diff --git a/wrapper/Ada/README.md b/wrapper/Ada/README.md index f1696f261..0af9eafc0 100644 --- a/wrapper/Ada/README.md +++ b/wrapper/Ada/README.md @@ -29,6 +29,7 @@ formal verification). To formally verify the Ada code in this repository open the client.gpr with GNAT Studio and then select SPARK -> Prove All Sources and use Proof Level 2. +``` Summary of SPARK analysis ========================= @@ -47,6 +48,7 @@ Termination . . . Concurrency . . . . . . --------------------------------------------------------------------------------------------------------------- Total 172 17 (10%) . 155 (90%) . . +``` ## Compiler and Build System installation @@ -73,6 +75,13 @@ cd obj/ ./tls_client_main 127.0.0.1 ``` +On Windows, build the executables with: +```sh +gprbuild -XOS=Windows default.gpr +gprbuild -XOS=Windows client.gpr +``` + + ### GNAT FSF Compiler and GPRBuild manual installation In May 2022 AdaCore announced the end of the GNAT Community releases. Pre-built binaries for the GNAT FSF compiler and GPRBuild can be @@ -82,18 +91,14 @@ Make sure the executables for the compiler and GPRBuild are on the PATH and use gprbuild to build the source code. ## Files -The file c_tls_client_main.c and c_tls_server_main.c are the TLS v1.3 -server and client examples using the WolfSSL library implemented using -the C programming language. - -The translation of the C client example into the Ada/SPARK programming -language can be found in the files: +The TLS v1.3 client example in the Ada/SPARK programming language +using the WolfSSL library can be found in the files: tls_client_main.adb tls_client.ads tls_client.adb -The translation of the C server example into the Ada/SPARK programming -language can be found in the files: +The TLS v1.3 server example in the Ada/SPARK programming language +using the WolfSSL library can be found in the files: tls_server_main.adb tls_server.ads tls_server.adb diff --git a/wrapper/Ada/c_tls_client_main.c b/wrapper/Ada/c_tls_client_main.c deleted file mode 100644 index 1723c841d..000000000 --- a/wrapper/Ada/c_tls_client_main.c +++ /dev/null @@ -1,285 +0,0 @@ -/* c_tls_client_main.c - * - * Copyright (C) 2006-2023 wolfSSL Inc. - * - * This file is part of wolfSSL. (formerly known as CyaSSL) - * - * wolfSSL is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * wolfSSL is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA - */ - -#include - - -/* the usual suspects */ -#include -#include -#include - -/* socket includes */ -#include -#include -#include -#include - -/* wolfSSL */ -#ifndef WOLFSSL_USER_SETTINGS - #include -#endif -#include -#include -#include - -#define DEFAULT_PORT 11111 - -#define CERT_FILE "../certs/client-cert.pem" -#define KEY_FILE "../certs/client-key.pem" -#define CA_FILE "../certs/ca-cert.pem" - -#if defined(WOLFSSL_TLS13) && defined(HAVE_SECRET_CALLBACK) - -#ifndef WOLFSSL_SSLKEYLOGFILE_OUTPUT - #define WOLFSSL_SSLKEYLOGFILE_OUTPUT "sslkeylog.log" -#endif - -/* Callback function for TLS v1.3 secrets for use with Wireshark */ -static int Tls13SecretCallback(WOLFSSL* ssl, int id, const unsigned char* secret, - int secretSz, void* ctx) -{ - int i; - const char* str = NULL; - unsigned char clientRandom[32]; - int clientRandomSz; - XFILE fp = stderr; - if (ctx) { - fp = XFOPEN((const char*)ctx, "ab"); - if (fp == XBADFILE) { - return BAD_FUNC_ARG; - } - } - - clientRandomSz = (int)wolfSSL_get_client_random(ssl, clientRandom, - sizeof(clientRandom)); - - if (clientRandomSz <= 0) { - printf("Error getting client random %d\n", clientRandomSz); - } - -#if 0 - printf("TLS Client Secret CB: Rand %d, Secret %d\n", - clientRandomSz, secretSz); -#endif - - switch (id) { - case CLIENT_EARLY_TRAFFIC_SECRET: - str = "CLIENT_EARLY_TRAFFIC_SECRET"; break; - case EARLY_EXPORTER_SECRET: - str = "EARLY_EXPORTER_SECRET"; break; - case CLIENT_HANDSHAKE_TRAFFIC_SECRET: - str = "CLIENT_HANDSHAKE_TRAFFIC_SECRET"; break; - case SERVER_HANDSHAKE_TRAFFIC_SECRET: - str = "SERVER_HANDSHAKE_TRAFFIC_SECRET"; break; - case CLIENT_TRAFFIC_SECRET: - str = "CLIENT_TRAFFIC_SECRET_0"; break; - case SERVER_TRAFFIC_SECRET: - str = "SERVER_TRAFFIC_SECRET_0"; break; - case EXPORTER_SECRET: - str = "EXPORTER_SECRET"; break; - } - - fprintf(fp, "%s ", str); - for (i = 0; i < clientRandomSz; i++) { - fprintf(fp, "%02x", clientRandom[i]); - } - fprintf(fp, " "); - for (i = 0; i < secretSz; i++) { - fprintf(fp, "%02x", secret[i]); - } - fprintf(fp, "\n"); - - if (fp != stderr) { - XFCLOSE(fp); - } - - return 0; -} -#endif /* WOLFSSL_TLS13 && HAVE_SECRET_CALLBACK */ - -int main(int argc, char** argv) -{ - int ret = 0; -#ifdef WOLFSSL_TLS13 - int sockfd = SOCKET_INVALID; - struct sockaddr_in servAddr; - char buff[256]; - size_t len; - - /* declare wolfSSL objects */ - WOLFSSL_CTX* ctx = NULL; - WOLFSSL* ssl = NULL; - - /* Check for proper calling convention */ - if (argc != 2) { - printf("usage: %s \n", argv[0]); - return 0; - } - - /* Create a socket that uses an internet IPv4 address, - * Sets the socket to be stream based (TCP), - * 0 means choose the default protocol. */ - if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) == -1) { - fprintf(stderr, "ERROR: failed to create the socket\n"); - ret = -1; goto exit; - } - - /* Initialize the server address struct with zeros */ - memset(&servAddr, 0, sizeof(servAddr)); - - /* Fill in the server address */ - servAddr.sin_family = AF_INET; /* using IPv4 */ - servAddr.sin_port = htons(DEFAULT_PORT); /* on DEFAULT_PORT */ - - /* Get the server IPv4 address from the command line call */ - if (inet_pton(AF_INET, argv[1], &servAddr.sin_addr) != 1) { - fprintf(stderr, "ERROR: invalid address\n"); - ret = -1; goto exit; - } - - /* Connect to the server */ - if ((ret = connect(sockfd, (struct sockaddr*) &servAddr, sizeof(servAddr))) - == -1) { - fprintf(stderr, "ERROR: failed to connect\n"); - goto exit; - } - - /*---------------------------------*/ - /* Start of wolfSSL initialization and configuration */ - /*---------------------------------*/ -#if 0 - wolfSSL_Debugging_ON(); -#endif - - /* Initialize wolfSSL */ - if ((ret = wolfSSL_Init()) != WOLFSSL_SUCCESS) { - fprintf(stderr, "ERROR: Failed to initialize the library\n"); - goto exit; - } - - /* Create and initialize WOLFSSL_CTX */ - if ((ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method())) == NULL) { - fprintf(stderr, "ERROR: failed to create WOLFSSL_CTX\n"); - ret = -1; goto exit; - } - - /* Load client certificate into WOLFSSL_CTX */ - if ((ret = wolfSSL_CTX_use_certificate_file(ctx, CERT_FILE, WOLFSSL_FILETYPE_PEM)) - != WOLFSSL_SUCCESS) { - fprintf(stderr, "ERROR: failed to load %s, please check the file.\n", - CERT_FILE); - goto exit; - } - - /* Load client key into WOLFSSL_CTX */ - if ((ret = wolfSSL_CTX_use_PrivateKey_file(ctx, KEY_FILE, WOLFSSL_FILETYPE_PEM)) - != WOLFSSL_SUCCESS) { - fprintf(stderr, "ERROR: failed to load %s, please check the file.\n", - KEY_FILE); - goto exit; - } - - /* Load CA certificate into WOLFSSL_CTX */ - if ((ret = wolfSSL_CTX_load_verify_locations(ctx, CA_FILE, NULL)) - != WOLFSSL_SUCCESS) { - fprintf(stderr, "ERROR: failed to load %s, please check the file.\n", - CA_FILE); - goto exit; - } - - /* Create a WOLFSSL object */ - if ((ssl = wolfSSL_new(ctx)) == NULL) { - fprintf(stderr, "ERROR: failed to create WOLFSSL object\n"); - ret = -1; goto exit; - } - - /* Attach wolfSSL to the socket */ - if ((ret = wolfSSL_set_fd(ssl, sockfd)) != WOLFSSL_SUCCESS) { - fprintf(stderr, "ERROR: Failed to set the file descriptor\n"); - goto exit; - } - -#ifdef HAVE_SECRET_CALLBACK - /* required for getting random used */ - wolfSSL_KeepArrays(ssl); - - /* optional logging for wireshark */ - wolfSSL_set_tls13_secret_cb(ssl, Tls13SecretCallback, - (void*)WOLFSSL_SSLKEYLOGFILE_OUTPUT); -#endif - - /* Connect to wolfSSL on the server side */ - if ((ret = wolfSSL_connect(ssl)) != WOLFSSL_SUCCESS) { - fprintf(stderr, "ERROR: failed to connect to wolfSSL\n"); - goto exit; - } - -#ifdef HAVE_SECRET_CALLBACK - wolfSSL_FreeArrays(ssl); -#endif - - /* Get a message for the server from stdin */ - printf("Message for server: "); - memset(buff, 0, sizeof(buff)); - if (fgets(buff, sizeof(buff), stdin) == NULL) { - fprintf(stderr, "ERROR: failed to get message for server\n"); - ret = -1; goto exit; - } - len = strnlen(buff, sizeof(buff)); - - /* Send the message to the server */ - if ((ret = wolfSSL_write(ssl, buff, len)) != (int)len) { - fprintf(stderr, "ERROR: failed to write entire message\n"); - fprintf(stderr, "%d bytes of %d bytes were sent", ret, (int) len); - goto exit; - } - - /* Read the server data into our buff array */ - memset(buff, 0, sizeof(buff)); - if ((ret = wolfSSL_read(ssl, buff, sizeof(buff)-1)) < 0) { - fprintf(stderr, "ERROR: failed to read\n"); - goto exit; - } - - /* Print to stdout any data the server sends */ - printf("Server: %s\n", buff); - - /* Return reporting a success */ - ret = 0; - -exit: - /* Cleanup and return */ - if (sockfd != SOCKET_INVALID) - close(sockfd); /* Close the connection to the server */ - if (ssl) - wolfSSL_free(ssl); /* Free the wolfSSL object */ - if (ctx) - wolfSSL_CTX_free(ctx); /* Free the wolfSSL context object */ - wolfSSL_Cleanup(); /* Cleanup the wolfSSL environment */ -#else - printf("Example requires TLS v1.3\n"); -#endif - (void)argc; - (void)argv; - - return ret; -} diff --git a/wrapper/Ada/c_tls_server_main.c b/wrapper/Ada/c_tls_server_main.c deleted file mode 100644 index 161b3b864..000000000 --- a/wrapper/Ada/c_tls_server_main.c +++ /dev/null @@ -1,361 +0,0 @@ -/* c_tls_server_main.c - * - * Copyright (C) 2006-2023 wolfSSL Inc. - * - * This file is part of wolfSSL. (formerly known as CyaSSL) - * - * wolfSSL is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * wolfSSL is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA - */ - -#include - - -/* the usual suspects */ -#include -#include -#include - -/* socket includes */ -#include -#include -#include -#include - -#define HAVE_SIGNAL -#ifdef HAVE_SIGNAL -#include /* signal */ -#endif - -/* wolfSSL */ -#ifndef WOLFSSL_USER_SETTINGS - #include -#endif -#include -#include -#include - -#define DEFAULT_PORT 11111 - -#define CERT_FILE "../certs/server-cert.pem" -#define KEY_FILE "../certs/server-key.pem" -#define CA_FILE "../certs/client-cert.pem" - - -#if defined(WOLFSSL_TLS13) && defined(HAVE_SECRET_CALLBACK) - -#ifndef WOLFSSL_SSLKEYLOGFILE_OUTPUT - #define WOLFSSL_SSLKEYLOGFILE_OUTPUT "sslkeylog.log" -#endif - -/* Callback function for TLS v1.3 secrets for use with Wireshark */ -static int Tls13SecretCallback(WOLFSSL* ssl, int id, const unsigned char* secret, - int secretSz, void* ctx) -{ - int i; - const char* str = NULL; - unsigned char serverRandom[32]; - int serverRandomSz; - XFILE fp = stderr; - if (ctx) { - fp = XFOPEN((const char*)ctx, "ab"); - if (fp == XBADFILE) { - return BAD_FUNC_ARG; - } - } - - serverRandomSz = (int)wolfSSL_get_server_random(ssl, serverRandom, - sizeof(serverRandom)); - - if (serverRandomSz <= 0) { - printf("Error getting server random %d\n", serverRandomSz); - } - -#if 0 - printf("TLS Server Secret CB: Rand %d, Secret %d\n", - serverRandomSz, secretSz); -#endif - - switch (id) { - case CLIENT_EARLY_TRAFFIC_SECRET: - str = "CLIENT_EARLY_TRAFFIC_SECRET"; break; - case EARLY_EXPORTER_SECRET: - str = "EARLY_EXPORTER_SECRET"; break; - case CLIENT_HANDSHAKE_TRAFFIC_SECRET: - str = "CLIENT_HANDSHAKE_TRAFFIC_SECRET"; break; - case SERVER_HANDSHAKE_TRAFFIC_SECRET: - str = "SERVER_HANDSHAKE_TRAFFIC_SECRET"; break; - case CLIENT_TRAFFIC_SECRET: - str = "CLIENT_TRAFFIC_SECRET_0"; break; - case SERVER_TRAFFIC_SECRET: - str = "SERVER_TRAFFIC_SECRET_0"; break; - case EXPORTER_SECRET: - str = "EXPORTER_SECRET"; break; - } - - fprintf(fp, "%s ", str); - for (i = 0; i < (int)serverRandomSz; i++) { - fprintf(fp, "%02x", serverRandom[i]); - } - fprintf(fp, " "); - for (i = 0; i < secretSz; i++) { - fprintf(fp, "%02x", secret[i]); - } - fprintf(fp, "\n"); - - if (fp != stderr) { - XFCLOSE(fp); - } - - return 0; -} -#endif /* WOLFSSL_TLS13 && HAVE_SECRET_CALLBACK */ - -static int mSockfd = SOCKET_INVALID; -static int mConnd = SOCKET_INVALID; -static int mShutdown = 0; - -#ifdef HAVE_SIGNAL -static void sig_handler(const int sig) -{ - fprintf(stderr, "SIGINT handled = %d.\n", sig); - - mShutdown = 1; - if (mConnd != SOCKET_INVALID) { - close(mConnd); /* Close the connection to the client */ - mConnd = SOCKET_INVALID; - } - if (mSockfd != SOCKET_INVALID) { - close(mSockfd); /* Close the socket listening for clients */ - mSockfd = SOCKET_INVALID; - } -} -#endif - - -/* To execute the application: ./main */ -int main(int argc, char** argv) -{ - int ret = 0; -#ifdef WOLFSSL_TLS13 - struct sockaddr_in servAddr; - struct sockaddr_in clientAddr; - socklen_t size = sizeof(clientAddr); - char buff[256]; - size_t len; - const char* reply = "I hear ya fa shizzle!\n"; - int on; - - /* declare wolfSSL objects */ - WOLFSSL_CTX* ctx = NULL; - WOLFSSL* ssl = NULL; - -#ifdef HAVE_SIGNAL - signal(SIGINT, sig_handler); -#endif - - /* Initialize the server address struct with zeros */ - memset(&servAddr, 0, sizeof(servAddr)); - - /* Fill in the server address */ - servAddr.sin_family = AF_INET; /* using IPv4 */ - servAddr.sin_port = htons(DEFAULT_PORT); /* on DEFAULT_PORT */ - servAddr.sin_addr.s_addr = INADDR_ANY; /* from anywhere */ - - - /* Create a socket that uses an internet IPv4 address, - * Sets the socket to be stream based (TCP), - * 0 means choose the default protocol. */ - if ((mSockfd = socket(AF_INET, SOCK_STREAM, 0)) == -1) { - fprintf(stderr, "ERROR: failed to create the socket\n"); - goto exit; - } - - /* make sure server is setup for reuse addr/port */ - on = 1; - setsockopt(mSockfd, SOL_SOCKET, SO_REUSEADDR, - (char*)&on, (socklen_t)sizeof(on)); -#ifdef SO_REUSEPORT - setsockopt(mSockfd, SOL_SOCKET, SO_REUSEPORT, - (char*)&on, (socklen_t)sizeof(on)); -#endif - - /* Bind the server socket to our port */ - if (bind(mSockfd, (struct sockaddr*)&servAddr, sizeof(servAddr)) == -1) { - fprintf(stderr, "ERROR: failed to bind\n"); - goto exit; - } - - /* Listen for a new connection, allow 5 pending connections */ - if (listen(mSockfd, 5) == -1) { - fprintf(stderr, "ERROR: failed to listen\n"); - goto exit; - } - - /*---------------------------------*/ - /* Start of wolfSSL initialization and configuration */ - /*---------------------------------*/ -#if 0 - wolfSSL_Debugging_ON(); -#endif - - /* Initialize wolfSSL */ - if ((ret = wolfSSL_Init()) != WOLFSSL_SUCCESS) { - fprintf(stderr, "ERROR: Failed to initialize the library\n"); - goto exit; - } - - /* Create and initialize WOLFSSL_CTX */ - if ((ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method())) == NULL) { - fprintf(stderr, "ERROR: failed to create WOLFSSL_CTX\n"); - ret = -1; - goto exit; - } - - /* Require mutual authentication */ - wolfSSL_CTX_set_verify(ctx, - WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL); - - /* Load server certificates into WOLFSSL_CTX */ - if ((ret = wolfSSL_CTX_use_certificate_file(ctx, CERT_FILE, - WOLFSSL_FILETYPE_PEM)) != WOLFSSL_SUCCESS) { - fprintf(stderr, "ERROR: failed to load %s, please check the file.\n", - CERT_FILE); - goto exit; - } - - /* Load server key into WOLFSSL_CTX */ - if ((ret = wolfSSL_CTX_use_PrivateKey_file(ctx, KEY_FILE, - WOLFSSL_FILETYPE_PEM)) != WOLFSSL_SUCCESS) { - fprintf(stderr, "ERROR: failed to load %s, please check the file.\n", - KEY_FILE); - goto exit; - } - - /* Load client certificate as "trusted" into WOLFSSL_CTX */ - if ((ret = wolfSSL_CTX_load_verify_locations(ctx, CA_FILE, NULL)) - != WOLFSSL_SUCCESS) { - fprintf(stderr, "ERROR: failed to load %s, please check the file.\n", - CA_FILE); - goto exit; - } - - /* Continue to accept clients until mShutdown is issued */ - while (!mShutdown) { - printf("Waiting for a connection...\n"); - - /* Accept client connections */ - if ((mConnd = accept(mSockfd, (struct sockaddr*)&clientAddr, &size)) - == -1) { - fprintf(stderr, "ERROR: failed to accept the connection\n\n"); - ret = -1; goto exit; - } - - /* Create a WOLFSSL object */ - if ((ssl = wolfSSL_new(ctx)) == NULL) { - fprintf(stderr, "ERROR: failed to create WOLFSSL object\n"); - ret = -1; goto exit; - } - - /* Attach wolfSSL to the socket */ - wolfSSL_set_fd(ssl, mConnd); - - #ifdef HAVE_SECRET_CALLBACK - /* required for getting random used */ - wolfSSL_KeepArrays(ssl); - - /* optional logging for wireshark */ - wolfSSL_set_tls13_secret_cb(ssl, Tls13SecretCallback, - (void*)WOLFSSL_SSLKEYLOGFILE_OUTPUT); - #endif - - /* Establish TLS connection */ - if ((ret = wolfSSL_accept(ssl)) != WOLFSSL_SUCCESS) { - fprintf(stderr, "wolfSSL_accept error = %d\n", - wolfSSL_get_error(ssl, ret)); - goto exit; - } - - printf("Client connected successfully\n"); - - #ifdef HAVE_SECRET_CALLBACK - wolfSSL_FreeArrays(ssl); - #endif - - /* Read the client data into our buff array */ - memset(buff, 0, sizeof(buff)); - if ((ret = wolfSSL_read(ssl, buff, sizeof(buff)-1)) < 0) { - fprintf(stderr, "ERROR: failed to read\n"); - goto exit; - } - - /* Print to stdout any data the client sends */ - printf("Client: %s\n", buff); - - /* Check for server shutdown command */ - if (strncmp(buff, "shutdown", 8) == 0) { - printf("Shutdown command issued!\n"); - mShutdown = 1; - } - - /* Write our reply into buff */ - memset(buff, 0, sizeof(buff)); - memcpy(buff, reply, strlen(reply)); - len = strnlen(buff, sizeof(buff)); - - /* Reply back to the client */ - if ((ret = wolfSSL_write(ssl, buff, len)) != (int)len) { - fprintf(stderr, "ERROR: failed to write\n"); - goto exit; - } - - /* Cleanup after this connection */ - wolfSSL_shutdown(ssl); - if (ssl) { - wolfSSL_free(ssl); /* Free the wolfSSL object */ - ssl = NULL; - } - if (mConnd != SOCKET_INVALID) { - close(mConnd); /* Close the connection to the client */ - mConnd = SOCKET_INVALID; - } - } - - printf("Shutdown complete\n"); - -exit: - /* Cleanup and return */ - if (ssl) - wolfSSL_free(ssl); /* Free the wolfSSL object */ - if (mConnd != SOCKET_INVALID) { - close(mConnd); /* Close the connection to the client */ - mConnd = SOCKET_INVALID; - } - if (mSockfd != SOCKET_INVALID) { - close(mSockfd); /* Close the socket listening for clients */ - mSockfd = SOCKET_INVALID; - } - if (ctx) - wolfSSL_CTX_free(ctx); /* Free the wolfSSL context object */ - wolfSSL_Cleanup(); /* Cleanup the wolfSSL environment */ - -#else - printf("Example requires TLS v1.3\n"); -#endif /* WOLFSSL_TLS13 */ - - (void)argc; - (void)argv; - - return ret; -} diff --git a/wrapper/Ada/client.gpr b/wrapper/Ada/client.gpr index 0642337c6..cdbf3dedf 100644 --- a/wrapper/Ada/client.gpr +++ b/wrapper/Ada/client.gpr @@ -1,4 +1,8 @@ project Client is + type OS_Kind is ("Windows", "Linux_Or_Mac"); + + OS : OS_Kind := external ("OS", "Linux_Or_Mac"); + for Languages use ("C", "Ada"); for Source_Dirs use (".", @@ -55,11 +59,16 @@ project Client is end Compiler; package Linker is - for Switches ("C") use - ("-lm"); -- To include the math library (used by WolfSSL). + case OS is + when "Windows" => + for Switches ("Ada") use + ("-lm", -- To include the math library (used by WolfSSL). + "-lcrypt32"); -- Needed on Windows. - for Switches ("Ada") use - ("-lm"); -- To include the math library (used by WolfSSL). + when "Linux_Or_Mac" => + for Switches ("Ada") use + ("-lm"); -- To include the math library (used by WolfSSL). + end case; end Linker; package Binder is diff --git a/wrapper/Ada/default.gpr b/wrapper/Ada/default.gpr index 37227b6f5..bbd3b34f1 100644 --- a/wrapper/Ada/default.gpr +++ b/wrapper/Ada/default.gpr @@ -1,4 +1,9 @@ project Default is + + type OS_Kind is ("Windows", "Linux_Or_Mac"); + + OS : OS_Kind := external ("OS", "Linux_Or_Mac"); + for Languages use ("C", "Ada"); for Source_Dirs use (".", @@ -15,9 +20,7 @@ project Default is for Object_Dir use "obj"; - for Main use ("c_tls_client_main.c", - "c_tls_server_main.c", - "tls_server_main.adb"); + for Main use ("tls_server_main.adb"); package Naming is for Spec_Suffix ("C") use ".h"; @@ -68,11 +71,16 @@ project Default is end Compiler; package Linker is - for Switches ("C") use - ("-lm"); -- To include the math library (used by WolfSSL). + case OS is + when "Windows" => + for Switches ("Ada") use + ("-lm", -- To include the math library (used by WolfSSL). + "-lcrypt32"); -- Needed on Windows. - for Switches ("Ada") use - ("-lm"); -- To include the math library (used by WolfSSL). + when "Linux_Or_Mac" => + for Switches ("Ada") use + ("-lm"); -- To include the math library (used by WolfSSL). + end case; end Linker; package Binder is diff --git a/wrapper/Ada/include.am b/wrapper/Ada/include.am index 7ef6f51c7..3701e581c 100644 --- a/wrapper/Ada/include.am +++ b/wrapper/Ada/include.am @@ -6,8 +6,6 @@ EXTRA_DIST+= wrapper/Ada/README.md EXTRA_DIST+= wrapper/Ada/default.gpr EXTRA_DIST+= wrapper/Ada/gnat.adc EXTRA_DIST+= wrapper/Ada/ada_binding.c -EXTRA_DIST+= wrapper/Ada/c_tls_client_main.c -EXTRA_DIST+= wrapper/Ada/c_tls_server_main.c EXTRA_DIST+= wrapper/Ada/tls_client_main.adb EXTRA_DIST+= wrapper/Ada/tls_client.adb EXTRA_DIST+= wrapper/Ada/tls_client.ads diff --git a/wrapper/Ada/tls_client.adb b/wrapper/Ada/tls_client.adb index a60f5618a..88f5a60df 100644 --- a/wrapper/Ada/tls_client.adb +++ b/wrapper/Ada/tls_client.adb @@ -101,9 +101,9 @@ package body Tls_Client with SPARK_Mode is Any_Inet_Addr : Inet_Addr_Type renames SPARK_Sockets.Any_Inet_Addr; - CERT_FILE : constant String := "../certs/client-cert.pem"; - KEY_FILE : constant String := "../certs/client-key.pem"; - CA_FILE : constant String := "../certs/ca-cert.pem"; + CERT_FILE : constant String := "../../../certs/client-cert.pem"; + KEY_FILE : constant String := "../../../certs/client-key.pem"; + CA_FILE : constant String := "../../../certs/ca-cert.pem"; subtype Byte_Array is WolfSSL.Byte_Array; diff --git a/wrapper/Ada/tls_server.adb b/wrapper/Ada/tls_server.adb index 797d23cae..2858f26fd 100644 --- a/wrapper/Ada/tls_server.adb +++ b/wrapper/Ada/tls_server.adb @@ -87,9 +87,9 @@ package body Tls_Server with SPARK_Mode is Any_Inet_Addr : Inet_Addr_Type renames SPARK_Sockets.Any_Inet_Addr; - CERT_FILE : constant String := "../certs/server-cert.pem"; - KEY_FILE : constant String := "../certs/server-key.pem"; - CA_FILE : constant String := "../certs/client-cert.pem"; + CERT_FILE : constant String := "../../../certs/server-cert.pem"; + KEY_FILE : constant String := "../../../certs/server-key.pem"; + CA_FILE : constant String := "../../../certs/client-cert.pem"; subtype Byte_Array is WolfSSL.Byte_Array; @@ -305,7 +305,11 @@ package body Tls_Server with SPARK_Mode is Put_Line ("ERROR: failed to write full response."); end if; - Result := WolfSSL.Shutdown (Ssl); + for I in 1 .. 3 loop + Result := WolfSSL.Shutdown (Ssl); + exit when Result = Success; + delay 0.001; -- Delay is expressed in seconds. + end loop; if Result /= Success then Put_Line ("ERROR: Failed to shutdown WolfSSL context."); end if; diff --git a/wrapper/Ada/user_settings.h b/wrapper/Ada/user_settings.h index f77e8d480..df4ada44e 100644 --- a/wrapper/Ada/user_settings.h +++ b/wrapper/Ada/user_settings.h @@ -42,7 +42,7 @@ extern "C" { #define WOLFSSL_IGNORE_FILE_WARN /* Ignore *.c include warnings */ #define WOLFSSL_PUBLIC_MP /* Make math API's public */ #define WOLFSSL_ENCRYPTED_KEYS /* Support for encrypted keys PKCS8 */ -#define WOLFSSL_SYS_CA_CERTS /* Enable ability to load CA certs from OS */ +//#define WOLFSSL_SYS_CA_CERTS /* Enable ability to load CA certs from OS */ #if 0 /* Not needed */ #define KEEP_PEER_CERT /* Retain peer's certificate */