE const char* mymktemp(char *tempfn, int len, int num)
         if (enc) {
             XMEMCPY(key_name, myKey_ctx.name, WOLFSSL_TICKET_NAME_SZ);
 
-            ret = wc_RNG_GenerateBlock(&rng, iv, WOLFSSL_TICKET_IV_SZ);
+            ret = wc_RNG_GenerateBlock(&myKey_rng, iv, WOLFSSL_TICKET_IV_SZ);
             if (ret != 0) return WOLFSSL_TICKET_RET_REJECT;
 
             /* build aad from key name, iv, and length */