diff --git a/examples/client/client.c b/examples/client/client.c index f55a44816..eee3b3770 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -42,6 +42,17 @@ #ifndef NO_WOLFSSL_CLIENT +#ifdef NO_FILESYSTEM +#ifdef NO_RSA +#error currently the example only tries to load in a RSA buffer +#endif +#undef USE_CERT_BUFFERS_256 +#define USE_CERT_BUFFERS_256 +#undef USE_CERT_BUFFERS_2048 +#define USE_CERT_BUFFERS_2048 +#include +#endif + #ifdef USE_FAST_MATH /* included to inspect the size of FP_MAX_BITS */ /* need integer.h header to make sure right math version used */ @@ -2453,7 +2464,11 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) #ifndef NO_CERTS if (useClientCert && !loadCertKeyIntoSSLObj){ - #ifndef TEST_LOAD_BUFFER + #ifdef NO_FILESYSTEM + if (wolfSSL_CTX_use_certificate_chain_buffer(ctx, client_cert_der_2048, + sizeof_client_cert_der_2048) != WOLFSSL_SUCCESS) + err_sys("can't load server cert buffer"); + #elif !defined(TEST_LOAD_BUFFER) if (wolfSSL_CTX_use_certificate_chain_file(ctx, ourCert) != WOLFSSL_SUCCESS) { wolfSSL_CTX_free(ctx); ctx = NULL; @@ -2473,7 +2488,11 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) && !pkCallbacks #endif ) { - #ifndef TEST_LOAD_BUFFER + #ifdef NO_FILESYSTEM + if (wolfSSL_CTX_use_PrivateKey_buffer(ctx, client_key_der_2048, + sizeof_client_key_der_2048, SSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) + err_sys("can't load server private key buffer"); + #elif !defined(TEST_LOAD_BUFFER) if (wolfSSL_CTX_use_PrivateKey_file(ctx, ourKey, WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { wolfSSL_CTX_free(ctx); ctx = NULL; @@ -2486,7 +2505,13 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) } if (!usePsk && !useAnon && !useVerifyCb && myVerifyAction != VERIFY_FORCE_FAIL) { - #ifndef TEST_LOAD_BUFFER + #ifdef NO_FILESYSTEM + if (wolfSSL_CTX_load_verify_buffer(ctx, ca_cert_der_2048, + sizeof_ca_cert_der_2048, SSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) { + wolfSSL_CTX_free(ctx); ctx = NULL; + err_sys("can't load ca buffer, Please run from wolfSSL home dir"); + } + #elif !defined(TEST_LOAD_BUFFER) unsigned int verify_flags = 0; #ifdef TEST_BEFORE_DATE verify_flags |= WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY; @@ -2502,7 +2527,13 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) #ifdef HAVE_ECC /* load ecc verify too, echoserver uses it by default w/ ecc */ - #ifndef TEST_LOAD_BUFFER + #ifdef NO_FILESYSTEM + if (wolfSSL_CTX_load_verify_buffer(ctx, ca_ecc_cert_der_256, + sizeof_ca_ecc_cert_der_256, SSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) { + wolfSSL_CTX_free(ctx); ctx = NULL; + err_sys("can't load ecc ca buffer"); + } + #elif !defined(TEST_LOAD_BUFFER) if (wolfSSL_CTX_load_verify_locations_ex(ctx, eccCertFile, 0, verify_flags) != WOLFSSL_SUCCESS) { wolfSSL_CTX_free(ctx); ctx = NULL; @@ -2702,7 +2733,13 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) #ifndef NO_CERTS if (useClientCert && loadCertKeyIntoSSLObj){ - #ifndef TEST_LOAD_BUFFER + #ifdef NO_FILESYSTEM + if (wolfSSL_use_certificate_buffer(ssl, client_cert_der_2048, + sizeof_client_cert_der_2048, SSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) { + wolfSSL_CTX_free(ctx); ctx = NULL; + err_sys("can't load client cert buffer"); + } + #elif !defined(TEST_LOAD_BUFFER) if (wolfSSL_use_certificate_chain_file(ssl, ourCert) != WOLFSSL_SUCCESS) { wolfSSL_CTX_free(ctx); ctx = NULL; @@ -2719,7 +2756,11 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) && !pkCallbacks #endif ) { - #ifndef TEST_LOAD_BUFFER + #ifdef NO_FILESYSTEM + if (wolfSSL_CTX_use_PrivateKey_buffer(ctx, client_key_der_2048, + sizeof_client_key_der_2048, SSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) + err_sys("can't load client private key buffer"); + #elif !defined(TEST_LOAD_BUFFER) if (wolfSSL_use_PrivateKey_file(ssl, ourKey, WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { wolfSSL_CTX_free(ctx); ctx = NULL; diff --git a/examples/echoclient/echoclient.c b/examples/echoclient/echoclient.c index 2026cbbea..2b7dd269a 100644 --- a/examples/echoclient/echoclient.c +++ b/examples/echoclient/echoclient.c @@ -47,6 +47,16 @@ #ifndef NO_WOLFSSL_CLIENT + +#ifdef NO_FILESYSTEM +#ifdef NO_RSA +#error currently the example only tries to load in a RSA buffer +#endif +#undef USE_CERT_BUFFERS_2048 +#define USE_CERT_BUFFERS_2048 +#include +#endif + #ifdef WOLFSSL_ASYNC_CRYPT static int devId = INVALID_DEVID; #endif @@ -150,7 +160,9 @@ void echoclient_test(void* args) #endif #elif !defined(NO_CERTS) if (!doPSK) - load_buffer(ctx, caCertFile, WOLFSSL_CA); + if (wolfSSL_CTX_load_verify_buffer(ctx, ca_cert_der_2048, + sizeof_ca_cert_der_2048, WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) + err_sys("can't load ca buffer"); #endif #if defined(CYASSL_SNIFFER) diff --git a/examples/echoserver/echoserver.c b/examples/echoserver/echoserver.c index 93996a11a..69877c063 100644 --- a/examples/echoserver/echoserver.c +++ b/examples/echoserver/echoserver.c @@ -50,6 +50,15 @@ #ifndef NO_WOLFSSL_SERVER +#ifdef NO_FILESYSTEM +#ifdef NO_RSA +#error currently the example only tries to load in a RSA buffer +#endif +#undef USE_CERT_BUFFERS_2048 +#define USE_CERT_BUFFERS_2048 +#include +#endif + #ifdef WOLFSSL_ASYNC_CRYPT static int devId = INVALID_DEVID; #endif @@ -226,8 +235,15 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args) } /* doPSK */ #elif !defined(NO_CERTS) if (!doPSK) { - load_buffer(ctx, svrCertFile, WOLFSSL_CERT); - load_buffer(ctx, svrKeyFile, WOLFSSL_KEY); + if (CyaSSL_CTX_use_certificate_buffer(ctx, server_cert_der_2048, + sizeof_server_cert_der_2048, WOLFSSL_FILETYPE_ASN1) + != WOLFSSL_SUCCESS) + err_sys("can't load server cert buffer"); + + if (CyaSSL_CTX_use_PrivateKey_buffer(ctx, server_key_der_2048, + sizeof_server_key_der_2048, WOLFSSL_FILETYPE_ASN1) + != WOLFSSL_SUCCESS) + err_sys("can't load server key buffer"); } #endif diff --git a/examples/server/server.c b/examples/server/server.c index e31b8006d..5c58ace82 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -37,6 +37,15 @@ #include "rl_net.h" #endif +#ifdef NO_FILESYSTEM + #ifdef NO_RSA + #error currently the example only tries to load in a RSA buffer + #endif + #undef USE_CERT_BUFFERS_2048 + #define USE_CERT_BUFFERS_2048 + #include +#endif + #include #include #ifdef WOLFSSL_DTLS @@ -1712,7 +1721,11 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) #if !defined(NO_CERTS) if ((!usePsk || usePskPlus) && !useAnon && !(loadCertKeyIntoSSLObj == 1)) { - #ifndef TEST_LOAD_BUFFER + #ifdef NO_FILESYSTEM + if (wolfSSL_CTX_use_certificate_chain_buffer(ctx, server_cert_der_2048, + sizeof_server_cert_der_2048) != WOLFSSL_SUCCESS) + err_sys_ex(catastrophic, "can't load server cert buffer"); + #elif !defined(TEST_LOAD_BUFFER) if (SSL_CTX_use_certificate_chain_file(ctx, ourCert) != WOLFSSL_SUCCESS) err_sys_ex(catastrophic, "can't load server cert file, check file " @@ -1759,7 +1772,11 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) && !pkCallbacks #endif /* HAVE_PK_CALLBACKS && TEST_PK_PRIVKEY */ ) { - #ifndef TEST_LOAD_BUFFER + #ifdef NO_FILESYSTEM + if (wolfSSL_CTX_use_PrivateKey_buffer(ctx, server_key_der_2048, + sizeof_server_key_der_2048, SSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) + err_sys_ex(catastrophic, "can't load server private key buffer"); + #elif !defined(TEST_LOAD_BUFFER) if (SSL_CTX_use_PrivateKey_file(ctx, ourKey, WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) err_sys_ex(catastrophic, "can't load server private key file, " @@ -1961,7 +1978,11 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) /* Support for loading private key and cert using WOLFSSL object */ #if !defined(NO_CERTS) if ((!usePsk || usePskPlus) && !useAnon && loadCertKeyIntoSSLObj) { - #ifndef TEST_LOAD_BUFFER + #ifdef NO_FILESYSTEM + if (wolfSSL_use_certificate_chain_buffer(ssl, server_cert_der_2048, + sizeof_server_cert_der_2048) != WOLFSSL_SUCCESS) + err_sys_ex(catastrophic, "can't load server cert buffer"); + #elif !defined(TEST_LOAD_BUFFER) if (SSL_use_certificate_chain_file(ssl, ourCert) != WOLFSSL_SUCCESS) err_sys_ex(catastrophic, "can't load server cert file, check file " @@ -1978,7 +1999,11 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) && !pkCallbacks #endif /* HAVE_PK_CALLBACKS && TEST_PK_PRIVKEY */ ) { - #ifndef TEST_LOAD_BUFFER + #if defined(NO_FILESYSTEM) + if (wolfSSL_use_PrivateKey_buffer(ssl, server_key_der_2048, + sizeof_server_key_der_2048, SSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) + err_sys_ex(catastrophic, "can't load server private key buffer"); + #elif !defined(TEST_LOAD_BUFFER) if (SSL_use_PrivateKey_file(ssl, ourKey, WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) err_sys_ex(catastrophic, "can't load server private key file, check" diff --git a/src/sniffer.c b/src/sniffer.c index 5c9ac81d3..748c3c8a1 100644 --- a/src/sniffer.c +++ b/src/sniffer.c @@ -26,7 +26,7 @@ #include -#ifndef WOLFCRYPT_ONLY +#if !defined(WOLFCRYPT_ONLY) && !defined(NO_FILESYSTEM) #ifdef WOLFSSL_SNIFFER #include