cjson
fuzzing
inputs
test1 test10 test11 test2 test3 test3.bu test3.uf test3.uu test4 test5 test6 test7 test8 test9library_config
cJSONConfig.cmake.in cJSONConfigVersion.cmake.in libcjson.pc.in libcjson_utils.pc.in uninstall.cmaketests
inputs
test1 test1.expected test10 test10.expected test11 test11.expected test2 test2.expected test3 test3.expected test4 test4.expected test5 test5.expected test6 test7 test7.expected test8 test8.expected test9 test9.expectedjson-patch-tests
.editorconfig .gitignore .npmignore README.md cjson-utils-tests.json package.json spec_tests.json tests.jsonunity
auto
colour_prompt.rb colour_reporter.rb generate_config.yml generate_module.rb generate_test_runner.rb parse_output.rb stylize_as_junit.rb test_file_filter.rb type_sanitizer.rb unity_test_summary.py unity_test_summary.rb unity_to_junit.pydocs
ThrowTheSwitchCodingStandard.md UnityAssertionsCheatSheetSuitableforPrintingandPossiblyFraming.pdf UnityAssertionsReference.md UnityConfigurationGuide.md UnityGettingStartedGuide.md UnityHelperScriptsGuide.md license.txtexamples
unity_config.hcurl
.github
scripts
cleancmd.pl cmp-config.pl cmp-pkg-config.sh codespell-ignore.words codespell.sh distfiles.sh pyspelling.words pyspelling.yaml randcurl.pl requirements-docs.txt requirements-proselint.txt requirements.txt shellcheck-ci.sh shellcheck.sh spellcheck.curl trimmarkdownheader.pl typos.sh typos.toml verify-examples.pl verify-synopsis.pl yamlcheck.sh yamlcheck.yamlworkflows
appveyor-status.yml checkdocs.yml checksrc.yml checkurls.yml codeql.yml configure-vs-cmake.yml curl-for-win.yml distcheck.yml fuzz.yml http3-linux.yml label.yml linux-old.yml linux.yml macos.yml non-native.yml windows.ymlCMake
CurlSymbolHiding.cmake CurlTests.c FindBrotli.cmake FindCares.cmake FindGSS.cmake FindGnuTLS.cmake FindLDAP.cmake FindLibbacktrace.cmake FindLibgsasl.cmake FindLibidn2.cmake FindLibpsl.cmake FindLibssh.cmake FindLibssh2.cmake FindLibuv.cmake FindMbedTLS.cmake FindNGHTTP2.cmake FindNGHTTP3.cmake FindNGTCP2.cmake FindNettle.cmake FindQuiche.cmake FindRustls.cmake FindWolfSSL.cmake FindZstd.cmake Macros.cmake OtherTests.cmake PickyWarnings.cmake Utilities.cmake cmake_uninstall.in.cmake curl-config.in.cmake unix-cache.cmake win32-cache.cmakedocs
cmdline-opts
.gitignore CMakeLists.txt MANPAGE.md Makefile.am Makefile.inc _AUTHORS.md _BUGS.md _DESCRIPTION.md _ENVIRONMENT.md _EXITCODES.md _FILES.md _GLOBBING.md _NAME.md _OPTIONS.md _OUTPUT.md _PROGRESS.md _PROTOCOLS.md _PROXYPREFIX.md _SEEALSO.md _SYNOPSIS.md _URL.md _VARIABLES.md _VERSION.md _WWW.md abstract-unix-socket.md alt-svc.md anyauth.md append.md aws-sigv4.md basic.md ca-native.md cacert.md capath.md cert-status.md cert-type.md cert.md ciphers.md compressed-ssh.md compressed.md config.md connect-timeout.md connect-to.md continue-at.md cookie-jar.md cookie.md create-dirs.md create-file-mode.md crlf.md crlfile.md curves.md data-ascii.md data-binary.md data-raw.md data-urlencode.md data.md delegation.md digest.md disable-eprt.md disable-epsv.md disable.md disallow-username-in-url.md dns-interface.md dns-ipv4-addr.md dns-ipv6-addr.md dns-servers.md doh-cert-status.md doh-insecure.md doh-url.md dump-ca-embed.md dump-header.md ech.md egd-file.md engine.md etag-compare.md etag-save.md expect100-timeout.md fail-early.md fail-with-body.md fail.md false-start.md follow.md form-escape.md form-string.md form.md ftp-account.md ftp-alternative-to-user.md ftp-create-dirs.md ftp-method.md ftp-pasv.md ftp-port.md ftp-pret.md ftp-skip-pasv-ip.md ftp-ssl-ccc-mode.md ftp-ssl-ccc.md ftp-ssl-control.md get.md globoff.md happy-eyeballs-timeout-ms.md haproxy-clientip.md haproxy-protocol.md head.md header.md help.md hostpubmd5.md hostpubsha256.md hsts.md http0.9.md http1.0.md http1.1.md http2-prior-knowledge.md http2.md http3-only.md http3.md ignore-content-length.md insecure.md interface.md ip-tos.md ipfs-gateway.md ipv4.md ipv6.md json.md junk-session-cookies.md keepalive-cnt.md keepalive-time.md key-type.md key.md knownhosts.md krb.md libcurl.md limit-rate.md list-only.md local-port.md location-trusted.md location.md login-options.md mail-auth.md mail-from.md mail-rcpt-allowfails.md mail-rcpt.md mainpage.idx manual.md max-filesize.md max-redirs.md max-time.md metalink.md mptcp.md negotiate.md netrc-file.md netrc-optional.md netrc.md next.md no-alpn.md no-buffer.md no-clobber.md no-keepalive.md no-npn.md no-progress-meter.md no-sessionid.md noproxy.md ntlm-wb.md ntlm.md oauth2-bearer.md out-null.md output-dir.md output.md parallel-immediate.md parallel-max-host.md parallel-max.md parallel.md pass.md path-as-is.md pinnedpubkey.md post301.md post302.md post303.md preproxy.md progress-bar.md proto-default.md proto-redir.md proto.md proxy-anyauth.md proxy-basic.md proxy-ca-native.md proxy-cacert.md proxy-capath.md proxy-cert-type.md proxy-cert.md proxy-ciphers.md proxy-crlfile.md proxy-digest.md proxy-header.md proxy-http2.md proxy-insecure.md proxy-key-type.md proxy-key.md proxy-negotiate.md proxy-ntlm.md proxy-pass.md proxy-pinnedpubkey.md proxy-service-name.md proxy-ssl-allow-beast.md proxy-ssl-auto-client-cert.md proxy-tls13-ciphers.md proxy-tlsauthtype.md proxy-tlspassword.md proxy-tlsuser.md proxy-tlsv1.md proxy-user.md proxy.md proxy1.0.md proxytunnel.md pubkey.md quote.md random-file.md range.md rate.md raw.md referer.md remote-header-name.md remote-name-all.md remote-name.md remote-time.md remove-on-error.md request-target.md request.md resolve.md retry-all-errors.md retry-connrefused.md retry-delay.md retry-max-time.md retry.md sasl-authzid.md sasl-ir.md service-name.md show-error.md show-headers.md sigalgs.md silent.md skip-existing.md socks4.md socks4a.md socks5-basic.md socks5-gssapi-nec.md socks5-gssapi-service.md socks5-gssapi.md socks5-hostname.md socks5.md speed-limit.md speed-time.md ssl-allow-beast.md ssl-auto-client-cert.md ssl-no-revoke.md ssl-reqd.md ssl-revoke-best-effort.md ssl-sessions.md ssl.md sslv2.md sslv3.md stderr.md styled-output.md suppress-connect-headers.md tcp-fastopen.md tcp-nodelay.md telnet-option.md tftp-blksize.md tftp-no-options.md time-cond.md tls-earlydata.md tls-max.md tls13-ciphers.md tlsauthtype.md tlspassword.md tlsuser.md tlsv1.0.md tlsv1.1.md tlsv1.2.md tlsv1.3.md tlsv1.md tr-encoding.md trace-ascii.md trace-config.md trace-ids.md trace-time.md trace.md unix-socket.md upload-file.md upload-flags.md url-query.md url.md use-ascii.md user-agent.md user.md variable.md verbose.md version.md vlan-priority.md write-out.md xattr.mdexamples
.checksrc .gitignore 10-at-a-time.c CMakeLists.txt Makefile.am Makefile.example Makefile.inc README.md adddocsref.pl address-scope.c altsvc.c anyauthput.c block_ip.c cacertinmem.c certinfo.c chkspeed.c connect-to.c cookie_interface.c crawler.c debug.c default-scheme.c ephiperfifo.c evhiperfifo.c externalsocket.c fileupload.c ftp-delete.c ftp-wildcard.c ftpget.c ftpgetinfo.c ftpgetresp.c ftpsget.c ftpupload.c ftpuploadfrommem.c ftpuploadresume.c getinfo.c getinmemory.c getredirect.c getreferrer.c ghiper.c headerapi.c hiperfifo.c hsts-preload.c htmltidy.c htmltitle.cpp http-options.c http-post.c http2-download.c http2-pushinmemory.c http2-serverpush.c http2-upload.c http3-present.c http3.c httpcustomheader.c httpput-postfields.c httpput.c https.c imap-append.c imap-authzid.c imap-copy.c imap-create.c imap-delete.c imap-examine.c imap-fetch.c imap-list.c imap-lsub.c imap-multi.c imap-noop.c imap-search.c imap-ssl.c imap-store.c imap-tls.c interface.c ipv6.c keepalive.c localport.c log_failed_transfers.c maxconnects.c multi-app.c multi-debugcallback.c multi-double.c multi-event.c multi-formadd.c multi-legacy.c multi-post.c multi-single.c multi-uv.c netrc.c parseurl.c persistent.c pop3-authzid.c pop3-dele.c pop3-list.c pop3-multi.c pop3-noop.c pop3-retr.c pop3-ssl.c pop3-stat.c pop3-tls.c pop3-top.c pop3-uidl.c post-callback.c postinmemory.c postit2-formadd.c postit2.c progressfunc.c protofeats.c range.c resolve.c rtsp-options.c sendrecv.c sepheaders.c sessioninfo.c sftpget.c sftpuploadresume.c shared-connection-cache.c simple.c simplepost.c simplessl.c smooth-gtk-thread.c smtp-authzid.c smtp-expn.c smtp-mail.c smtp-mime.c smtp-multi.c smtp-ssl.c smtp-tls.c smtp-vrfy.c sslbackend.c synctime.c threaded.c unixsocket.c url2file.c urlapi.c usercertinmem.c version-check.pl websocket-cb.c websocket-updown.c websocket.c xmlstream.cinternals
BUFQ.md BUFREF.md CHECKSRC.md CLIENT-READERS.md CLIENT-WRITERS.md CODE_STYLE.md CONNECTION-FILTERS.md CREDENTIALS.md CURLX.md DYNBUF.md HASH.md LLIST.md MID.md MQTT.md MULTI-EV.md NEW-PROTOCOL.md PEERS.md PORTING.md RATELIMITS.md README.md SCORECARD.md SPLAY.md STRPARSE.md THRDPOOL-AND-QUEUE.md TIME-KEEPING.md TLS-SESSIONS.md UINT_SETS.md WEBSOCKET.mdlibcurl
opts
CMakeLists.txt CURLINFO_ACTIVESOCKET.md CURLINFO_APPCONNECT_TIME.md CURLINFO_APPCONNECT_TIME_T.md CURLINFO_CAINFO.md CURLINFO_CAPATH.md CURLINFO_CERTINFO.md CURLINFO_CONDITION_UNMET.md CURLINFO_CONNECT_TIME.md CURLINFO_CONNECT_TIME_T.md CURLINFO_CONN_ID.md CURLINFO_CONTENT_LENGTH_DOWNLOAD.md CURLINFO_CONTENT_LENGTH_DOWNLOAD_T.md CURLINFO_CONTENT_LENGTH_UPLOAD.md CURLINFO_CONTENT_LENGTH_UPLOAD_T.md CURLINFO_CONTENT_TYPE.md CURLINFO_COOKIELIST.md CURLINFO_EARLYDATA_SENT_T.md CURLINFO_EFFECTIVE_METHOD.md CURLINFO_EFFECTIVE_URL.md CURLINFO_FILETIME.md CURLINFO_FILETIME_T.md CURLINFO_FTP_ENTRY_PATH.md CURLINFO_HEADER_SIZE.md CURLINFO_HTTPAUTH_AVAIL.md CURLINFO_HTTPAUTH_USED.md CURLINFO_HTTP_CONNECTCODE.md CURLINFO_HTTP_VERSION.md CURLINFO_LASTSOCKET.md CURLINFO_LOCAL_IP.md CURLINFO_LOCAL_PORT.md CURLINFO_NAMELOOKUP_TIME.md CURLINFO_NAMELOOKUP_TIME_T.md CURLINFO_NUM_CONNECTS.md CURLINFO_OS_ERRNO.md CURLINFO_POSTTRANSFER_TIME_T.md CURLINFO_PRETRANSFER_TIME.md CURLINFO_PRETRANSFER_TIME_T.md CURLINFO_PRIMARY_IP.md CURLINFO_PRIMARY_PORT.md CURLINFO_PRIVATE.md CURLINFO_PROTOCOL.md CURLINFO_PROXYAUTH_AVAIL.md CURLINFO_PROXYAUTH_USED.md CURLINFO_PROXY_ERROR.md CURLINFO_PROXY_SSL_VERIFYRESULT.md CURLINFO_QUEUE_TIME_T.md CURLINFO_REDIRECT_COUNT.md CURLINFO_REDIRECT_TIME.md CURLINFO_REDIRECT_TIME_T.md CURLINFO_REDIRECT_URL.md CURLINFO_REFERER.md CURLINFO_REQUEST_SIZE.md CURLINFO_RESPONSE_CODE.md CURLINFO_RETRY_AFTER.md CURLINFO_RTSP_CLIENT_CSEQ.md CURLINFO_RTSP_CSEQ_RECV.md CURLINFO_RTSP_SERVER_CSEQ.md CURLINFO_RTSP_SESSION_ID.md CURLINFO_SCHEME.md CURLINFO_SIZE_DELIVERED.md CURLINFO_SIZE_DOWNLOAD.md CURLINFO_SIZE_DOWNLOAD_T.md CURLINFO_SIZE_UPLOAD.md CURLINFO_SIZE_UPLOAD_T.md CURLINFO_SPEED_DOWNLOAD.md CURLINFO_SPEED_DOWNLOAD_T.md CURLINFO_SPEED_UPLOAD.md CURLINFO_SPEED_UPLOAD_T.md CURLINFO_SSL_ENGINES.md CURLINFO_SSL_VERIFYRESULT.md CURLINFO_STARTTRANSFER_TIME.md CURLINFO_STARTTRANSFER_TIME_T.md CURLINFO_TLS_SESSION.md CURLINFO_TLS_SSL_PTR.md CURLINFO_TOTAL_TIME.md CURLINFO_TOTAL_TIME_T.md CURLINFO_USED_PROXY.md CURLINFO_XFER_ID.md CURLMINFO_XFERS_ADDED.md CURLMINFO_XFERS_CURRENT.md CURLMINFO_XFERS_DONE.md CURLMINFO_XFERS_PENDING.md CURLMINFO_XFERS_RUNNING.md CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE.md CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE.md CURLMOPT_MAXCONNECTS.md CURLMOPT_MAX_CONCURRENT_STREAMS.md CURLMOPT_MAX_HOST_CONNECTIONS.md CURLMOPT_MAX_PIPELINE_LENGTH.md CURLMOPT_MAX_TOTAL_CONNECTIONS.md CURLMOPT_NETWORK_CHANGED.md CURLMOPT_NOTIFYDATA.md CURLMOPT_NOTIFYFUNCTION.md CURLMOPT_PIPELINING.md CURLMOPT_PIPELINING_SERVER_BL.md CURLMOPT_PIPELINING_SITE_BL.md CURLMOPT_PUSHDATA.md CURLMOPT_PUSHFUNCTION.md CURLMOPT_QUICK_EXIT.md CURLMOPT_RESOLVE_THREADS_MAX.md CURLMOPT_SOCKETDATA.md CURLMOPT_SOCKETFUNCTION.md CURLMOPT_TIMERDATA.md CURLMOPT_TIMERFUNCTION.md CURLOPT_ABSTRACT_UNIX_SOCKET.md CURLOPT_ACCEPTTIMEOUT_MS.md CURLOPT_ACCEPT_ENCODING.md CURLOPT_ADDRESS_SCOPE.md CURLOPT_ALTSVC.md CURLOPT_ALTSVC_CTRL.md CURLOPT_APPEND.md CURLOPT_AUTOREFERER.md CURLOPT_AWS_SIGV4.md CURLOPT_BUFFERSIZE.md CURLOPT_CAINFO.md CURLOPT_CAINFO_BLOB.md CURLOPT_CAPATH.md CURLOPT_CA_CACHE_TIMEOUT.md CURLOPT_CERTINFO.md CURLOPT_CHUNK_BGN_FUNCTION.md CURLOPT_CHUNK_DATA.md CURLOPT_CHUNK_END_FUNCTION.md CURLOPT_CLOSESOCKETDATA.md CURLOPT_CLOSESOCKETFUNCTION.md CURLOPT_CONNECTTIMEOUT.md CURLOPT_CONNECTTIMEOUT_MS.md CURLOPT_CONNECT_ONLY.md CURLOPT_CONNECT_TO.md CURLOPT_CONV_FROM_NETWORK_FUNCTION.md CURLOPT_CONV_FROM_UTF8_FUNCTION.md CURLOPT_CONV_TO_NETWORK_FUNCTION.md CURLOPT_COOKIE.md CURLOPT_COOKIEFILE.md CURLOPT_COOKIEJAR.md CURLOPT_COOKIELIST.md CURLOPT_COOKIESESSION.md CURLOPT_COPYPOSTFIELDS.md CURLOPT_CRLF.md CURLOPT_CRLFILE.md CURLOPT_CURLU.md CURLOPT_CUSTOMREQUEST.md CURLOPT_DEBUGDATA.md CURLOPT_DEBUGFUNCTION.md CURLOPT_DEFAULT_PROTOCOL.md CURLOPT_DIRLISTONLY.md CURLOPT_DISALLOW_USERNAME_IN_URL.md CURLOPT_DNS_CACHE_TIMEOUT.md CURLOPT_DNS_INTERFACE.md CURLOPT_DNS_LOCAL_IP4.md CURLOPT_DNS_LOCAL_IP6.md CURLOPT_DNS_SERVERS.md CURLOPT_DNS_SHUFFLE_ADDRESSES.md CURLOPT_DNS_USE_GLOBAL_CACHE.md CURLOPT_DOH_SSL_VERIFYHOST.md CURLOPT_DOH_SSL_VERIFYPEER.md CURLOPT_DOH_SSL_VERIFYSTATUS.md CURLOPT_DOH_URL.md CURLOPT_ECH.md CURLOPT_EGDSOCKET.md CURLOPT_ERRORBUFFER.md CURLOPT_EXPECT_100_TIMEOUT_MS.md CURLOPT_FAILONERROR.md CURLOPT_FILETIME.md CURLOPT_FNMATCH_DATA.md CURLOPT_FNMATCH_FUNCTION.md CURLOPT_FOLLOWLOCATION.md CURLOPT_FORBID_REUSE.md CURLOPT_FRESH_CONNECT.md CURLOPT_FTPPORT.md CURLOPT_FTPSSLAUTH.md CURLOPT_FTP_ACCOUNT.md CURLOPT_FTP_ALTERNATIVE_TO_USER.md CURLOPT_FTP_CREATE_MISSING_DIRS.md CURLOPT_FTP_FILEMETHOD.md CURLOPT_FTP_SKIP_PASV_IP.md CURLOPT_FTP_SSL_CCC.md CURLOPT_FTP_USE_EPRT.md CURLOPT_FTP_USE_EPSV.md CURLOPT_FTP_USE_PRET.md CURLOPT_GSSAPI_DELEGATION.md CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS.md CURLOPT_HAPROXYPROTOCOL.md CURLOPT_HAPROXY_CLIENT_IP.md CURLOPT_HEADER.md CURLOPT_HEADERDATA.md CURLOPT_HEADERFUNCTION.md CURLOPT_HEADEROPT.md CURLOPT_HSTS.md CURLOPT_HSTSREADDATA.md CURLOPT_HSTSREADFUNCTION.md CURLOPT_HSTSWRITEDATA.md CURLOPT_HSTSWRITEFUNCTION.md CURLOPT_HSTS_CTRL.md CURLOPT_HTTP09_ALLOWED.md CURLOPT_HTTP200ALIASES.md CURLOPT_HTTPAUTH.md CURLOPT_HTTPGET.md CURLOPT_HTTPHEADER.md CURLOPT_HTTPPOST.md CURLOPT_HTTPPROXYTUNNEL.md CURLOPT_HTTP_CONTENT_DECODING.md CURLOPT_HTTP_TRANSFER_DECODING.md CURLOPT_HTTP_VERSION.md CURLOPT_IGNORE_CONTENT_LENGTH.md CURLOPT_INFILESIZE.md CURLOPT_INFILESIZE_LARGE.md CURLOPT_INTERFACE.md CURLOPT_INTERLEAVEDATA.md CURLOPT_INTERLEAVEFUNCTION.md CURLOPT_IOCTLDATA.md CURLOPT_IOCTLFUNCTION.md CURLOPT_IPRESOLVE.md CURLOPT_ISSUERCERT.md CURLOPT_ISSUERCERT_BLOB.md CURLOPT_KEEP_SENDING_ON_ERROR.md CURLOPT_KEYPASSWD.md CURLOPT_KRBLEVEL.md CURLOPT_LOCALPORT.md CURLOPT_LOCALPORTRANGE.md CURLOPT_LOGIN_OPTIONS.md CURLOPT_LOW_SPEED_LIMIT.md CURLOPT_LOW_SPEED_TIME.md CURLOPT_MAIL_AUTH.md CURLOPT_MAIL_FROM.md CURLOPT_MAIL_RCPT.md CURLOPT_MAIL_RCPT_ALLOWFAILS.md CURLOPT_MAXAGE_CONN.md CURLOPT_MAXCONNECTS.md CURLOPT_MAXFILESIZE.md CURLOPT_MAXFILESIZE_LARGE.md CURLOPT_MAXLIFETIME_CONN.md CURLOPT_MAXREDIRS.md CURLOPT_MAX_RECV_SPEED_LARGE.md CURLOPT_MAX_SEND_SPEED_LARGE.md CURLOPT_MIMEPOST.md CURLOPT_MIME_OPTIONS.md CURLOPT_NETRC.md CURLOPT_NETRC_FILE.md CURLOPT_NEW_DIRECTORY_PERMS.md CURLOPT_NEW_FILE_PERMS.md CURLOPT_NOBODY.md CURLOPT_NOPROGRESS.md CURLOPT_NOPROXY.md CURLOPT_NOSIGNAL.md CURLOPT_OPENSOCKETDATA.md CURLOPT_OPENSOCKETFUNCTION.md CURLOPT_PASSWORD.md CURLOPT_PATH_AS_IS.md CURLOPT_PINNEDPUBLICKEY.md CURLOPT_PIPEWAIT.md CURLOPT_PORT.md CURLOPT_POST.md CURLOPT_POSTFIELDS.md CURLOPT_POSTFIELDSIZE.md CURLOPT_POSTFIELDSIZE_LARGE.md CURLOPT_POSTQUOTE.md CURLOPT_POSTREDIR.md CURLOPT_PREQUOTE.md CURLOPT_PREREQDATA.md CURLOPT_PREREQFUNCTION.md CURLOPT_PRE_PROXY.md CURLOPT_PRIVATE.md CURLOPT_PROGRESSDATA.md CURLOPT_PROGRESSFUNCTION.md CURLOPT_PROTOCOLS.md CURLOPT_PROTOCOLS_STR.md CURLOPT_PROXY.md CURLOPT_PROXYAUTH.md CURLOPT_PROXYHEADER.md CURLOPT_PROXYPASSWORD.md CURLOPT_PROXYPORT.md CURLOPT_PROXYTYPE.md CURLOPT_PROXYUSERNAME.md CURLOPT_PROXYUSERPWD.md CURLOPT_PROXY_CAINFO.md CURLOPT_PROXY_CAINFO_BLOB.md CURLOPT_PROXY_CAPATH.md CURLOPT_PROXY_CRLFILE.md CURLOPT_PROXY_ISSUERCERT.md CURLOPT_PROXY_ISSUERCERT_BLOB.md CURLOPT_PROXY_KEYPASSWD.md CURLOPT_PROXY_PINNEDPUBLICKEY.md CURLOPT_PROXY_SERVICE_NAME.md CURLOPT_PROXY_SSLCERT.md CURLOPT_PROXY_SSLCERTTYPE.md CURLOPT_PROXY_SSLCERT_BLOB.md CURLOPT_PROXY_SSLKEY.md CURLOPT_PROXY_SSLKEYTYPE.md CURLOPT_PROXY_SSLKEY_BLOB.md CURLOPT_PROXY_SSLVERSION.md CURLOPT_PROXY_SSL_CIPHER_LIST.md CURLOPT_PROXY_SSL_OPTIONS.md CURLOPT_PROXY_SSL_VERIFYHOST.md CURLOPT_PROXY_SSL_VERIFYPEER.md CURLOPT_PROXY_TLS13_CIPHERS.md CURLOPT_PROXY_TLSAUTH_PASSWORD.md CURLOPT_PROXY_TLSAUTH_TYPE.md CURLOPT_PROXY_TLSAUTH_USERNAME.md CURLOPT_PROXY_TRANSFER_MODE.md CURLOPT_PUT.md CURLOPT_QUICK_EXIT.md CURLOPT_QUOTE.md CURLOPT_RANDOM_FILE.md CURLOPT_RANGE.md CURLOPT_READDATA.md CURLOPT_READFUNCTION.md CURLOPT_REDIR_PROTOCOLS.md CURLOPT_REDIR_PROTOCOLS_STR.md CURLOPT_REFERER.md CURLOPT_REQUEST_TARGET.md CURLOPT_RESOLVE.md CURLOPT_RESOLVER_START_DATA.md CURLOPT_RESOLVER_START_FUNCTION.md CURLOPT_RESUME_FROM.md CURLOPT_RESUME_FROM_LARGE.md CURLOPT_RTSP_CLIENT_CSEQ.md CURLOPT_RTSP_REQUEST.md CURLOPT_RTSP_SERVER_CSEQ.md CURLOPT_RTSP_SESSION_ID.md CURLOPT_RTSP_STREAM_URI.md CURLOPT_RTSP_TRANSPORT.md CURLOPT_SASL_AUTHZID.md CURLOPT_SASL_IR.md CURLOPT_SEEKDATA.md CURLOPT_SEEKFUNCTION.md CURLOPT_SERVER_RESPONSE_TIMEOUT.md CURLOPT_SERVER_RESPONSE_TIMEOUT_MS.md CURLOPT_SERVICE_NAME.md CURLOPT_SHARE.md CURLOPT_SOCKOPTDATA.md CURLOPT_SOCKOPTFUNCTION.md CURLOPT_SOCKS5_AUTH.md CURLOPT_SOCKS5_GSSAPI_NEC.md CURLOPT_SOCKS5_GSSAPI_SERVICE.md CURLOPT_SSH_AUTH_TYPES.md CURLOPT_SSH_COMPRESSION.md CURLOPT_SSH_HOSTKEYDATA.md CURLOPT_SSH_HOSTKEYFUNCTION.md CURLOPT_SSH_HOST_PUBLIC_KEY_MD5.md CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256.md CURLOPT_SSH_KEYDATA.md CURLOPT_SSH_KEYFUNCTION.md CURLOPT_SSH_KNOWNHOSTS.md CURLOPT_SSH_PRIVATE_KEYFILE.md CURLOPT_SSH_PUBLIC_KEYFILE.md CURLOPT_SSLCERT.md CURLOPT_SSLCERTTYPE.md CURLOPT_SSLCERT_BLOB.md CURLOPT_SSLENGINE.md CURLOPT_SSLENGINE_DEFAULT.md CURLOPT_SSLKEY.md CURLOPT_SSLKEYTYPE.md CURLOPT_SSLKEY_BLOB.md CURLOPT_SSLVERSION.md CURLOPT_SSL_CIPHER_LIST.md CURLOPT_SSL_CTX_DATA.md CURLOPT_SSL_CTX_FUNCTION.md CURLOPT_SSL_EC_CURVES.md CURLOPT_SSL_ENABLE_ALPN.md CURLOPT_SSL_ENABLE_NPN.md CURLOPT_SSL_FALSESTART.md CURLOPT_SSL_OPTIONS.md CURLOPT_SSL_SESSIONID_CACHE.md CURLOPT_SSL_SIGNATURE_ALGORITHMS.md CURLOPT_SSL_VERIFYHOST.md CURLOPT_SSL_VERIFYPEER.md CURLOPT_SSL_VERIFYSTATUS.md CURLOPT_STDERR.md CURLOPT_STREAM_DEPENDS.md CURLOPT_STREAM_DEPENDS_E.md CURLOPT_STREAM_WEIGHT.md CURLOPT_SUPPRESS_CONNECT_HEADERS.md CURLOPT_TCP_FASTOPEN.md CURLOPT_TCP_KEEPALIVE.md CURLOPT_TCP_KEEPCNT.md CURLOPT_TCP_KEEPIDLE.md CURLOPT_TCP_KEEPINTVL.md CURLOPT_TCP_NODELAY.md CURLOPT_TELNETOPTIONS.md CURLOPT_TFTP_BLKSIZE.md CURLOPT_TFTP_NO_OPTIONS.md CURLOPT_TIMECONDITION.md CURLOPT_TIMEOUT.md CURLOPT_TIMEOUT_MS.md CURLOPT_TIMEVALUE.md CURLOPT_TIMEVALUE_LARGE.md CURLOPT_TLS13_CIPHERS.md CURLOPT_TLSAUTH_PASSWORD.md CURLOPT_TLSAUTH_TYPE.md CURLOPT_TLSAUTH_USERNAME.md CURLOPT_TRAILERDATA.md CURLOPT_TRAILERFUNCTION.md CURLOPT_TRANSFERTEXT.md CURLOPT_TRANSFER_ENCODING.md CURLOPT_UNIX_SOCKET_PATH.md CURLOPT_UNRESTRICTED_AUTH.md CURLOPT_UPKEEP_INTERVAL_MS.md CURLOPT_UPLOAD.md CURLOPT_UPLOAD_BUFFERSIZE.md CURLOPT_UPLOAD_FLAGS.md CURLOPT_URL.md CURLOPT_USERAGENT.md CURLOPT_USERNAME.md CURLOPT_USERPWD.md CURLOPT_USE_SSL.md CURLOPT_VERBOSE.md CURLOPT_WILDCARDMATCH.md CURLOPT_WRITEDATA.md CURLOPT_WRITEFUNCTION.md CURLOPT_WS_OPTIONS.md CURLOPT_XFERINFODATA.md CURLOPT_XFERINFOFUNCTION.md CURLOPT_XOAUTH2_BEARER.md CURLSHOPT_LOCKFUNC.md CURLSHOPT_SHARE.md CURLSHOPT_UNLOCKFUNC.md CURLSHOPT_UNSHARE.md CURLSHOPT_USERDATA.md Makefile.am Makefile.incinclude
curl
Makefile.am curl.h curlver.h easy.h header.h mprintf.h multi.h options.h stdcheaders.h system.h typecheck-gcc.h urlapi.h websockets.hlib
curlx
base64.c base64.h basename.c basename.h dynbuf.c dynbuf.h fopen.c fopen.h inet_ntop.c inet_ntop.h inet_pton.c inet_pton.h multibyte.c multibyte.h nonblock.c nonblock.h snprintf.c snprintf.h strcopy.c strcopy.h strdup.c strdup.h strerr.c strerr.h strparse.c strparse.h timediff.c timediff.h timeval.c timeval.h version_win32.c version_win32.h wait.c wait.h warnless.c warnless.h winapi.c winapi.hvauth
cleartext.c cram.c digest.c digest.h digest_sspi.c gsasl.c krb5_gssapi.c krb5_sspi.c ntlm.c ntlm_sspi.c oauth2.c spnego_gssapi.c spnego_sspi.c vauth.c vauth.hvquic
curl_ngtcp2.c curl_ngtcp2.h curl_quiche.c curl_quiche.h vquic-tls.c vquic-tls.h vquic.c vquic.h vquic_int.hvtls
apple.c apple.h cipher_suite.c cipher_suite.h gtls.c gtls.h hostcheck.c hostcheck.h keylog.c keylog.h mbedtls.c mbedtls.h openssl.c openssl.h rustls.c rustls.h schannel.c schannel.h schannel_int.h schannel_verify.c vtls.c vtls.h vtls_int.h vtls_scache.c vtls_scache.h vtls_spack.c vtls_spack.h wolfssl.c wolfssl.h x509asn1.c x509asn1.hm4
.gitignore curl-amissl.m4 curl-apple-sectrust.m4 curl-compilers.m4 curl-confopts.m4 curl-functions.m4 curl-gnutls.m4 curl-mbedtls.m4 curl-openssl.m4 curl-override.m4 curl-reentrant.m4 curl-rustls.m4 curl-schannel.m4 curl-sysconfig.m4 curl-wolfssl.m4 xc-am-iface.m4 xc-cc-check.m4 xc-lt-iface.m4 xc-val-flgs.m4 zz40-xc-ovr.m4 zz50-xc-ovr.m4projects
OS400
.checksrc README.OS400 ccsidcurl.c ccsidcurl.h config400.default curl.cmd curl.inc.in curlcl.c curlmain.c initscript.sh make-docs.sh make-include.sh make-lib.sh make-src.sh make-tests.sh makefile.sh os400sys.c os400sys.hWindows
tmpl
.gitattributes README.txt curl-all.sln curl.sln curl.vcxproj curl.vcxproj.filters libcurl.sln libcurl.vcxproj libcurl.vcxproj.filtersvms
Makefile.am backup_gnv_curl_src.com build_curl-config_script.com build_gnv_curl.com build_gnv_curl_pcsi_desc.com build_gnv_curl_pcsi_text.com build_gnv_curl_release_notes.com build_libcurl_pc.com build_vms.com clean_gnv_curl.com compare_curl_source.com config_h.com curl_crtl_init.c curl_gnv_build_steps.txt curl_release_note_start.txt curl_startup.com curlmsg.h curlmsg.msg curlmsg.sdl curlmsg_vms.h generate_config_vms_h_curl.com generate_vax_transfer.com gnv_conftest.c_first gnv_curl_configure.sh gnv_libcurl_symbols.opt gnv_link_curl.com macro32_exactcase.patch make_gnv_curl_install.sh make_pcsi_curl_kit_name.com pcsi_gnv_curl_file_list.txt pcsi_product_gnv_curl.com readme report_openssl_version.c setup_gnv_curl_build.com stage_curl_install.com vms_eco_level.hscripts
.checksrc CMakeLists.txt Makefile.am badwords badwords-all badwords.txt cd2cd cd2nroff cdall checksrc-all.pl checksrc.pl cmakelint.sh completion.pl contributors.sh contrithanks.sh coverage.sh delta dmaketgz extract-unit-protos firefox-db2pem.sh installcheck.sh maketgz managen mdlinkcheck mk-ca-bundle.pl mk-unity.pl nroff2cd perlcheck.sh pythonlint.sh randdisable release-notes.pl release-tools.sh schemetable.c singleuse.pl spacecheck.pl top-complexity top-length verify-release wcurlsrc
.checksrc .gitignore CMakeLists.txt Makefile.am Makefile.inc config2setopts.c config2setopts.h curl.rc curlinfo.c mk-file-embed.pl mkhelp.pl slist_wc.c slist_wc.h terminal.c terminal.h tool_cb_dbg.c tool_cb_dbg.h tool_cb_hdr.c tool_cb_hdr.h tool_cb_prg.c tool_cb_prg.h tool_cb_rea.c tool_cb_rea.h tool_cb_see.c tool_cb_see.h tool_cb_soc.c tool_cb_soc.h tool_cb_wrt.c tool_cb_wrt.h tool_cfgable.c tool_cfgable.h tool_dirhie.c tool_dirhie.h tool_doswin.c tool_doswin.h tool_easysrc.c tool_easysrc.h tool_filetime.c tool_filetime.h tool_findfile.c tool_findfile.h tool_formparse.c tool_formparse.h tool_getparam.c tool_getparam.h tool_getpass.c tool_getpass.h tool_help.c tool_help.h tool_helpers.c tool_helpers.h tool_hugehelp.h tool_ipfs.c tool_ipfs.h tool_libinfo.c tool_libinfo.h tool_listhelp.c tool_main.c tool_main.h tool_msgs.c tool_msgs.h tool_operate.c tool_operate.h tool_operhlp.c tool_operhlp.h tool_paramhlp.c tool_paramhlp.h tool_parsecfg.c tool_parsecfg.h tool_progress.c tool_progress.h tool_sdecls.h tool_setopt.c tool_setopt.h tool_setup.h tool_ssls.c tool_ssls.h tool_stderr.c tool_stderr.h tool_urlglob.c tool_urlglob.h tool_util.c tool_util.h tool_version.h tool_vms.c tool_vms.h tool_writeout.c tool_writeout.h tool_writeout_json.c tool_writeout_json.h tool_xattr.c tool_xattr.h var.c var.htests
certs
.gitignore CMakeLists.txt Makefile.am Makefile.inc genserv.pl srp-verifier-conf srp-verifier-db test-ca.cnf test-ca.prm test-client-cert.prm test-client-eku-only.prm test-localhost-san-first.prm test-localhost-san-last.prm test-localhost.nn.prm test-localhost.prm test-localhost0h.prmdata
.gitignore DISABLED Makefile.am data-xml1 data1400.c data1401.c data1402.c data1403.c data1404.c data1405.c data1406.c data1407.c data1420.c data1461.txt data1463.txt data1465.c data1481.c data1705-1.md data1705-2.md data1705-3.md data1705-4.md data1705-stdout.1 data1706-1.md data1706-2.md data1706-3.md data1706-4.md data1706-stdout.txt data320.html test1 test10 test100 test1000 test1001 test1002 test1003 test1004 test1005 test1006 test1007 test1008 test1009 test101 test1010 test1011 test1012 test1013 test1014 test1015 test1016 test1017 test1018 test1019 test102 test1020 test1021 test1022 test1023 test1024 test1025 test1026 test1027 test1028 test1029 test103 test1030 test1031 test1032 test1033 test1034 test1035 test1036 test1037 test1038 test1039 test104 test1040 test1041 test1042 test1043 test1044 test1045 test1046 test1047 test1048 test1049 test105 test1050 test1051 test1052 test1053 test1054 test1055 test1056 test1057 test1058 test1059 test106 test1060 test1061 test1062 test1063 test1064 test1065 test1066 test1067 test1068 test1069 test107 test1070 test1071 test1072 test1073 test1074 test1075 test1076 test1077 test1078 test1079 test108 test1080 test1081 test1082 test1083 test1084 test1085 test1086 test1087 test1088 test1089 test109 test1090 test1091 test1092 test1093 test1094 test1095 test1096 test1097 test1098 test1099 test11 test110 test1100 test1101 test1102 test1103 test1104 test1105 test1106 test1107 test1108 test1109 test111 test1110 test1111 test1112 test1113 test1114 test1115 test1116 test1117 test1118 test1119 test112 test1120 test1121 test1122 test1123 test1124 test1125 test1126 test1127 test1128 test1129 test113 test1130 test1131 test1132 test1133 test1134 test1135 test1136 test1137 test1138 test1139 test114 test1140 test1141 test1142 test1143 test1144 test1145 test1146 test1147 test1148 test1149 test115 test1150 test1151 test1152 test1153 test1154 test1155 test1156 test1157 test1158 test1159 test116 test1160 test1161 test1162 test1163 test1164 test1165 test1166 test1167 test1168 test1169 test117 test1170 test1171 test1172 test1173 test1174 test1175 test1176 test1177 test1178 test1179 test118 test1180 test1181 test1182 test1183 test1184 test1185 test1186 test1187 test1188 test1189 test119 test1190 test1191 test1192 test1193 test1194 test1195 test1196 test1197 test1198 test1199 test12 test120 test1200 test1201 test1202 test1203 test1204 test1205 test1206 test1207 test1208 test1209 test121 test1210 test1211 test1212 test1213 test1214 test1215 test1216 test1217 test1218 test1219 test122 test1220 test1221 test1222 test1223 test1224 test1225 test1226 test1227 test1228 test1229 test123 test1230 test1231 test1232 test1233 test1234 test1235 test1236 test1237 test1238 test1239 test124 test1240 test1241 test1242 test1243 test1244 test1245 test1246 test1247 test1248 test1249 test125 test1250 test1251 test1252 test1253 test1254 test1255 test1256 test1257 test1258 test1259 test126 test1260 test1261 test1262 test1263 test1264 test1265 test1266 test1267 test1268 test1269 test127 test1270 test1271 test1272 test1273 test1274 test1275 test1276 test1277 test1278 test1279 test128 test1280 test1281 test1282 test1283 test1284 test1285 test1286 test1287 test1288 test1289 test129 test1290 test1291 test1292 test1293 test1294 test1295 test1296 test1297 test1298 test1299 test13 test130 test1300 test1301 test1302 test1303 test1304 test1305 test1306 test1307 test1308 test1309 test131 test1310 test1311 test1312 test1313 test1314 test1315 test1316 test1317 test1318 test1319 test132 test1320 test1321 test1322 test1323 test1324 test1325 test1326 test1327 test1328 test1329 test133 test1330 test1331 test1332 test1333 test1334 test1335 test1336 test1337 test1338 test1339 test134 test1340 test1341 test1342 test1343 test1344 test1345 test1346 test1347 test1348 test1349 test135 test1350 test1351 test1352 test1353 test1354 test1355 test1356 test1357 test1358 test1359 test136 test1360 test1361 test1362 test1363 test1364 test1365 test1366 test1367 test1368 test1369 test137 test1370 test1371 test1372 test1373 test1374 test1375 test1376 test1377 test1378 test1379 test138 test1380 test1381 test1382 test1383 test1384 test1385 test1386 test1387 test1388 test1389 test139 test1390 test1391 test1392 test1393 test1394 test1395 test1396 test1397 test1398 test1399 test14 test140 test1400 test1401 test1402 test1403 test1404 test1405 test1406 test1407 test1408 test1409 test141 test1410 test1411 test1412 test1413 test1414 test1415 test1416 test1417 test1418 test1419 test142 test1420 test1421 test1422 test1423 test1424 test1425 test1426 test1427 test1428 test1429 test143 test1430 test1431 test1432 test1433 test1434 test1435 test1436 test1437 test1438 test1439 test144 test1440 test1441 test1442 test1443 test1444 test1445 test1446 test1447 test1448 test1449 test145 test1450 test1451 test1452 test1453 test1454 test1455 test1456 test1457 test1458 test1459 test146 test1460 test1461 test1462 test1463 test1464 test1465 test1466 test1467 test1468 test1469 test147 test1470 test1471 test1472 test1473 test1474 test1475 test1476 test1477 test1478 test1479 test148 test1480 test1481 test1482 test1483 test1484 test1485 test1486 test1487 test1488 test1489 test149 test1490 test1491 test1492 test1493 test1494 test1495 test1496 test1497 test1498 test1499 test15 test150 test1500 test1501 test1502 test1503 test1504 test1505 test1506 test1507 test1508 test1509 test151 test1510 test1511 test1512 test1513 test1514 test1515 test1516 test1517 test1518 test1519 test152 test1520 test1521 test1522 test1523 test1524 test1525 test1526 test1527 test1528 test1529 test153 test1530 test1531 test1532 test1533 test1534 test1535 test1536 test1537 test1538 test1539 test154 test1540 test1541 test1542 test1543 test1544 test1545 test1546 test1547 test1548 test1549 test155 test1550 test1551 test1552 test1553 test1554 test1555 test1556 test1557 test1558 test1559 test156 test1560 test1561 test1562 test1563 test1564 test1565 test1566 test1567 test1568 test1569 test157 test1570 test1571 test1572 test1573 test1574 test1575 test1576 test1577 test1578 test1579 test158 test1580 test1581 test1582 test1583 test1584 test1585 test1586 test1587 test1588 test1589 test159 test1590 test1591 test1592 test1593 test1594 test1595 test1596 test1597 test1598 test1599 test16 test160 test1600 test1601 test1602 test1603 test1604 test1605 test1606 test1607 test1608 test1609 test161 test1610 test1611 test1612 test1613 test1614 test1615 test1616 test1617 test1618 test1619 test162 test1620 test1621 test1622 test1623 test1624 test1625 test1626 test1627 test1628 test1629 test163 test1630 test1631 test1632 test1633 test1634 test1635 test1636 test1637 test1638 test1639 test164 test1640 test1641 test1642 test1643 test1644 test1645 test165 test1650 test1651 test1652 test1653 test1654 test1655 test1656 test1657 test1658 test1659 test166 test1660 test1661 test1662 test1663 test1664 test1665 test1666 test1667 test1668 test1669 test167 test1670 test1671 test1672 test1673 test1674 test1675 test1676 test168 test1680 test1681 test1682 test1683 test1684 test1685 test169 test17 test170 test1700 test1701 test1702 test1703 test1704 test1705 test1706 test1707 test1708 test1709 test171 test1710 test1711 test1712 test1713 test1714 test1715 test172 test1720 test1721 test173 test174 test175 test176 test177 test178 test179 test18 test180 test1800 test1801 test1802 test181 test182 test183 test184 test1847 test1848 test1849 test185 test1850 test1851 test186 test187 test188 test189 test19 test190 test1900 test1901 test1902 test1903 test1904 test1905 test1906 test1907 test1908 test1909 test191 test1910 test1911 test1912 test1913 test1914 test1915 test1916 test1917 test1918 test1919 test192 test1920 test1921 test193 test1933 test1934 test1935 test1936 test1937 test1938 test1939 test194 test1940 test1941 test1942 test1943 test1944 test1945 test1946 test1947 test1948 test195 test1955 test1956 test1957 test1958 test1959 test196 test1960 test1964 test1965 test1966 test197 test1970 test1971 test1972 test1973 test1974 test1975 test1976 test1977 test1978 test1979 test198 test1980 test1981 test1982 test1983 test1984 test199 test2 test20 test200 test2000 test2001 test2002 test2003 test2004 test2005 test2006 test2007 test2008 test2009 test201 test2010 test2011 test2012 test2013 test2014 test202 test2023 test2024 test2025 test2026 test2027 test2028 test2029 test203 test2030 test2031 test2032 test2033 test2034 test2035 test2037 test2038 test2039 test204 test2040 test2041 test2042 test2043 test2044 test2045 test2046 test2047 test2048 test2049 test205 test2050 test2051 test2052 test2053 test2054 test2055 test2056 test2057 test2058 test2059 test206 test2060 test2061 test2062 test2063 test2064 test2065 test2066 test2067 test2068 test2069 test207 test2070 test2071 test2072 test2073 test2074 test2075 test2076 test2077 test2078 test2079 test208 test2080 test2081 test2082 test2083 test2084 test2085 test2086 test2087 test2088 test2089 test209 test2090 test2091 test2092 test21 test210 test2100 test2101 test2102 test2103 test2104 test211 test212 test213 test214 test215 test216 test217 test218 test219 test22 test220 test2200 test2201 test2202 test2203 test2204 test2205 test2206 test2207 test221 test222 test223 test224 test225 test226 test227 test228 test229 test23 test230 test2300 test2301 test2302 test2303 test2304 test2306 test2307 test2308 test2309 test231 test232 test233 test234 test235 test236 test237 test238 test239 test24 test240 test2400 test2401 test2402 test2403 test2404 test2405 test2406 test2407 test2408 test2409 test241 test2410 test2411 test242 test243 test244 test245 test246 test247 test248 test249 test25 test250 test2500 test2501 test2502 test2503 test2504 test2505 test2506 test251 test252 test253 test254 test255 test256 test257 test258 test259 test26 test260 test2600 test2601 test2602 test2603 test2604 test2605 test261 test262 test263 test264 test265 test266 test267 test268 test269 test27 test270 test2700 test2701 test2702 test2703 test2704 test2705 test2706 test2707 test2708 test2709 test271 test2710 test2711 test2712 test2713 test2714 test2715 test2716 test2717 test2718 test2719 test272 test2720 test2721 test2722 test2723 test273 test274 test275 test276 test277 test278 test279 test28 test280 test281 test282 test283 test284 test285 test286 test287 test288 test289 test29 test290 test291 test292 test293 test294 test295 test296 test297 test298 test299 test3 test30 test300 test3000 test3001 test3002 test3003 test3004 test3005 test3006 test3007 test3008 test3009 test301 test3010 test3011 test3012 test3013 test3014 test3015 test3016 test3017 test3018 test3019 test302 test3020 test3021 test3022 test3023 test3024 test3025 test3026 test3027 test3028 test3029 test303 test3030 test3031 test3032 test3033 test3034 test3035 test3036 test304 test305 test306 test307 test308 test309 test31 test310 test3100 test3101 test3102 test3103 test3104 test3105 test3106 test311 test312 test313 test314 test315 test316 test317 test318 test319 test32 test320 test3200 test3201 test3202 test3203 test3204 test3205 test3206 test3207 test3208 test3209 test321 test3210 test3211 test3212 test3213 test3214 test3215 test3216 test3217 test3218 test3219 test322 test3220 test323 test324 test325 test326 test327 test328 test329 test33 test330 test3300 test3301 test3302 test331 test332 test333 test334 test335 test336 test337 test338 test339 test34 test340 test341 test342 test343 test344 test345 test346 test347 test348 test349 test35 test350 test351 test352 test353 test354 test355 test356 test357 test358 test359 test36 test360 test361 test362 test363 test364 test365 test366 test367 test368 test369 test37 test370 test371 test372 test373 test374 test375 test376 test378 test379 test38 test380 test381 test383 test384 test385 test386 test387 test388 test389 test39 test390 test391 test392 test393 test394 test395 test396 test397 test398 test399 test4 test40 test400 test4000 test4001 test401 test402 test403 test404 test405 test406 test407 test408 test409 test41 test410 test411 test412 test413 test414 test415 test416 test417 test418 test419 test42 test420 test421 test422 test423 test424 test425 test426 test427 test428 test429 test43 test430 test431 test432 test433 test434 test435 test436 test437 test438 test439 test44 test440 test441 test442 test443 test444 test445 test446 test447 test448 test449 test45 test450 test451 test452 test453 test454 test455 test456 test457 test458 test459 test46 test460 test461 test462 test463 test467 test468 test469 test47 test470 test471 test472 test473 test474 test475 test476 test477 test478 test479 test48 test480 test481 test482 test483 test484 test485 test486 test487 test488 test489 test49 test490 test491 test492 test493 test494 test495 test496 test497 test498 test499 test5 test50 test500 test501 test502 test503 test504 test505 test506 test507 test508 test509 test51 test510 test511 test512 test513 test514 test515 test516 test517 test518 test519 test52 test520 test521 test522 test523 test524 test525 test526 test527 test528 test529 test53 test530 test531 test532 test533 test534 test535 test536 test537 test538 test539 test54 test540 test541 test542 test543 test544 test545 test546 test547 test548 test549 test55 test550 test551 test552 test553 test554 test555 test556 test557 test558 test559 test56 test560 test561 test562 test563 test564 test565 test566 test567 test568 test569 test57 test570 test571 test572 test573 test574 test575 test576 test577 test578 test579 test58 test580 test581 test582 test583 test584 test585 test586 test587 test588 test589 test59 test590 test591 test592 test593 test594 test595 test596 test597 test598 test599 test6 test60 test600 test601 test602 test603 test604 test605 test606 test607 test608 test609 test61 test610 test611 test612 test613 test614 test615 test616 test617 test618 test619 test62 test620 test621 test622 test623 test624 test625 test626 test627 test628 test629 test63 test630 test631 test632 test633 test634 test635 test636 test637 test638 test639 test64 test640 test641 test642 test643 test644 test645 test646 test647 test648 test649 test65 test650 test651 test652 test653 test654 test655 test656 test658 test659 test66 test660 test661 test662 test663 test664 test665 test666 test667 test668 test669 test67 test670 test671 test672 test673 test674 test675 test676 test677 test678 test679 test68 test680 test681 test682 test683 test684 test685 test686 test687 test688 test689 test69 test690 test691 test692 test693 test694 test695 test696 test697 test698 test699 test7 test70 test700 test701 test702 test703 test704 test705 test706 test707 test708 test709 test71 test710 test711 test712 test713 test714 test715 test716 test717 test718 test719 test72 test720 test721 test722 test723 test724 test725 test726 test727 test728 test729 test73 test730 test731 test732 test733 test734 test735 test736 test737 test738 test739 test74 test740 test741 test742 test743 test744 test745 test746 test747 test748 test749 test75 test750 test751 test752 test753 test754 test755 test756 test757 test758 test759 test76 test760 test761 test762 test763 test764 test765 test766 test767 test768 test769 test77 test770 test771 test772 test773 test774 test775 test776 test777 test778 test779 test78 test780 test781 test782 test783 test784 test785 test786 test787 test788 test789 test79 test790 test791 test792 test793 test794 test795 test796 test797 test798 test799 test8 test80 test800 test801 test802 test803 test804 test805 test806 test807 test808 test809 test81 test810 test811 test812 test813 test814 test815 test816 test817 test818 test819 test82 test820 test821 test822 test823 test824 test825 test826 test827 test828 test829 test83 test830 test831 test832 test833 test834 test835 test836 test837 test838 test839 test84 test840 test841 test842 test843 test844 test845 test846 test847 test848 test849 test85 test850 test851 test852 test853 test854 test855 test856 test857 test858 test859 test86 test860 test861 test862 test863 test864 test865 test866 test867 test868 test869 test87 test870 test871 test872 test873 test874 test875 test876 test877 test878 test879 test88 test880 test881 test882 test883 test884 test885 test886 test887 test888 test889 test89 test890 test891 test892 test893 test894 test895 test896 test897 test898 test899 test9 test90 test900 test901 test902 test903 test904 test905 test906 test907 test908 test909 test91 test910 test911 test912 test913 test914 test915 test916 test917 test918 test919 test92 test920 test921 test922 test923 test924 test925 test926 test927 test928 test929 test93 test930 test931 test932 test933 test934 test935 test936 test937 test938 test939 test94 test940 test941 test942 test943 test944 test945 test946 test947 test948 test949 test95 test950 test951 test952 test953 test954 test955 test956 test957 test958 test959 test96 test960 test961 test962 test963 test964 test965 test966 test967 test968 test969 test97 test970 test971 test972 test973 test974 test975 test976 test977 test978 test979 test98 test980 test981 test982 test983 test984 test985 test986 test987 test988 test989 test99 test990 test991 test992 test993 test994 test995 test996 test997 test998 test999http
testenv
__init__.py caddy.py certs.py client.py curl.py dante.py dnsd.py env.py httpd.py nghttpx.py ports.py sshd.py vsftpd.py ws_echo_server.pylibtest
.gitignore CMakeLists.txt Makefile.am Makefile.inc cli_ftp_upload.c cli_h2_pausing.c cli_h2_serverpush.c cli_h2_upgrade_extreme.c cli_hx_download.c cli_hx_upload.c cli_tls_session_reuse.c cli_upload_pausing.c cli_ws_data.c cli_ws_pingpong.c first.c first.h lib1156.c lib1301.c lib1308.c lib1485.c lib1500.c lib1501.c lib1502.c lib1506.c lib1507.c lib1508.c lib1509.c lib1510.c lib1511.c lib1512.c lib1513.c lib1514.c lib1515.c lib1517.c lib1518.c lib1520.c lib1522.c lib1523.c lib1525.c lib1526.c lib1527.c lib1528.c lib1529.c lib1530.c lib1531.c lib1532.c lib1533.c lib1534.c lib1535.c lib1536.c lib1537.c lib1538.c lib1540.c lib1541.c lib1542.c lib1545.c lib1549.c lib1550.c lib1551.c lib1552.c lib1553.c lib1554.c lib1555.c lib1556.c lib1557.c lib1558.c lib1559.c lib1560.c lib1564.c lib1565.c lib1567.c lib1568.c lib1569.c lib1571.c lib1576.c lib1582.c lib1587.c lib1588.c lib1589.c lib1591.c lib1592.c lib1593.c lib1594.c lib1597.c lib1598.c lib1599.c lib1662.c lib1900.c lib1901.c lib1902.c lib1903.c lib1905.c lib1906.c lib1907.c lib1908.c lib1910.c lib1911.c lib1912.c lib1913.c lib1915.c lib1916.c lib1918.c lib1919.c lib1920.c lib1921.c lib1933.c lib1934.c lib1935.c lib1936.c lib1937.c lib1938.c lib1939.c lib1940.c lib1945.c lib1947.c lib1948.c lib1955.c lib1956.c lib1957.c lib1958.c lib1959.c lib1960.c lib1964.c lib1965.c lib1970.c lib1971.c lib1972.c lib1973.c lib1974.c lib1975.c lib1977.c lib1978.c lib2023.c lib2032.c lib2082.c lib2301.c lib2302.c lib2304.c lib2306.c lib2308.c lib2309.c lib2402.c lib2404.c lib2405.c lib2502.c lib2504.c lib2505.c lib2506.c lib2700.c lib3010.c lib3025.c lib3026.c lib3027.c lib3033.c lib3034.c lib3100.c lib3101.c lib3102.c lib3103.c lib3104.c lib3105.c lib3207.c lib3208.c lib500.c lib501.c lib502.c lib503.c lib504.c lib505.c lib506.c lib507.c lib508.c lib509.c lib510.c lib511.c lib512.c lib513.c lib514.c lib515.c lib516.c lib517.c lib518.c lib519.c lib520.c lib521.c lib523.c lib524.c lib525.c lib526.c lib530.c lib533.c lib536.c lib537.c lib539.c lib540.c lib541.c lib542.c lib543.c lib544.c lib547.c lib549.c lib552.c lib553.c lib554.c lib555.c lib556.c lib557.c lib558.c lib559.c lib560.c lib562.c lib564.c lib566.c lib567.c lib568.c lib569.c lib570.c lib571.c lib572.c lib573.c lib574.c lib575.c lib576.c lib578.c lib579.c lib582.c lib583.c lib586.c lib589.c lib590.c lib591.c lib597.c lib598.c lib599.c lib643.c lib650.c lib651.c lib652.c lib653.c lib654.c lib655.c lib658.c lib659.c lib661.c lib666.c lib667.c lib668.c lib670.c lib674.c lib676.c lib677.c lib678.c lib694.c lib695.c lib751.c lib753.c lib757.c lib758.c lib766.c memptr.c mk-lib1521.pl test1013.pl test1022.pl test307.pl test610.pl test613.pl testtrace.c testtrace.h testutil.c testutil.h unitcheck.hserver
.checksrc .gitignore CMakeLists.txt Makefile.am Makefile.inc dnsd.c first.c first.h getpart.c mqttd.c resolve.c rtspd.c sockfilt.c socksd.c sws.c tftpd.c util.ctunit
.gitignore CMakeLists.txt Makefile.am Makefile.inc README.md tool1394.c tool1604.c tool1621.c tool1622.c tool1623.c tool1720.cunit
.gitignore CMakeLists.txt Makefile.am Makefile.inc README.md unit1300.c unit1302.c unit1303.c unit1304.c unit1305.c unit1307.c unit1309.c unit1323.c unit1330.c unit1395.c unit1396.c unit1397.c unit1398.c unit1399.c unit1600.c unit1601.c unit1602.c unit1603.c unit1605.c unit1606.c unit1607.c unit1608.c unit1609.c unit1610.c unit1611.c unit1612.c unit1614.c unit1615.c unit1616.c unit1620.c unit1625.c unit1626.c unit1627.c unit1636.c unit1650.c unit1651.c unit1652.c unit1653.c unit1654.c unit1655.c unit1656.c unit1657.c unit1658.c unit1660.c unit1661.c unit1663.c unit1664.c unit1666.c unit1667.c unit1668.c unit1669.c unit1674.c unit1675.c unit1676.c unit1979.c unit1980.c unit2600.c unit2601.c unit2602.c unit2603.c unit2604.c unit2605.c unit3200.c unit3205.c unit3211.c unit3212.c unit3213.c unit3214.c unit3216.c unit3219.c unit3300.c unit3301.c unit3302.cexamples
.env config.ini crypto_test.lua env_test.lua fs_example.lua http_server.lua https_test.lua ini_example.lua json.lua log.lua path_fs_example.lua process_example.lua request_download.lua request_test.lua run_all.lua sqlite_example.lua sqlite_http_template.lua stash_test.lua template_test.lua timer.lua websocket.luainiparser
example
iniexample.c iniwrite.c parse.c twisted-errors.ini twisted-genhuge.py twisted-ofkey.ini twisted-ofval.ini twisted.initest
CMakeLists.txt test_dictionary.c test_iniparser.c unity-config.yml unity_config.hjinjac
libjinjac
src
CMakeLists.txt ast.c ast.h block_statement.c block_statement.h buffer.c buffer.h buildin.c buildin.h common.h convert.c convert.h flex_decl.h jfunction.c jfunction.h jinja_expression.l jinja_expression.y jinjac_parse.c jinjac_parse.h jinjac_stream.c jinjac_stream.h jlist.c jlist.h jobject.c jobject.h parameter.c parameter.h str_obj.c str_obj.h trace.c trace.htest
.gitignore CMakeLists.txt autotest.rb test_01.expected test_01.jinja test_01b.expected test_01b.jinja test_01c.expected test_01c.jinja test_01d.expected test_01d.jinja test_02.expected test_02.jinja test_03.expected test_03.jinja test_04.expected test_04.jinja test_05.expected test_05.jinja test_06.expected test_06.jinja test_07.expected test_07.jinja test_08.expected test_08.jinja test_08b.expected test_08b.jinja test_09.expected test_09.jinja test_10.expected test_10.jinja test_11.expected test_11.jinja test_12.expected test_12.jinja test_13.expected test_13.jinja test_14.expected test_14.jinja test_15.expected test_15.jinja test_16.expected test_16.jinja test_17.expected test_17.jinja test_18.expected test_18.jinja test_18b.expected test_18b.jinja test_18c.expected test_18c.jinja test_19.expected test_19.jinja test_19b.expected test_19b.jinja test_19c.expected test_19c.jinja test_19d.expected test_19d.jinja test_19e.expected test_19e.jinja test_19f.expected test_19f.jinja test_20.expected test_20.jinja test_21.expected test_21.jinja test_22.expected test_22.jinja test_22a.expected test_22a.jinja test_22b.expected test_22b.jinja test_23.expected test_23.jinja test_24.expected test_24.jinjalibev
Changes LICENSE Makefile Makefile.am Makefile.in README Symbols.ev Symbols.event aclocal.m4 autogen.sh compile config.guess config.h config.h.in config.status config.sub configure configure.ac depcomp ev++.h ev.3 ev.c ev.h ev.pod ev_epoll.c ev_kqueue.c ev_poll.c ev_port.c ev_select.c ev_vars.h ev_win32.c ev_wrap.h event.c event.h install-sh libev.m4 libtool ltmain.sh missing mkinstalldirs stamp-h1luajit
doc
bluequad-print.css bluequad.css contact.html ext_buffer.html ext_c_api.html ext_ffi.html ext_ffi_api.html ext_ffi_semantics.html ext_ffi_tutorial.html ext_jit.html ext_profiler.html extensions.html install.html luajit.html running.html
dynasm
dasm_arm.h dasm_arm.lua dasm_arm64.h dasm_arm64.lua dasm_mips.h dasm_mips.lua dasm_mips64.lua dasm_ppc.h dasm_ppc.lua dasm_proto.h dasm_x64.lua dasm_x86.h dasm_x86.lua dynasm.luasrc
host
.gitignore README buildvm.c buildvm.h buildvm_asm.c buildvm_fold.c buildvm_lib.c buildvm_libbc.h buildvm_peobj.c genlibbc.lua genminilua.lua genversion.lua minilua.cjit
.gitignore bc.lua bcsave.lua dis_arm.lua dis_arm64.lua dis_arm64be.lua dis_mips.lua dis_mips64.lua dis_mips64el.lua dis_mips64r6.lua dis_mips64r6el.lua dis_mipsel.lua dis_ppc.lua dis_x64.lua dis_x86.lua dump.lua p.lua v.lua zone.luawolfssl
.github
workflows
ada.yml arduino.yml async-examples.yml async.yml atecc608-sim.yml bind.yml cmake-autoconf.yml cmake.yml codespell.yml coverity-scan-fixes.yml cryptocb-only.yml curl.yml cyrus-sasl.yml disable-pk-algs.yml docker-Espressif.yml docker-OpenWrt.yml emnet-nonblock.yml fil-c.yml freertos-mem-track.yml gencertbuf.yml grpc.yml haproxy.yml hostap-vm.yml intelasm-c-fallback.yml ipmitool.yml jwt-cpp.yml krb5.yml libspdm.yml libssh2.yml libvncserver.yml linuxkm.yml macos-apple-native-cert-validation.yml mbedtls.sh mbedtls.yml membrowse-comment.yml membrowse-onboard.yml membrowse-report.yml memcached.sh memcached.yml mono.yml mosquitto.yml msmtp.yml msys2.yml multi-arch.yml multi-compiler.yml net-snmp.yml nginx.yml no-malloc.yml no-tls.yml nss.sh nss.yml ntp.yml ocsp.yml openldap.yml openssh.yml openssl-ech.yml opensslcoexist.yml openvpn.yml os-check.yml packaging.yml pam-ipmi.yml pq-all.yml pr-commit-check.yml psk.yml puf.yml python.yml rng-tools.yml rust-wrapper.yml se050-sim.yml smallStackSize.yml socat.yml softhsm.yml sssd.yml stm32-sim.yml stsafe-a120-sim.yml stunnel.yml symbol-prefixes.yml threadx.yml tls-anvil.yml trackmemory.yml watcomc.yml win-csharp-test.yml wolfCrypt-Wconversion.yml wolfboot-integration.yml wolfsm.yml xcode.yml zephyr-4.x.yml zephyr.ymlIDE
ARDUINO
Arduino_README_prepend.md README.md include.am keywords.txt library.properties.template wolfssl-arduino.cpp wolfssl-arduino.sh wolfssl.hECLIPSE
Espressif
ESP-IDF
examples
template
CMakeLists.txt Makefile README.md partitions_singleapp_large.csv sdkconfig.defaults sdkconfig.defaults.esp8266wolfssl_benchmark
VisualGDB
wolfssl_benchmark_IDF_v4.4_ESP32.sln wolfssl_benchmark_IDF_v4.4_ESP32.vgdbproj wolfssl_benchmark_IDF_v5_ESP32.sln wolfssl_benchmark_IDF_v5_ESP32.vgdbproj wolfssl_benchmark_IDF_v5_ESP32C3.sln wolfssl_benchmark_IDF_v5_ESP32C3.vgdbproj wolfssl_benchmark_IDF_v5_ESP32S3.sln wolfssl_benchmark_IDF_v5_ESP32S3.vgdbprojwolfssl_client
CMakeLists.txt Makefile README.md README_server_sm.md partitions_singleapp_large.csv sdkconfig.defaults sdkconfig.defaults.esp32c2 sdkconfig.defaults.esp8266 wolfssl_client_ESP8266.vgdbprojwolfssl_server
CMakeLists.txt Makefile README.md README_server_sm.md partitions_singleapp_large.csv sdkconfig.defaults sdkconfig.defaults.esp32c2 sdkconfig.defaults.esp8266 wolfssl_server_ESP8266.vgdbprojwolfssl_test
VisualGDB
wolfssl_test-IDF_v5_ESP32.sln wolfssl_test-IDF_v5_ESP32.vgdbproj wolfssl_test-IDF_v5_ESP32C3.sln wolfssl_test-IDF_v5_ESP32C3.vgdbproj wolfssl_test-IDF_v5_ESP32C6.sln wolfssl_test-IDF_v5_ESP32C6.vgdbproj wolfssl_test_IDF_v5_ESP32S3.sln wolfssl_test_IDF_v5_ESP32S3.vgdbprojGCC-ARM
Makefile Makefile.bench Makefile.client Makefile.common Makefile.server Makefile.static Makefile.test README.md include.am linker.ld linker_fips.ldIAR-EWARM
embOS
SAMV71_XULT
embOS_SAMV71_XULT_user_settings
user_settings.h user_settings_simple_example.h user_settings_verbose_example.hembOS_wolfcrypt_benchmark_SAMV71_XULT
README_wolfcrypt_benchmark wolfcrypt_benchmark.ewd wolfcrypt_benchmark.ewpINTIME-RTOS
Makefile README.md include.am libwolfssl.c libwolfssl.vcxproj user_settings.h wolfExamples.c wolfExamples.h wolfExamples.sln wolfExamples.vcxproj wolfssl-lib.sln wolfssl-lib.vcxprojMQX
Makefile README-jp.md README.md client-tls.c include.am server-tls.c user_config.h user_settings.hMSVS-2019-AZSPHERE
wolfssl_new_azsphere
.gitignore CMakeLists.txt CMakeSettings.json app_manifest.json applibs_versions.h launch.vs.json main.cNETOS
Makefile.wolfcrypt.inc README.md include.am user_settings.h user_settings.h-cert2425 user_settings.h-cert3389 wolfssl_netos_custom.cPlatformIO
examples
wolfssl_benchmark
CMakeLists.txt README.md platformio.ini sdkconfig.defaults wolfssl_benchmark.code-workspaceROWLEY-CROSSWORKS-ARM
Kinetis_FlashPlacement.xml README.md arm_startup.c benchmark_main.c hw.h include.am kinetis_hw.c retarget.c test_main.c user_settings.h wolfssl.hzp wolfssl_ltc.hzpRenesas
e2studio
RA6M3
README.md README_APRA6M_en.md README_APRA6M_jp.md include.amRX72N
EnvisionKit
Simple
README_EN.md README_JP.mdwolfssl_demo
key_data.c key_data.h user_settings.h wolfssl_demo.c wolfssl_demo.h wolfssl_tsip_unit_test.cSTM32Cube
README.md STM32_Benchmarks.md default_conf.ftl include.am main.c wolfssl_example.c wolfssl_example.hWIN
README.txt include.am test.vcxproj user_settings.h user_settings_dtls.h wolfssl-fips.sln wolfssl-fips.vcxprojWIN-SRTP-KDF-140-3
README.txt include.am resource.h test.vcxproj user_settings.h wolfssl-fips.rc wolfssl-fips.sln wolfssl-fips.vcxprojWIN10
README.txt include.am resource.h test.vcxproj user_settings.h wolfssl-fips.rc wolfssl-fips.sln wolfssl-fips.vcxprojXCODE
Benchmark
include.amXilinxSDK
README.md bench.sh combine.sh eclipse_formatter_profile.xml graph.sh include.am user_settings.h wolfssl_example.capple-universal
wolfssl-multiplatform
iotsafe
Makefile README.md ca-cert.c devices.c devices.h include.am main.c memory-tls.c startup.c target.ld user_settings.hmynewt
README.md apps.wolfcrypttest.pkg.yml crypto.wolfssl.pkg.yml crypto.wolfssl.syscfg.yml include.am setup.shcerts
1024
ca-cert.der ca-cert.pem ca-key.der ca-key.pem client-cert.der client-cert.pem client-key.der client-key.pem client-keyPub.der dh1024.der dh1024.pem dsa-pub-1024.pem dsa1024.der dsa1024.pem include.am rsa1024.der server-cert.der server-cert.pem server-key.der server-key.pemcrl
extra-crls
ca-int-cert-revoked.pem claim-root.pem crl_critical_entry.pem crlnum_57oct.pem crlnum_64oct.pem general-server-crl.pem large_crlnum.pem large_crlnum2.pemdilithium
bench_dilithium_level2_key.der bench_dilithium_level3_key.der bench_dilithium_level5_key.der include.amecc
bp256r1-key.der bp256r1-key.pem ca-secp256k1-cert.pem ca-secp256k1-key.pem client-bp256r1-cert.der client-bp256r1-cert.pem client-secp256k1-cert.der client-secp256k1-cert.pem genecc.sh include.am secp256k1-key.der secp256k1-key.pem secp256k1-param.pem secp256k1-privkey.der secp256k1-privkey.pem server-bp256r1-cert.der server-bp256r1-cert.pem server-secp256k1-cert.der server-secp256k1-cert.pem server2-secp256k1-cert.der server2-secp256k1-cert.pem wolfssl.cnf wolfssl_384.cnfed25519
ca-ed25519-key.der ca-ed25519-key.pem ca-ed25519-priv.der ca-ed25519-priv.pem ca-ed25519.der ca-ed25519.pem client-ed25519-key.der client-ed25519-key.pem client-ed25519-priv.der client-ed25519-priv.pem client-ed25519.der client-ed25519.pem eddsa-ed25519.der eddsa-ed25519.pem gen-ed25519-certs.sh gen-ed25519-keys.sh gen-ed25519.sh include.am root-ed25519-key.der root-ed25519-key.pem root-ed25519-priv.der root-ed25519-priv.pem root-ed25519.der root-ed25519.pem server-ed25519-cert.pem server-ed25519-key.der server-ed25519-key.pem server-ed25519-priv.der server-ed25519-priv.pem server-ed25519.der server-ed25519.pemed448
ca-ed448-key.der ca-ed448-key.pem ca-ed448-priv.der ca-ed448-priv.pem ca-ed448.der ca-ed448.pem client-ed448-key.der client-ed448-key.pem client-ed448-priv.der client-ed448-priv.pem client-ed448.der client-ed448.pem gen-ed448-certs.sh gen-ed448-keys.sh include.am root-ed448-key.der root-ed448-key.pem root-ed448-priv.der root-ed448-priv.pem root-ed448.der root-ed448.pem server-ed448-cert.pem server-ed448-key.der server-ed448-key.pem server-ed448-priv.der server-ed448-priv.pem server-ed448.der server-ed448.pemexternal
DigiCertGlobalRootCA.pem README.txt ca-digicert-ev.pem ca-globalsign-root.pem ca-google-root.pem ca_collection.pem include.amintermediate
ca_false_intermediate
gentestcert.sh int_ca.key server.key test_ca.key test_ca.pem test_int_not_cacert.pem test_sign_bynoca_srv.pem wolfssl_base.conf wolfssl_srv.conflms
bc_hss_L2_H5_W8_root.der bc_hss_L3_H5_W4_root.der bc_lms_chain_ca.der bc_lms_chain_leaf.der bc_lms_native_bc_root.der bc_lms_sha256_h10_w8_root.der bc_lms_sha256_h5_w4_root.der include.ammldsa
README.txt include.am mldsa44-cert.der mldsa44-cert.pem mldsa44-key.pem mldsa44_bare-priv.der mldsa44_bare-seed.der mldsa44_oqskeypair.der mldsa44_priv-only.der mldsa44_pub-spki.der mldsa44_seed-only.der mldsa44_seed-priv.der mldsa65-cert.der mldsa65-cert.pem mldsa65-key.pem mldsa65_bare-priv.der mldsa65_bare-seed.der mldsa65_oqskeypair.der mldsa65_priv-only.der mldsa65_pub-spki.der mldsa65_seed-only.der mldsa65_seed-priv.der mldsa87-cert.der mldsa87-cert.pem mldsa87-key.pem mldsa87_bare-priv.der mldsa87_bare-seed.der mldsa87_oqskeypair.der mldsa87_priv-only.der mldsa87_pub-spki.der mldsa87_seed-only.der mldsa87_seed-priv.derocsp
imposter-root-ca-cert.der imposter-root-ca-cert.pem imposter-root-ca-key.der imposter-root-ca-key.pem include.am index-ca-and-intermediate-cas.txt index-ca-and-intermediate-cas.txt.attr index-intermediate1-ca-issued-certs.txt index-intermediate1-ca-issued-certs.txt.attr index-intermediate2-ca-issued-certs.txt index-intermediate2-ca-issued-certs.txt.attr index-intermediate3-ca-issued-certs.txt index-intermediate3-ca-issued-certs.txt.attr intermediate1-ca-cert.der intermediate1-ca-cert.pem intermediate1-ca-key.der intermediate1-ca-key.pem intermediate2-ca-cert.der intermediate2-ca-cert.pem intermediate2-ca-key.der intermediate2-ca-key.pem intermediate3-ca-cert.der intermediate3-ca-cert.pem intermediate3-ca-key.der intermediate3-ca-key.pem ocsp-responder-cert.der ocsp-responder-cert.pem ocsp-responder-key.der ocsp-responder-key.pem openssl.cnf renewcerts-for-test.sh renewcerts.sh root-ca-cert.der root-ca-cert.pem root-ca-crl.pem root-ca-key.der root-ca-key.pem server1-cert.der server1-cert.pem server1-chain-noroot.pem server1-key.der server1-key.pem server2-cert.der server2-cert.pem server2-key.der server2-key.pem server3-cert.der server3-cert.pem server3-key.der server3-key.pem server4-cert.der server4-cert.pem server4-key.der server4-key.pem server5-cert.der server5-cert.pem server5-key.der server5-key.pem test-leaf-response.der test-multi-response.der test-response-nointern.der test-response-rsapss.der test-response.derp521
ca-p521-key.der ca-p521-key.pem ca-p521-priv.der ca-p521-priv.pem ca-p521.der ca-p521.pem client-p521-key.der client-p521-key.pem client-p521-priv.der client-p521-priv.pem client-p521.der client-p521.pem gen-p521-certs.sh gen-p521-keys.sh include.am root-p521-key.der root-p521-key.pem root-p521-priv.der root-p521-priv.pem root-p521.der root-p521.pem server-p521-cert.pem server-p521-key.der server-p521-key.pem server-p521-priv.der server-p521-priv.pem server-p521.der server-p521.pemrpk
client-cert-rpk.der client-ecc-cert-rpk.der include.am server-cert-rpk.der server-ecc-cert-rpk.derrsapss
ca-3072-rsapss-key.der ca-3072-rsapss-key.pem ca-3072-rsapss-priv.der ca-3072-rsapss-priv.pem ca-3072-rsapss.der ca-3072-rsapss.pem ca-rsapss-key.der ca-rsapss-key.pem ca-rsapss-priv.der ca-rsapss-priv.pem ca-rsapss.der ca-rsapss.pem client-3072-rsapss-key.der client-3072-rsapss-key.pem client-3072-rsapss-priv.der client-3072-rsapss-priv.pem client-3072-rsapss.der client-3072-rsapss.pem client-rsapss-key.der client-rsapss-key.pem client-rsapss-priv.der client-rsapss-priv.pem client-rsapss.der client-rsapss.pem gen-rsapss-keys.sh include.am renew-rsapss-certs.sh root-3072-rsapss-key.der root-3072-rsapss-key.pem root-3072-rsapss-priv.der root-3072-rsapss-priv.pem root-3072-rsapss.der root-3072-rsapss.pem root-rsapss-key.der root-rsapss-key.pem root-rsapss-priv.der root-rsapss-priv.pem root-rsapss.der root-rsapss.pem server-3072-rsapss-cert.pem server-3072-rsapss-key.der server-3072-rsapss-key.pem server-3072-rsapss-priv.der server-3072-rsapss-priv.pem server-3072-rsapss.der server-3072-rsapss.pem server-mix-rsapss-cert.pem server-rsapss-cert.pem server-rsapss-key.der server-rsapss-key.pem server-rsapss-priv.der server-rsapss-priv.pem server-rsapss.der server-rsapss.pemslhdsa
bench_slhdsa_sha2_128f_key.der bench_slhdsa_sha2_128s_key.der bench_slhdsa_sha2_192f_key.der bench_slhdsa_sha2_192s_key.der bench_slhdsa_sha2_256f_key.der bench_slhdsa_sha2_256s_key.der bench_slhdsa_shake128f_key.der bench_slhdsa_shake128s_key.der bench_slhdsa_shake192f_key.der bench_slhdsa_shake192s_key.der bench_slhdsa_shake256f_key.der bench_slhdsa_shake256s_key.der client-mldsa44-priv.pem client-mldsa44-sha2.der client-mldsa44-sha2.pem client-mldsa44-shake.der client-mldsa44-shake.pem gen-slhdsa-mldsa-certs.sh include.am root-slhdsa-sha2-128s-priv.der root-slhdsa-sha2-128s-priv.pem root-slhdsa-sha2-128s.der root-slhdsa-sha2-128s.pem root-slhdsa-shake-128s-priv.der root-slhdsa-shake-128s-priv.pem root-slhdsa-shake-128s.der root-slhdsa-shake-128s.pem server-mldsa44-priv.pem server-mldsa44-sha2.der server-mldsa44-sha2.pem server-mldsa44-shake.der server-mldsa44-shake.pemsm2
ca-sm2-key.der ca-sm2-key.pem ca-sm2-priv.der ca-sm2-priv.pem ca-sm2.der ca-sm2.pem client-sm2-key.der client-sm2-key.pem client-sm2-priv.der client-sm2-priv.pem client-sm2.der client-sm2.pem fix_sm2_spki.py gen-sm2-certs.sh gen-sm2-keys.sh include.am root-sm2-key.der root-sm2-key.pem root-sm2-priv.der root-sm2-priv.pem root-sm2.der root-sm2.pem self-sm2-cert.pem self-sm2-key.pem self-sm2-priv.pem server-sm2-cert.der server-sm2-cert.pem server-sm2-key.der server-sm2-key.pem server-sm2-priv.der server-sm2-priv.pem server-sm2.der server-sm2.pemstatickeys
dh-ffdhe2048-params.pem dh-ffdhe2048-pub.der dh-ffdhe2048-pub.pem dh-ffdhe2048.der dh-ffdhe2048.pem ecc-secp256r1.der ecc-secp256r1.pem gen-static.sh include.am x25519-pub.der x25519-pub.pem x25519.der x25519.pemtest
catalog.txt cert-bad-neg-int.der cert-bad-oid.der cert-bad-utf8.der cert-ext-ia.cfg cert-ext-ia.der cert-ext-ia.pem cert-ext-joi.cfg cert-ext-joi.der cert-ext-joi.pem cert-ext-mnc.der cert-ext-multiple.cfg cert-ext-multiple.der cert-ext-multiple.pem cert-ext-nc-combined.der cert-ext-nc-combined.pem cert-ext-nc.cfg cert-ext-nc.der cert-ext-nc.pem cert-ext-ncdns.der cert-ext-ncdns.pem cert-ext-ncip.der cert-ext-ncip.pem cert-ext-ncmixed.der cert-ext-ncmulti.der cert-ext-ncmulti.pem cert-ext-ncrid.der cert-ext-ncrid.pem cert-ext-nct.cfg cert-ext-nct.der cert-ext-nct.pem cert-ext-ndir-exc.cfg cert-ext-ndir-exc.der cert-ext-ndir-exc.pem cert-ext-ndir.cfg cert-ext-ndir.der cert-ext-ndir.pem cert-ext-ns.der cert-over-max-altnames.cfg cert-over-max-altnames.der cert-over-max-altnames.pem cert-over-max-nc.cfg cert-over-max-nc.der cert-over-max-nc.pem client-ecc-cert-ski.hex cn-ip-literal.der cn-ip-wildcard.der crit-cert.pem crit-key.pem dh1024.der dh1024.pem dh512.der dh512.pem digsigku.pem encrypteddata.msg gen-badsig.sh gen-ext-certs.sh gen-testcerts.sh include.am kari-keyid-cms.msg ktri-keyid-cms.msg ossl-trusted-cert.pem server-badaltname.der server-badaltname.pem server-badaltnull.der server-badaltnull.pem server-badcn.der server-badcn.pem server-badcnnull.der server-badcnnull.pem server-cert-ecc-badsig.der server-cert-ecc-badsig.pem server-cert-rsa-badsig.der server-cert-rsa-badsig.pem server-duplicate-policy.pem server-garbage.der server-garbage.pem server-goodalt.der server-goodalt.pem server-goodaltwild.der server-goodaltwild.pem server-goodcn.der server-goodcn.pem server-goodcnwild.der server-goodcnwild.pem server-localhost.der server-localhost.pem smime-test-canon.p7s smime-test-multipart-badsig.p7s smime-test-multipart.p7s smime-test.p7stest-pathlen
assemble-chains.sh chainA-ICA1-key.pem chainA-ICA1-pathlen0.pem chainA-assembled.pem chainA-entity-key.pem chainA-entity.pem chainB-ICA1-key.pem chainB-ICA1-pathlen0.pem chainB-ICA2-key.pem chainB-ICA2-pathlen1.pem chainB-assembled.pem chainB-entity-key.pem chainB-entity.pem chainC-ICA1-key.pem chainC-ICA1-pathlen1.pem chainC-assembled.pem chainC-entity-key.pem chainC-entity.pem chainD-ICA1-key.pem chainD-ICA1-pathlen127.pem chainD-assembled.pem chainD-entity-key.pem chainD-entity.pem chainE-ICA1-key.pem chainE-ICA1-pathlen128.pem chainE-assembled.pem chainE-entity-key.pem chainE-entity.pem chainF-ICA1-key.pem chainF-ICA1-pathlen1.pem chainF-ICA2-key.pem chainF-ICA2-pathlen0.pem chainF-assembled.pem chainF-entity-key.pem chainF-entity.pem chainG-ICA1-key.pem chainG-ICA1-pathlen0.pem chainG-ICA2-key.pem chainG-ICA2-pathlen1.pem chainG-ICA3-key.pem chainG-ICA3-pathlen99.pem chainG-ICA4-key.pem chainG-ICA4-pathlen5.pem chainG-ICA5-key.pem chainG-ICA5-pathlen20.pem chainG-ICA6-key.pem chainG-ICA6-pathlen10.pem chainG-ICA7-key.pem chainG-ICA7-pathlen100.pem chainG-assembled.pem chainG-entity-key.pem chainG-entity.pem chainH-ICA1-key.pem chainH-ICA1-pathlen0.pem chainH-ICA2-key.pem chainH-ICA2-pathlen2.pem chainH-ICA3-key.pem chainH-ICA3-pathlen2.pem chainH-ICA4-key.pem chainH-ICA4-pathlen2.pem chainH-assembled.pem chainH-entity-key.pem chainH-entity.pem chainI-ICA1-key.pem chainI-ICA1-no_pathlen.pem chainI-ICA2-key.pem chainI-ICA2-no_pathlen.pem chainI-ICA3-key.pem chainI-ICA3-pathlen2.pem chainI-assembled.pem chainI-entity-key.pem chainI-entity.pem chainJ-ICA1-key.pem chainJ-ICA1-no_pathlen.pem chainJ-ICA2-key.pem chainJ-ICA2-no_pathlen.pem chainJ-ICA3-key.pem chainJ-ICA3-no_pathlen.pem chainJ-ICA4-key.pem chainJ-ICA4-pathlen2.pem chainJ-assembled.pem chainJ-entity-key.pem chainJ-entity.pem include.am refreshkeys.shtest-serial0
ee_normal.pem ee_serial0.pem generate_certs.sh include.am intermediate_serial0.pem root_serial0.pem root_serial0_key.pem selfsigned_nonca_serial0.pemxmss
bc_xmss_chain_ca.der bc_xmss_chain_leaf.der bc_xmss_sha2_10_256_root.der bc_xmss_sha2_16_256_root.der bc_xmssmt_sha2_20_2_256_root.der bc_xmssmt_sha2_20_4_256_root.der bc_xmssmt_sha2_40_8_256_root.der include.amcmake
Config.cmake.in README.md config.in functions.cmake include.am options.h.in wolfssl-config-version.cmake.in wolfssl-targets.cmake.indebian
changelog.in control.in copyright include.am libwolfssl-dev.install libwolfssl.install rules.indoc
dox_comments
header_files
aes.h arc4.h ascon.h asn.h asn_public.h blake2.h bn.h camellia.h chacha.h chacha20_poly1305.h cmac.h coding.h compress.h cryptocb.h curve25519.h curve448.h des3.h dh.h doxygen_groups.h doxygen_pages.h dsa.h ecc.h eccsi.h ed25519.h ed448.h error-crypt.h evp.h hash.h hmac.h iotsafe.h kdf.h logging.h md2.h md4.h md5.h memory.h ocsp.h pem.h pkcs11.h pkcs7.h poly1305.h psa.h puf.h pwdbased.h quic.h random.h ripemd.h rsa.h sakke.h sha.h sha256.h sha3.h sha512.h signature.h siphash.h srp.h ssl.h tfm.h types.h wc_encrypt.h wc_port.h wc_she.h wc_slhdsa.h wolfio.hheader_files-ja
aes.h arc4.h ascon.h asn.h asn_public.h blake2.h bn.h camellia.h chacha.h chacha20_poly1305.h cmac.h coding.h compress.h cryptocb.h curve25519.h curve448.h des3.h dh.h doxygen_groups.h doxygen_pages.h dsa.h ecc.h eccsi.h ed25519.h ed448.h error-crypt.h evp.h hash.h hmac.h iotsafe.h kdf.h logging.h md2.h md4.h md5.h memory.h ocsp.h pem.h pkcs11.h pkcs7.h poly1305.h psa.h pwdbased.h quic.h random.h ripemd.h rsa.h sakke.h sha.h sha256.h sha3.h sha512.h signature.h siphash.h srp.h ssl.h tfm.h types.h wc_encrypt.h wc_port.h wolfio.h
examples
async
Makefile README.md async_client.c async_server.c async_tls.c async_tls.h include.am user_settings.hconfigs
README.md include.am user_settings_EBSnet.h user_settings_all.h user_settings_arduino.h user_settings_baremetal.h user_settings_ca.h user_settings_curve25519nonblock.h user_settings_dtls13.h user_settings_eccnonblock.h user_settings_espressif.h user_settings_fipsv2.h user_settings_fipsv5.h user_settings_min_ecc.h user_settings_openssl_compat.h user_settings_pkcs7.h user_settings_platformio.h user_settings_pq.h user_settings_rsa_only.h user_settings_stm32.h user_settings_template.h user_settings_tls12.h user_settings_tls13.h user_settings_wolfboot_keytools.h user_settings_wolfssh.h user_settings_wolftpm.hechoclient
echoclient.c echoclient.h echoclient.sln echoclient.vcproj echoclient.vcxproj include.am quitlinuxkm
Kbuild Makefile README.md get_thread_size.c include.am linuxkm-fips-hash-wrapper.sh linuxkm-fips-hash.c linuxkm_memory.c linuxkm_memory.h linuxkm_wc_port.h lkcapi_aes_glue.c lkcapi_dh_glue.c lkcapi_ecdh_glue.c lkcapi_ecdsa_glue.c lkcapi_glue.c lkcapi_rsa_glue.c lkcapi_sha_glue.c module_exports.c.template module_hooks.c pie_redirect_table.c wolfcrypt.lds x86_vector_register_glue.cm4
ax_add_am_macro.m4 ax_am_jobserver.m4 ax_am_macros.m4 ax_append_compile_flags.m4 ax_append_flag.m4 ax_append_link_flags.m4 ax_append_to_file.m4 ax_atomic.m4 ax_bsdkm.m4 ax_check_compile_flag.m4 ax_check_link_flag.m4 ax_compiler_version.m4 ax_count_cpus.m4 ax_create_generic_config.m4 ax_debug.m4 ax_file_escapes.m4 ax_harden_compiler_flags.m4 ax_linuxkm.m4 ax_print_to_file.m4 ax_pthread.m4 ax_require_defined.m4 ax_tls.m4 ax_vcs_checkout.m4 hexversion.m4 lib_socket_nsl.m4 visibility.m4mqx
wolfcrypt_benchmark
ReferencedRSESystems.xml wolfcrypt_benchmark_twrk70f120m_Int_Flash_DDRData_Debug_PnE_U-MultiLink.launch wolfcrypt_benchmark_twrk70f120m_Int_Flash_DDRData_Release_PnE_U-MultiLink.launch wolfcrypt_benchmark_twrk70f120m_Int_Flash_SramData_Debug_JTrace.jlink wolfcrypt_benchmark_twrk70f120m_Int_Flash_SramData_Debug_JTrace.launch wolfcrypt_benchmark_twrk70f120m_Int_Flash_SramData_Debug_PnE_U-MultiLink.launch wolfcrypt_benchmark_twrk70f120m_Int_Flash_SramData_Release_PnE_U-MultiLink.launchwolfcrypt_test
ReferencedRSESystems.xml wolfcrypt_test_twrk70f120m_Int_Flash_DDRData_Debug_PnE_U-MultiLink.launch wolfcrypt_test_twrk70f120m_Int_Flash_DDRData_Release_PnE_U-MultiLink.launch wolfcrypt_test_twrk70f120m_Int_Flash_SramData_Debug_JTrace.jlink wolfcrypt_test_twrk70f120m_Int_Flash_SramData_Debug_JTrace.launch wolfcrypt_test_twrk70f120m_Int_Flash_SramData_Debug_PnE_U-MultiLink.launch wolfcrypt_test_twrk70f120m_Int_Flash_SramData_Release_PnE_U-MultiLink.launchwolfssl_client
ReferencedRSESystems.xml wolfssl_client_twrk70f120m_Int_Flash_DDRData_Debug_PnE_U-MultiLink.launch wolfssl_client_twrk70f120m_Int_Flash_DDRData_Release_PnE_U-MultiLink.launch wolfssl_client_twrk70f120m_Int_Flash_SramData_Debug_JTrace.jlink wolfssl_client_twrk70f120m_Int_Flash_SramData_Debug_JTrace.launch wolfssl_client_twrk70f120m_Int_Flash_SramData_Debug_PnE_U-MultiLink.launch wolfssl_client_twrk70f120m_Int_Flash_SramData_Release_PnE_U-MultiLink.launchscripts
aria-cmake-build-test.sh asn1_oid_sum.pl benchmark.test benchmark_compare.sh cleanup_testfiles.sh crl-gen-openssl.test crl-revoked.test dertoc.pl dtls.test dtlscid.test external.test google.test include.am makedistsmall.sh memtest.sh ocsp-responder-openssl-interop.test ocsp-stapling-with-ca-as-responder.test ocsp-stapling-with-wolfssl-responder.test ocsp-stapling.test ocsp-stapling2.test ocsp-stapling_tls13multi.test ocsp.test openssl.test openssl_srtp.test pem.test ping.test pkcallbacks.test psk.test resume.test rsapss.test sniffer-gen.sh sniffer-ipv6.pcap sniffer-static-rsa.pcap sniffer-testsuite.test sniffer-tls12-keylog.out sniffer-tls12-keylog.pcap sniffer-tls12-keylog.sslkeylog sniffer-tls13-dh-resume.pcap sniffer-tls13-dh.pcap sniffer-tls13-ecc-resume.pcap sniffer-tls13-ecc.pcap sniffer-tls13-hrr.pcap sniffer-tls13-keylog.out sniffer-tls13-keylog.pcap sniffer-tls13-keylog.sslkeylog sniffer-tls13-x25519-resume.pcap sniffer-tls13-x25519.pcap stm32l4-v4_0_1_build.sh tls13.test trusted_peer.test unit.test.in user_settings_asm.shsrc
bio.c conf.c crl.c dtls.c dtls13.c include.am internal.c keys.c ocsp.c pk.c pk_ec.c pk_rsa.c quic.c sniffer.c ssl.c ssl_api_cert.c ssl_api_crl_ocsp.c ssl_api_pk.c ssl_asn1.c ssl_bn.c ssl_certman.c ssl_crypto.c ssl_ech.c ssl_load.c ssl_misc.c ssl_p7p12.c ssl_sess.c ssl_sk.c tls.c tls13.c wolfio.c x509.c x509_str.ctests
api
api.h api_decl.h create_ocsp_test_blobs.py include.am test_aes.c test_aes.h test_arc4.c test_arc4.h test_ascon.c test_ascon.h test_ascon_kats.h test_asn.c test_asn.h test_blake2.c test_blake2.h test_camellia.c test_camellia.h test_certman.c test_certman.h test_chacha.c test_chacha.h test_chacha20_poly1305.c test_chacha20_poly1305.h test_cmac.c test_cmac.h test_curve25519.c test_curve25519.h test_curve448.c test_curve448.h test_des3.c test_des3.h test_dh.c test_dh.h test_digest.h test_dsa.c test_dsa.h test_dtls.c test_dtls.h test_ecc.c test_ecc.h test_ed25519.c test_ed25519.h test_ed448.c test_ed448.h test_evp.c test_evp.h test_evp_cipher.c test_evp_cipher.h test_evp_digest.c test_evp_digest.h test_evp_pkey.c test_evp_pkey.h test_hash.c test_hash.h test_hmac.c test_hmac.h test_md2.c test_md2.h test_md4.c test_md4.h test_md5.c test_md5.h test_mldsa.c test_mldsa.h test_mlkem.c test_mlkem.h test_ocsp.c test_ocsp.h test_ocsp_test_blobs.h test_ossl_asn1.c test_ossl_asn1.h test_ossl_bio.c test_ossl_bio.h test_ossl_bn.c test_ossl_bn.h test_ossl_cipher.c test_ossl_cipher.h test_ossl_dgst.c test_ossl_dgst.h test_ossl_dh.c test_ossl_dh.h test_ossl_dsa.c test_ossl_dsa.h test_ossl_ec.c test_ossl_ec.h test_ossl_ecx.c test_ossl_ecx.h test_ossl_mac.c test_ossl_mac.h test_ossl_obj.c test_ossl_obj.h test_ossl_p7p12.c test_ossl_p7p12.h test_ossl_pem.c test_ossl_pem.h test_ossl_rand.c test_ossl_rand.h test_ossl_rsa.c test_ossl_rsa.h test_ossl_sk.c test_ossl_sk.h test_ossl_x509.c test_ossl_x509.h test_ossl_x509_acert.c test_ossl_x509_acert.h test_ossl_x509_crypto.c test_ossl_x509_crypto.h test_ossl_x509_ext.c test_ossl_x509_ext.h test_ossl_x509_info.c test_ossl_x509_info.h test_ossl_x509_io.c test_ossl_x509_io.h test_ossl_x509_lu.c test_ossl_x509_lu.h test_ossl_x509_name.c test_ossl_x509_name.h test_ossl_x509_pk.c test_ossl_x509_pk.h test_ossl_x509_str.c test_ossl_x509_str.h test_ossl_x509_vp.c test_ossl_x509_vp.h test_pkcs12.c test_pkcs12.h test_pkcs7.c test_pkcs7.h test_poly1305.c test_poly1305.h test_random.c test_random.h test_rc2.c test_rc2.h test_ripemd.c test_ripemd.h test_rsa.c test_rsa.h test_sha.c test_sha.h test_sha256.c test_sha256.h test_sha3.c test_sha3.h test_sha512.c test_sha512.h test_she.c test_she.h test_signature.c test_signature.h test_slhdsa.c test_slhdsa.h test_sm2.c test_sm2.h test_sm3.c test_sm3.h test_sm4.c test_sm4.h test_tls.c test_tls.h test_tls13.c test_tls13.h test_tls_ext.c test_tls_ext.h test_wc_encrypt.c test_wc_encrypt.h test_wolfmath.c test_wolfmath.h test_x509.c test_x509.hwolfcrypt
benchmark
README.md benchmark-VS2022.sln benchmark-VS2022.vcxproj benchmark-VS2022.vcxproj.user benchmark.c benchmark.h benchmark.sln benchmark.vcproj benchmark.vcxproj include.amsrc
port
Espressif
esp_crt_bundle
README.md cacrt_all.pem cacrt_deprecated.pem cacrt_local.pem esp_crt_bundle.c gen_crt_bundle.py pio_install_cryptography.pyRenesas
README.md renesas_common.c renesas_fspsm_aes.c renesas_fspsm_rsa.c renesas_fspsm_sha.c renesas_fspsm_util.c renesas_rx64_hw_sha.c renesas_rx64_hw_util.c renesas_tsip_aes.c renesas_tsip_rsa.c renesas_tsip_sha.c renesas_tsip_util.carm
armv8-32-aes-asm.S armv8-32-aes-asm_c.c armv8-32-chacha-asm.S armv8-32-chacha-asm_c.c armv8-32-curve25519.S armv8-32-curve25519_c.c armv8-32-mlkem-asm.S armv8-32-mlkem-asm_c.c armv8-32-poly1305-asm.S armv8-32-poly1305-asm_c.c armv8-32-sha256-asm.S armv8-32-sha256-asm_c.c armv8-32-sha3-asm.S armv8-32-sha3-asm_c.c armv8-32-sha512-asm.S armv8-32-sha512-asm_c.c armv8-aes-asm.S armv8-aes-asm_c.c armv8-aes.c armv8-chacha-asm.S armv8-chacha-asm_c.c armv8-curve25519.S armv8-curve25519_c.c armv8-mlkem-asm.S armv8-mlkem-asm_c.c armv8-poly1305-asm.S armv8-poly1305-asm_c.c armv8-sha256-asm.S armv8-sha256-asm_c.c armv8-sha256.c armv8-sha3-asm.S armv8-sha3-asm_c.c armv8-sha512-asm.S armv8-sha512-asm_c.c armv8-sha512.c cryptoCell.c cryptoCellHash.c thumb2-aes-asm.S thumb2-aes-asm_c.c thumb2-chacha-asm.S thumb2-chacha-asm_c.c thumb2-curve25519.S thumb2-curve25519_c.c thumb2-mlkem-asm.S thumb2-mlkem-asm_c.c thumb2-poly1305-asm.S thumb2-poly1305-asm_c.c thumb2-sha256-asm.S thumb2-sha256-asm_c.c thumb2-sha3-asm.S thumb2-sha3-asm_c.c thumb2-sha512-asm.S thumb2-sha512-asm_c.ccaam
README.md caam_aes.c caam_doc.pdf caam_driver.c caam_error.c caam_integrity.c caam_qnx.c caam_sha.c wolfcaam_aes.c wolfcaam_cmac.c wolfcaam_ecdsa.c wolfcaam_fsl_nxp.c wolfcaam_hash.c wolfcaam_hmac.c wolfcaam_init.c wolfcaam_qnx.c wolfcaam_rsa.c wolfcaam_seco.c wolfcaam_x25519.cdevcrypto
README.md devcrypto_aes.c devcrypto_ecdsa.c devcrypto_hash.c devcrypto_hmac.c devcrypto_rsa.c devcrypto_x25519.c wc_devcrypto.criscv
riscv-64-aes.c riscv-64-chacha.c riscv-64-poly1305.c riscv-64-sha256.c riscv-64-sha3.c riscv-64-sha512.cwolfssl
openssl
aes.h asn1.h asn1t.h bio.h bn.h buffer.h camellia.h cmac.h cms.h compat_types.h conf.h crypto.h des.h dh.h dsa.h ec.h ec25519.h ec448.h ecdh.h ecdsa.h ed25519.h ed448.h engine.h err.h evp.h fips_rand.h hmac.h include.am kdf.h lhash.h md4.h md5.h modes.h obj_mac.h objects.h ocsp.h opensslconf.h opensslv.h ossl_typ.h pem.h pkcs12.h pkcs7.h rand.h rc4.h ripemd.h rsa.h safestack.h sha.h sha3.h srp.h ssl.h ssl23.h stack.h tls1.h txt_db.h ui.h x509.h x509_vfy.h x509v3.hwolfcrypt
port
Renesas
renesas-fspsm-crypt.h renesas-fspsm-types.h renesas-rx64-hw-crypt.h renesas-tsip-crypt.h renesas_cmn.h renesas_fspsm_internal.h renesas_sync.h renesas_tsip_internal.h renesas_tsip_types.hcaam
caam_driver.h caam_error.h caam_qnx.h wolfcaam.h wolfcaam_aes.h wolfcaam_cmac.h wolfcaam_ecdsa.h wolfcaam_fsl_nxp.h wolfcaam_hash.h wolfcaam_qnx.h wolfcaam_rsa.h wolfcaam_seco.h wolfcaam_sha.h wolfcaam_x25519.hwrapper
Ada
examples
src
aes_verify_main.adb rsa_verify_main.adb sha256_main.adb spark_sockets.adb spark_sockets.ads spark_terminal.adb spark_terminal.ads tls_client.adb tls_client.ads tls_client_main.adb tls_server.adb tls_server.ads tls_server_main.adbtests
src
aes_bindings_tests.adb aes_bindings_tests.ads rsa_verify_bindings_tests.adb rsa_verify_bindings_tests.ads sha256_bindings_tests.adb sha256_bindings_tests.ads tests.adbCSharp
wolfSSL-Example-IOCallbacks
App.config wolfSSL-Example-IOCallbacks.cs wolfSSL-Example-IOCallbacks.csprojwolfSSL-TLS-ServerThreaded
App.config wolfSSL-TLS-ServerThreaded.cs wolfSSL-TLS-ServerThreaded.csprojrust
wolfssl-wolfcrypt
src
aes.rs blake2.rs chacha20_poly1305.rs cmac.rs cmac_mac.rs curve25519.rs dh.rs dilithium.rs ecc.rs ecdsa.rs ed25519.rs ed448.rs fips.rs hkdf.rs hmac.rs hmac_mac.rs kdf.rs lib.rs lms.rs mlkem.rs mlkem_kem.rs pbkdf2_password_hash.rs prf.rs random.rs rsa.rs rsa_pkcs1v15.rs sha.rs sha_digest.rs sys.rstests
test_aes.rs test_blake2.rs test_chacha20_poly1305.rs test_cmac.rs test_cmac_mac.rs test_curve25519.rs test_dh.rs test_dilithium.rs test_ecc.rs test_ecdsa.rs test_ed25519.rs test_ed448.rs test_hkdf.rs test_hmac.rs test_hmac_mac.rs test_kdf.rs test_lms.rs test_mlkem.rs test_mlkem_kem.rs test_pbkdf2_password_hash.rs test_prf.rs test_random.rs test_rsa.rs test_rsa_pkcs1v15.rs test_sha.rs test_sha_digest.rs test_wolfcrypt.rszephyr
samples
wolfssl_benchmark
CMakeLists.txt README install_test.sh prj.conf sample.yaml zephyr_legacy.conf zephyr_v4.1.confwolfssl_test
CMakeLists.txt README install_test.sh prj-no-malloc.conf prj.conf sample.yaml zephyr_legacy.conf zephyr_v4.1.conf
wolfssl/examples/client/client.c
raw
1/* client.c
2 *
3 * Copyright (C) 2006-2026 wolfSSL Inc.
4 *
5 * This file is part of wolfSSL.
6 *
7 * wolfSSL is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
11 *
12 * wolfSSL is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
20 */
21
22/* For simpler wolfSSL TLS client examples, visit
23 * https://github.com/wolfSSL/wolfssl-examples/tree/master/tls
24 */
25
26#ifdef HAVE_CONFIG_H
27 #include <config.h>
28#endif
29
30#ifndef WOLFSSL_USER_SETTINGS
31 #include <wolfssl/options.h>
32#endif
33#include <wolfssl/wolfcrypt/settings.h>
34
35#include <wolfssl/ssl.h>
36
37#ifdef WOLFSSL_WOLFSENTRY_HOOKS
38#include <wolfsentry/wolfsentry.h>
39#if !defined(NO_FILESYSTEM) && !defined(WOLFSENTRY_NO_JSON)
40static const char *wolfsentry_config_path = NULL;
41#endif
42#endif /* WOLFSSL_WOLFSENTRY_HOOKS */
43
44#if defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET)
45 #include <stdio.h>
46 #include <string.h>
47 #include "rl_fs.h"
48 #include "rl_net.h"
49#endif
50
51#include <wolfssl/test.h>
52#include <wolfssl/error-ssl.h>
53
54#ifdef WOLFSSL_SWDEV
55 #include "tests/swdev/swdev_loader.h"
56#endif
57
58#ifdef USE_FLAT_TEST_H
59 #include "client.h"
60#else
61 #include "examples/client/client.h"
62#endif
63
64#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_TLS)
65
66
67#ifdef NO_FILESYSTEM
68#ifdef NO_RSA
69#error currently the example only tries to load in a RSA buffer
70#endif
71#undef USE_CERT_BUFFERS_256
72#define USE_CERT_BUFFERS_256
73#undef USE_CERT_BUFFERS_2048
74#define USE_CERT_BUFFERS_2048
75#include <wolfssl/certs_test.h>
76#endif
77
78#include <wolfssl/wolfcrypt/wolfmath.h> /* for max bits */
79
80#ifdef HAVE_ECC
81 #include <wolfssl/wolfcrypt/ecc.h>
82#endif
83
84#ifdef WOLFSSL_ASYNC_CRYPT
85 static int devId = INVALID_DEVID;
86#endif
87
88#define DEFAULT_TIMEOUT_SEC 2
89#ifndef MAX_NON_BLOCK_SEC
90#define MAX_NON_BLOCK_SEC 10
91#endif
92
93#define OCSP_STAPLING 1
94#define OCSP_STAPLINGV2 2
95#define OCSP_STAPLINGV2_MULTI 3
96#define OCSP_STAPLING_OPT_MAX OCSP_STAPLINGV2_MULTI
97
98#ifdef WOLFSSL_ALT_TEST_STRINGS
99 #define TEST_STR_TERM "\n"
100#else
101 #define TEST_STR_TERM
102#endif
103
104static const char kHelloMsg[] = "hello wolfssl!" TEST_STR_TERM;
105#ifndef NO_SESSION_CACHE
106static const char kResumeMsg[] = "resuming wolfssl!" TEST_STR_TERM;
107#endif
108
109#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_EARLY_DATA)
110 static const char kEarlyMsg[] = "A drop of info" TEST_STR_TERM;
111#endif
112static const char kHttpGetMsg[] = "GET /index.html HTTP/1.0\r\n\r\n";
113
114/* Write needs to be largest of the above strings (29) */
115#define CLI_MSG_SZ 32
116/* Read needs to be at least sizeof server.c `webServerMsg` (226) */
117#define CLI_REPLY_SZ 256
118
119#if defined(XSLEEP_US) && defined(NO_MAIN_DRIVER)
120 /* This is to force the server's thread to get a chance to
121 * execute before continuing the resume in non-blocking
122 * DTLS test cases. */
123 #define TEST_DELAY() XSLEEP_US(10000)
124#else
125 #define TEST_DELAY() XSLEEP_MS(1000)
126#endif
127
128/* Note on using port 0: the client standalone example doesn't utilize the
129 * port 0 port sharing; that is used by (1) the server in external control
130 * test mode and (2) the testsuite which uses this code and sets up the correct
131 * port numbers when the internal thread using the server code using port 0. */
132
133static int lng_index = 0;
134#ifdef WOLFSSL_CALLBACKS
135 WOLFSSL_TIMEVAL timeoutConnect;
136 static int handShakeCB(HandShakeInfo* info)
137 {
138 (void)info;
139 return 0;
140 }
141
142 static int timeoutCB(TimeoutInfo* info)
143 {
144 (void)info;
145 return 0;
146 }
147
148#endif
149
150static int quieter = 0; /* Print fewer messages. This is helpful with overly
151 * ambitious log parsers. */
152
153#define LOG_ERROR(...) \
154 do { \
155 if (!quieter) \
156 fprintf(stderr, __VA_ARGS__); \
157 } while(0)
158
159#ifdef HAVE_SESSION_TICKET
160
161#ifndef SESSION_TICKET_LEN
162#define SESSION_TICKET_LEN 2048
163#endif
164 static int sessionTicketCB(WOLFSSL* ssl,
165 const unsigned char* ticket, int ticketSz,
166 void* ctx)
167 {
168 (void)ssl;
169 (void)ticket;
170 printf("Session Ticket CB: ticketSz = %d, ctx = %s\n",
171 ticketSz, (char*)ctx);
172 return 0;
173 }
174#endif
175
176static int NonBlockingSSL_Connect(WOLFSSL* ssl)
177{
178 int ret;
179 int error;
180 SOCKET_T sockfd;
181 int select_ret = 0;
182 int elapsedSec = 0;
183
184#ifndef WOLFSSL_CALLBACKS
185 ret = wolfSSL_connect(ssl);
186#else
187 ret = wolfSSL_connect_ex(ssl, handShakeCB, timeoutCB, timeoutConnect);
188#endif
189 error = wolfSSL_get_error(ssl, 0);
190 sockfd = (SOCKET_T)wolfSSL_get_fd(ssl);
191
192 while (ret != WOLFSSL_SUCCESS &&
193 (error == WOLFSSL_ERROR_WANT_READ || error == WOLFSSL_ERROR_WANT_WRITE
194 #ifdef WOLFSSL_ASYNC_CRYPT
195 || error == WC_NO_ERR_TRACE(WC_PENDING_E)
196 #endif
197 #ifdef WOLFSSL_NONBLOCK_OCSP
198 || error == WC_NO_ERR_TRACE(OCSP_WANT_READ)
199 #endif
200 )) {
201 int currTimeout = 1;
202
203 if (error == WOLFSSL_ERROR_WANT_READ)
204 printf("... client would read block\n");
205 else if (error == WOLFSSL_ERROR_WANT_WRITE)
206 printf("... client would write block\n");
207
208#ifdef WOLFSSL_ASYNC_CRYPT
209 if (error == WC_NO_ERR_TRACE(WC_PENDING_E)) {
210 ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
211 if (ret < 0) break;
212 }
213 else
214#endif
215 {
216 if (error == WOLFSSL_ERROR_WANT_WRITE) {
217 select_ret = tcp_select_tx(sockfd, currTimeout);
218
219 }
220 else
221 {
222 #ifdef WOLFSSL_DTLS
223 if (wolfSSL_dtls(ssl))
224 currTimeout = wolfSSL_dtls_get_current_timeout(ssl);
225 #endif
226 select_ret = tcp_select(sockfd, currTimeout);
227 }
228 }
229
230 if ((select_ret == TEST_RECV_READY) || (select_ret == TEST_SEND_READY)
231 || (select_ret == TEST_ERROR_READY)
232 #ifdef WOLFSSL_ASYNC_CRYPT
233 || error == WC_NO_ERR_TRACE(WC_PENDING_E)
234 #endif
235 #ifdef WOLFSSL_NONBLOCK_OCSP
236 || error == WC_NO_ERR_TRACE(OCSP_WANT_READ)
237 #endif
238 ) {
239 #ifndef WOLFSSL_CALLBACKS
240 ret = wolfSSL_connect(ssl);
241 #else
242 ret = wolfSSL_connect_ex(ssl, handShakeCB, timeoutCB,
243 timeoutConnect);
244 #endif
245 error = wolfSSL_get_error(ssl, 0);
246 elapsedSec = 0; /* reset elapsed */
247 }
248 else if (select_ret == TEST_TIMEOUT && !wolfSSL_dtls(ssl)) {
249 error = WOLFSSL_ERROR_WANT_READ;
250
251 elapsedSec += currTimeout;
252 if (elapsedSec > MAX_NON_BLOCK_SEC) {
253 printf("Nonblocking connect timeout\n");
254 error = WOLFSSL_FATAL_ERROR;
255 }
256 }
257#ifdef WOLFSSL_DTLS
258 else if (select_ret == TEST_TIMEOUT && wolfSSL_dtls(ssl)) {
259 ret = wolfSSL_dtls_got_timeout(ssl);
260 if (ret != WOLFSSL_SUCCESS)
261 error = wolfSSL_get_error(ssl, ret);
262 else
263 error = WOLFSSL_ERROR_WANT_READ;
264 ret = WOLFSSL_FAILURE; /* Reset error so we loop */
265 }
266#endif
267 else {
268 error = WOLFSSL_FATAL_ERROR;
269 }
270 }
271
272 return ret;
273}
274
275
276static void ShowCiphers(void)
277{
278 static char ciphers[WOLFSSL_CIPHER_LIST_MAX_SIZE];
279 int ret = wolfSSL_get_ciphers(ciphers, (int)sizeof(ciphers));
280 if (ret == WOLFSSL_SUCCESS) {
281 printf("%s\n", ciphers);
282 }
283}
284
285/* Shows which versions are valid */
286static void ShowVersions(void)
287{
288 char verStr[100];
289 XMEMSET(verStr, 0, sizeof(verStr));
290#ifndef NO_OLD_TLS
291 #ifdef WOLFSSL_ALLOW_SSLV3
292 XSTRNCAT(verStr, "0:", 3);
293 #endif
294 #ifdef WOLFSSL_ALLOW_TLSV10
295 XSTRNCAT(verStr, "1:", 3);
296 #endif
297 XSTRNCAT(verStr, "2:", 3);
298#endif /* NO_OLD_TLS */
299#ifndef WOLFSSL_NO_TLS12
300 XSTRNCAT(verStr, "3:", 3);
301#endif
302#ifdef WOLFSSL_TLS13
303 XSTRNCAT(verStr, "4:", 3);
304#endif
305 XSTRNCAT(verStr, "d(downgrade):", 14);
306#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
307 XSTRNCAT(verStr, "e(either):", 11);
308#endif
309 /* print all strings at same time on stdout to avoid any flush issues */
310 printf("%s\n", verStr);
311}
312
313#if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES)
314#define MAX_GROUP_NUMBER 4
315static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519,
316 int useX448, int useBp, int usePqc, char* pqcAlg,
317 int setGroups)
318{
319 int ret;
320 int groups[MAX_GROUP_NUMBER] = {0};
321 int count = 0;
322
323 (void)useX25519;
324 (void)useX448;
325 (void)useBp;
326 (void)usePqc;
327 (void)pqcAlg;
328
329 WOLFSSL_START(WC_FUNC_CLIENT_KEY_EXCHANGE_SEND);
330 if (onlyKeyShare == 0 || onlyKeyShare == 2) {
331 if (useX25519) {
332 #ifdef HAVE_CURVE25519
333 do {
334 ret = wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_X25519);
335 if (ret == WOLFSSL_SUCCESS)
336 groups[count++] = WOLFSSL_ECC_X25519;
337 #ifdef WOLFSSL_ASYNC_CRYPT
338 else if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
339 wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
340 #endif
341 else
342 err_sys("unable to use curve x25519");
343 } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
344 #endif
345 }
346 else if (useX448) {
347 #ifdef HAVE_CURVE448
348 do {
349 ret = wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_X448);
350 if (ret == WOLFSSL_SUCCESS)
351 groups[count++] = WOLFSSL_ECC_X448;
352 #ifdef WOLFSSL_ASYNC_CRYPT
353 else if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
354 wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
355 #endif
356 else
357 err_sys("unable to use curve x448");
358 } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
359 #endif
360 }
361 else if (useBp) {
362 #if defined(HAVE_ECC) && defined(HAVE_ECC_BRAINPOOL)
363 #if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256
364 do {
365 ret = wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_BRAINPOOLP256R1TLS13);
366 if (ret == WOLFSSL_SUCCESS)
367 groups[count++] = WOLFSSL_ECC_BRAINPOOLP256R1TLS13;
368 #ifdef WOLFSSL_ASYNC_CRYPT
369 else if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
370 wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
371 #endif
372 else
373 err_sys("unable to use curve brainpoolp256r1");
374 } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
375 #endif
376 #endif
377 }
378 else {
379 #ifdef HAVE_ECC
380 #if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES)
381 do {
382 ret = wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_SECP256R1);
383 if (ret == WOLFSSL_SUCCESS)
384 groups[count++] = WOLFSSL_ECC_SECP256R1;
385 #ifdef WOLFSSL_ASYNC_CRYPT
386 else if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
387 wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
388 #endif
389 else
390 err_sys("unable to use curve secp256r1");
391 } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
392 #endif
393 #ifdef WOLFSSL_SM2
394 do {
395 ret = wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_SM2P256V1);
396 if (ret == WOLFSSL_SUCCESS)
397 groups[count++] = WOLFSSL_ECC_SM2P256V1;
398 #ifdef WOLFSSL_ASYNC_CRYPT
399 else if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
400 wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
401 #endif
402 else
403 err_sys("unable to use curve sm2p256v1");
404 } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
405 #endif
406 #endif
407 }
408 }
409 if (onlyKeyShare == 0 || onlyKeyShare == 1) {
410 #ifdef HAVE_FFDHE_2048
411 do {
412 ret = wolfSSL_UseKeyShare(ssl, WOLFSSL_FFDHE_2048);
413 if (ret == WOLFSSL_SUCCESS)
414 groups[count++] = WOLFSSL_FFDHE_2048;
415 #ifdef WOLFSSL_ASYNC_CRYPT
416 else if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
417 wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
418 #endif
419 else
420 err_sys("unable to use DH 2048-bit parameters");
421 } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
422 #endif
423 }
424 #ifdef WOLFSSL_HAVE_MLKEM
425 if (onlyKeyShare == 0 || onlyKeyShare == 3) {
426 if (usePqc) {
427 int group = 0;
428
429 #ifndef WOLFSSL_NO_ML_KEM
430 #if !defined(WOLFSSL_NO_ML_KEM_512) && \
431 !defined(WOLFSSL_TLS_NO_MLKEM_STANDALONE)
432 if (XSTRCMP(pqcAlg, "ML_KEM_512") == 0) {
433 group = WOLFSSL_ML_KEM_512;
434 }
435 else
436 #endif
437 #if !defined(WOLFSSL_NO_ML_KEM_768) && \
438 !defined(WOLFSSL_TLS_NO_MLKEM_STANDALONE)
439 if (XSTRCMP(pqcAlg, "ML_KEM_768") == 0) {
440 group = WOLFSSL_ML_KEM_768;
441 }
442 else
443 #endif
444 #if !defined(WOLFSSL_NO_ML_KEM_1024) && \
445 !defined(WOLFSSL_TLS_NO_MLKEM_STANDALONE)
446 if (XSTRCMP(pqcAlg, "ML_KEM_1024") == 0) {
447 group = WOLFSSL_ML_KEM_1024;
448 }
449 else
450 #endif
451 #if !defined(WOLFSSL_NO_ML_KEM_512) && \
452 defined(WOLFSSL_EXTRA_PQC_HYBRIDS)
453 if (XSTRCMP(pqcAlg, "SecP256r1MLKEM512") == 0) {
454 group = WOLFSSL_SECP256R1MLKEM512;
455 }
456 else
457 #endif
458 #ifndef WOLFSSL_NO_ML_KEM_768
459 #ifdef WOLFSSL_EXTRA_PQC_HYBRIDS
460 if (XSTRCMP(pqcAlg, "SecP384r1MLKEM768") == 0) {
461 group = WOLFSSL_SECP384R1MLKEM768;
462 }
463 else
464 #endif /* WOLFSSL_EXTRA_PQC_HYBRIDS */
465 #ifdef WOLFSSL_PQC_HYBRIDS
466 if (XSTRCMP(pqcAlg, "SecP256r1MLKEM768") == 0) {
467 group = WOLFSSL_SECP256R1MLKEM768;
468 }
469 else
470 #endif /* WOLFSSL_PQC_HYBRIDS */
471 #endif
472 #ifndef WOLFSSL_NO_ML_KEM_1024
473 #ifdef WOLFSSL_EXTRA_PQC_HYBRIDS
474 if (XSTRCMP(pqcAlg, "SecP521r1MLKEM1024") == 0) {
475 group = WOLFSSL_SECP521R1MLKEM1024;
476 }
477 else
478 #endif /* WOLFSSL_EXTRA_PQC_HYBRIDS */
479 #ifdef WOLFSSL_PQC_HYBRIDS
480 if (XSTRCMP(pqcAlg, "SecP384r1MLKEM1024") == 0) {
481 group = WOLFSSL_SECP384R1MLKEM1024;
482 }
483 else
484 #endif /* WOLFSSL_PQC_HYBRIDS */
485 #endif
486 #if !defined(WOLFSSL_NO_ML_KEM_512) && defined(HAVE_CURVE25519) && \
487 defined(WOLFSSL_EXTRA_PQC_HYBRIDS)
488 if (XSTRCMP(pqcAlg, "X25519MLKEM512") == 0) {
489 group = WOLFSSL_X25519MLKEM512;
490 }
491 else
492 #endif
493 #if !defined(WOLFSSL_NO_ML_KEM_768) && defined(HAVE_CURVE25519) && \
494 defined(WOLFSSL_PQC_HYBRIDS)
495 if (XSTRCMP(pqcAlg, "X25519MLKEM768") == 0) {
496 group = WOLFSSL_X25519MLKEM768;
497 }
498 else
499 #endif
500 #if !defined(WOLFSSL_NO_ML_KEM_768) && defined(HAVE_CURVE448) && \
501 defined(WOLFSSL_EXTRA_PQC_HYBRIDS)
502 if (XSTRCMP(pqcAlg, "X448MLKEM768") == 0) {
503 group = WOLFSSL_X448MLKEM768;
504 }
505 else
506 #endif
507 #endif /* WOLFSSL_NO_ML_KEM */
508 #ifdef WOLFSSL_MLKEM_KYBER
509 #ifndef WOLFSSL_NO_KYBER512
510 if (XSTRCMP(pqcAlg, "KYBER_LEVEL1") == 0) {
511 group = WOLFSSL_KYBER_LEVEL1;
512 }
513 else
514 #endif
515 #ifndef WOLFSSL_NO_KYBER768
516 if (XSTRCMP(pqcAlg, "KYBER_LEVEL3") == 0) {
517 group = WOLFSSL_KYBER_LEVEL3;
518 }
519 else
520 #endif
521 #ifndef WOLFSSL_NO_KYBER1024
522 if (XSTRCMP(pqcAlg, "KYBER_LEVEL5") == 0) {
523 group = WOLFSSL_KYBER_LEVEL5;
524 }
525 else
526 #endif
527 #ifndef WOLFSSL_NO_KYBER512
528 if (XSTRCMP(pqcAlg, "P256_KYBER_LEVEL1") == 0) {
529 group = WOLFSSL_P256_KYBER_LEVEL1;
530 }
531 else
532 #endif
533 #ifndef WOLFSSL_NO_KYBER768
534 if (XSTRCMP(pqcAlg, "P384_KYBER_LEVEL3") == 0) {
535 group = WOLFSSL_P384_KYBER_LEVEL3;
536 }
537 else if (XSTRCMP(pqcAlg, "P256_KYBER_LEVEL3") == 0) {
538 group = WOLFSSL_P256_KYBER_LEVEL3;
539 }
540 else
541 #endif
542 #ifndef WOLFSSL_NO_KYBER1024
543 if (XSTRCMP(pqcAlg, "P521_KYBER_LEVEL5") == 0) {
544 group = WOLFSSL_P521_KYBER_LEVEL5;
545 }
546 else
547 #endif
548 #if !defined(WOLFSSL_NO_KYBER512) && defined(HAVE_CURVE25519)
549 if (XSTRCMP(pqcAlg, "X25519_KYBER_LEVEL1") == 0) {
550 group = WOLFSSL_X25519_KYBER_LEVEL1;
551 }
552 else
553 #endif
554 #if !defined(WOLFSSL_NO_KYBER768) && defined(HAVE_CURVE25519)
555 if (XSTRCMP(pqcAlg, "X25519_KYBER_LEVEL3") == 0) {
556 group = WOLFSSL_X25519_KYBER_LEVEL3;
557 }
558 else
559 #endif
560 #if !defined(WOLFSSL_NO_KYBER768) && defined(HAVE_CURVE448)
561 if (XSTRCMP(pqcAlg, "X448_KYBER_LEVEL3") == 0) {
562 group = WOLFSSL_X448_KYBER_LEVEL3;
563 }
564 else
565 #endif
566 #endif /* WOLFSSL_MLKEM_KYBER */
567 {
568 err_sys("invalid post-quantum KEM specified");
569 }
570
571 printf("Using Post-Quantum KEM: %s\n", pqcAlg);
572 do {
573 ret = wolfSSL_UseKeyShare(ssl, group);
574 if (ret == WOLFSSL_SUCCESS)
575 groups[count++] = group;
576 #ifdef WOLFSSL_ASYNC_CRYPT
577 else if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
578 wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
579 #endif
580 else
581 err_sys("unable to use post-quantum KEM");
582 } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
583
584 #ifdef WOLFSSL_DTLS13
585 if (wolfSSL_dtls(ssl)) {
586 /* When the KeyShare is too large for an unfragmented
587 * ClientHello, DTLS sends an empty KeyShare extension to
588 * use the Hello Retry Request to enable fragmentation.
589 * In order to enforce our desired PQC algorithm in the
590 * second ClientHello, we need to set it as the only one
591 * allowed in the SupportedGroups extension. */
592 setGroups = 1;
593 }
594 #endif /* WOLFSSL_DTLS13 */
595 }
596 }
597 #endif
598 if (count >= MAX_GROUP_NUMBER)
599 err_sys("example group array size error");
600 if (setGroups && count > 0) {
601 if (wolfSSL_set_groups(ssl, groups, count) != WOLFSSL_SUCCESS)
602 err_sys("unable to set groups");
603 }
604 WOLFSSL_END(WC_FUNC_CLIENT_KEY_EXCHANGE_SEND);
605}
606#endif /* WOLFSSL_TLS13 && HAVE_SUPPORTED_CURVES */
607
608#ifdef WOLFSSL_EARLY_DATA
609static int EarlyData(WOLFSSL_CTX* ctx, WOLFSSL* ssl, const char* msg,
610 int msgSz, char* buffer)
611{
612 int err;
613 int ret;
614
615 (void)ctx;
616 (void)buffer;
617 WOLFSSL_ASYNC_WHILE_PENDING(ret = wolfSSL_write_early_data(ssl, msg, msgSz, &msgSz),
618 ret <= 0);
619 if (ret != msgSz) {
620 err = wolfSSL_get_error(ssl, ret);
621 LOG_ERROR("SSL_write_early_data msg error %d, %s\n", err,
622 wolfSSL_ERR_error_string((unsigned long)err, buffer));
623 return -1;
624 }
625 return 0;
626}
627#endif
628
629/* Measures average time to create, connect and disconnect a connection (TPS).
630Benchmark = number of connections. */
631static const char* client_bench_conmsg[][5] = {
632 /* English */
633 {
634 "wolfSSL_resume avg took:", "milliseconds\n",
635 "wolfSSL_connect avg took:", "milliseconds\n",
636 NULL
637 },
638 #ifndef NO_MULTIBYTE_PRINT
639 /* Japanese */
640 {
641 "wolfSSL_resume ๅนณๅๆ้:", "ใใช็ง\n",
642 "wolfSSL_connect ๅนณๅๆ้:", "ใใช็ง\n",
643 }
644 #endif
645};
646
647static int ClientBenchmarkConnections(WOLFSSL_CTX* ctx, char* host, word16 port,
648 int dtlsUDP, int dtlsSCTP, int benchmark, int resumeSession, int useX25519,
649 int useX448, int usePqc, char* pqcAlg, int helloRetry, int onlyKeyShare,
650 int version, int earlyData, int useBp)
651{
652 /* time passed in number of connects give average */
653 int times = benchmark, skip = (int)((double)times * 0.1);
654 int loops = resumeSession ? 2 : 1;
655 int i = 0, err, ret;
656#ifndef NO_SESSION_CACHE
657 WOLFSSL_SESSION* benchSession = NULL;
658#endif
659#ifdef WOLFSSL_TLS13
660 byte reply[CLI_REPLY_SZ];
661#endif
662 const char** words = client_bench_conmsg[lng_index];
663
664 (void)resumeSession;
665 (void)useX25519;
666 (void)useX448;
667 (void)usePqc;
668 (void)pqcAlg;
669 (void)helloRetry;
670 (void)onlyKeyShare;
671 (void)version;
672 (void)earlyData;
673 (void)useBp;
674
675 while (loops--) {
676 #ifndef NO_SESSION_CACHE
677 int benchResume = resumeSession && loops == 0;
678 #endif
679 double start = current_time(1), avg;
680
681 for (i = 0; i < times; i++) {
682 SOCKET_T sockfd;
683 WOLFSSL* ssl;
684
685 if (i == skip)
686 start = current_time(1);
687
688 ssl = wolfSSL_new(ctx);
689 if (ssl == NULL)
690 err_sys("unable to get SSL object");
691
692 #ifndef NO_SESSION_CACHE
693 if (benchResume)
694 wolfSSL_set_session(ssl, benchSession);
695 #endif
696 #if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES)
697 else if (version >= 4) {
698 if (!helloRetry)
699 SetKeyShare(ssl, onlyKeyShare, useX25519, useX448,
700 useBp, usePqc, pqcAlg, 1);
701 else
702 wolfSSL_NoKeyShares(ssl);
703 }
704 #endif
705
706 tcp_connect(&sockfd, host, port, dtlsUDP, dtlsSCTP, ssl);
707
708 if (wolfSSL_set_fd(ssl, sockfd) != WOLFSSL_SUCCESS) {
709 err_sys("error in setting fd");
710 }
711
712 #if defined(WOLFSSL_TLS13) && !defined(NO_SESSION_CACHE) && \
713 defined(WOLFSSL_EARLY_DATA)
714 if (version >= 4 && benchResume && earlyData) {
715 char buffer[WOLFSSL_MAX_ERROR_SZ];
716 EarlyData(ctx, ssl, kEarlyMsg, sizeof(kEarlyMsg)-1, buffer);
717 }
718 #endif
719 WOLFSSL_ASYNC_WHILE_PENDING(ret = wolfSSL_connect(ssl),
720 ret != WOLFSSL_SUCCESS);
721 #ifdef WOLFSSL_EARLY_DATA
722 EarlyDataStatus(ssl);
723 #endif
724 if (ret != WOLFSSL_SUCCESS) {
725 err_sys("SSL_connect failed");
726 }
727
728 #ifdef WOLFSSL_TLS13
729 #ifndef NO_SESSION_CACHE
730 if (version >= 4 && resumeSession && !benchResume)
731 #else
732 if (version >= 4 && resumeSession)
733 #endif
734 {
735 /* no null term */
736 if (wolfSSL_write(ssl, kHttpGetMsg, sizeof(kHttpGetMsg)-1) <= 0)
737 err_sys("SSL_write failed");
738
739 if (wolfSSL_read(ssl, reply, sizeof(reply)-1) <= 0)
740 err_sys("SSL_read failed");
741 }
742 #endif
743
744
745 wolfSSL_shutdown(ssl);
746 #ifndef NO_SESSION_CACHE
747 if (i == (times-1) && resumeSession) {
748 if (benchSession != NULL)
749 wolfSSL_SESSION_free(benchSession);
750 benchSession = wolfSSL_get1_session(ssl);
751 }
752 #endif
753 wolfSSL_free(ssl); ssl = NULL;
754 CloseSocket(sockfd);
755 }
756 avg = current_time(0) - start;
757 avg /= (times - skip);
758 avg *= 1000; /* milliseconds */
759 #ifndef NO_SESSION_CACHE
760 if (benchResume)
761 printf("%s %8.3f %s\n", words[0],avg, words[1]);
762 else
763 #endif
764 printf("%s %8.3f %s\n", words[2],avg, words[3]);
765
766 WOLFSSL_TIME(times);
767 }
768
769#ifndef NO_SESSION_CACHE
770 if (benchSession != NULL)
771 wolfSSL_SESSION_free(benchSession);
772#endif
773
774 return EXIT_SUCCESS;
775}
776
777/* Measures throughput in mbps. Throughput = number of bytes */
778static int ClientBenchmarkThroughput(WOLFSSL_CTX* ctx, char* host, word16 port,
779 int dtlsUDP, int dtlsSCTP, int block, size_t throughput, int useX25519,
780 int useX448, int usePqc, char* pqcAlg, int exitWithRet, int version,
781 int onlyKeyShare, int useBp)
782{
783 double start, conn_time = 0, tx_time = 0, rx_time = 0;
784 SOCKET_T sockfd = WOLFSSL_SOCKET_INVALID;
785 WOLFSSL* ssl;
786 int ret = 0, err = 0;
787
788 start = current_time(1);
789 ssl = wolfSSL_new(ctx);
790 if (ssl == NULL)
791 err_sys("unable to get SSL object");
792
793 tcp_connect(&sockfd, host, port, dtlsUDP, dtlsSCTP, ssl);
794 if (wolfSSL_set_fd(ssl, sockfd) != WOLFSSL_SUCCESS) {
795 err_sys("error in setting fd");
796 }
797
798 (void)useX25519;
799 (void)useX448;
800 (void)usePqc;
801 (void)pqcAlg;
802 (void)useBp;
803 (void)version;
804 (void)onlyKeyShare;
805#if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES)
806 if (version >= 4) {
807 SetKeyShare(ssl, onlyKeyShare, useX25519, useX448, useBp, usePqc,
808 pqcAlg, 1);
809 }
810#endif
811
812 WOLFSSL_ASYNC_WHILE_PENDING(ret = wolfSSL_connect(ssl),
813 ret != WOLFSSL_SUCCESS);
814 if (ret == WOLFSSL_SUCCESS) {
815 /* Perform throughput test */
816 char *tx_buffer, *rx_buffer;
817
818 /* Record connection time */
819 conn_time = current_time(0) - start;
820
821 /* Allocate TX/RX buffers */
822 tx_buffer = (char*)XMALLOC((size_t)block, NULL, DYNAMIC_TYPE_TMP_BUFFER);
823 rx_buffer = (char*)XMALLOC((size_t)block, NULL, DYNAMIC_TYPE_TMP_BUFFER);
824 if (tx_buffer && rx_buffer) {
825 WC_RNG rng;
826
827 /* Startup the RNG */
828 #if !defined(HAVE_FIPS) && defined(WOLFSSL_ASYNC_CRYPT)
829 ret = wc_InitRng_ex(&rng, NULL, devId);
830 #else
831 ret = wc_InitRng(&rng);
832 #endif
833 if (ret == 0) {
834 size_t xfer_bytes;
835
836 /* Generate random data to send */
837 ret = wc_RNG_GenerateBlock(&rng, (byte*)tx_buffer, (word32)block);
838 wc_FreeRng(&rng);
839 if(ret != 0) {
840 err_sys("wc_RNG_GenerateBlock failed");
841 }
842
843 /* Perform TX and RX of bytes */
844 xfer_bytes = 0;
845 while (throughput > xfer_bytes) {
846 int len, rx_pos, select_ret;
847
848 /* Determine packet size */
849 len = (int)min((word32)block, (word32)(throughput - xfer_bytes));
850
851 /* Perform TX */
852 start = current_time(1);
853 WOLFSSL_ASYNC_WHILE_PENDING(ret = wolfSSL_write(ssl, tx_buffer, len),
854 ret <= 0);
855 if (ret != len) {
856 err = wolfSSL_get_error(ssl, 0);
857 LOG_ERROR("SSL_write bench error %d!\n", err);
858 if (!exitWithRet)
859 err_sys("SSL_write failed");
860 goto doExit;
861 }
862 tx_time += current_time(0) - start;
863
864 /* Perform RX */
865 select_ret = tcp_select(sockfd, DEFAULT_TIMEOUT_SEC);
866 if (select_ret == TEST_RECV_READY) {
867 start = current_time(1);
868 rx_pos = 0;
869 while (rx_pos < len) {
870 ret = wolfSSL_read(ssl, &rx_buffer[rx_pos],
871 len - rx_pos);
872 if (ret <= 0) {
873 err = wolfSSL_get_error(ssl, 0);
874 #ifdef WOLFSSL_ASYNC_CRYPT
875 if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
876 ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
877 if (ret < 0) break;
878 }
879 else
880 #endif
881 if (err != WOLFSSL_ERROR_WANT_READ &&
882 err != WOLFSSL_ERROR_WANT_WRITE) {
883 LOG_ERROR("SSL_read bench error %d\n", err);
884 err_sys("SSL_read failed");
885 }
886 }
887 else {
888 rx_pos += ret;
889 }
890 }
891 rx_time += current_time(0) - start;
892 }
893
894 /* Compare TX and RX buffers */
895 if (XMEMCMP(tx_buffer, rx_buffer, (size_t)len) != 0) {
896 XFREE(tx_buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
897 tx_buffer = NULL;
898 XFREE(rx_buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
899 rx_buffer = NULL;
900 err_sys("Compare TX and RX buffers failed");
901 }
902
903 /* Update overall position */
904 xfer_bytes += (size_t)len;
905 }
906 }
907 else {
908 err_sys("wc_InitRng failed");
909 }
910 (void)rng; /* for WC_NO_RNG case */
911 }
912 else {
913 err_sys("Client buffer malloc failed");
914 }
915doExit:
916 XFREE(tx_buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
917 XFREE(rx_buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
918 }
919 else {
920 err = wolfSSL_get_error(ssl, 0);
921 LOG_ERROR("wolfSSL_connect error %d, %s\n", err,
922 wolfSSL_ERR_error_string((unsigned long)err, NULL));
923 if (!exitWithRet)
924 err_sys("wolfSSL_connect failed");
925 }
926
927 wolfSSL_shutdown(ssl);
928 wolfSSL_free(ssl); ssl = NULL;
929 CloseSocket(sockfd);
930
931 if (exitWithRet)
932 return err;
933
934#if defined(__MINGW32__) || defined(_WIN32)
935#define SIZE_FMT "%d"
936#define SIZE_TYPE int
937#else
938#define SIZE_FMT "%zu"
939#define SIZE_TYPE size_t
940#endif
941 printf(
942 "wolfSSL Client Benchmark " SIZE_FMT " bytes\n"
943 "\tConnect %8.3f ms\n"
944 "\tTX %8.3f ms (%8.3f MBps)\n"
945 "\tRX %8.3f ms (%8.3f MBps)\n",
946 (SIZE_TYPE)throughput,
947 conn_time * 1000,
948 (double)tx_time * 1000, (double)throughput / tx_time / 1024 / 1024,
949 (double)rx_time * 1000, (double)throughput / rx_time / 1024 / 1024
950 );
951
952 return EXIT_SUCCESS;
953}
954
955const char* starttlsCmd[6] = {
956 "220",
957 "EHLO mail.example.com\r\n",
958 "250",
959 "STARTTLS\r\n",
960 "220",
961 "QUIT\r\n",
962};
963
964/* Initiates the STARTTLS command sequence over TCP */
965static int StartTLS_Init(SOCKET_T* sockfd)
966{
967 char tmpBuf[512];
968
969 if (sockfd == NULL)
970 return BAD_FUNC_ARG;
971
972 /* S: 220 <host> SMTP service ready */
973 XMEMSET(tmpBuf, 0, sizeof(tmpBuf));
974 if (recv(*sockfd, tmpBuf, sizeof(tmpBuf)-1, 0) < 0)
975 err_sys("failed to read STARTTLS command\n");
976
977 if ((!XSTRNCMP(tmpBuf, starttlsCmd[0], XSTRLEN(starttlsCmd[0]))) &&
978 (tmpBuf[XSTRLEN(starttlsCmd[0])] == ' ')) {
979 printf("%s\n", tmpBuf);
980 } else {
981 err_sys("incorrect STARTTLS command received");
982 }
983
984 /* C: EHLO mail.example.com */
985 if (send(*sockfd, starttlsCmd[1], (SIZE_TYPE)XSTRLEN(starttlsCmd[1]), 0) !=
986 (int)XSTRLEN(starttlsCmd[1]))
987 err_sys("failed to send STARTTLS EHLO command\n");
988
989 /* S: 250 <host> offers a warm hug of welcome */
990 XMEMSET(tmpBuf, 0, sizeof(tmpBuf));
991 if (recv(*sockfd, tmpBuf, sizeof(tmpBuf)-1, 0) < 0)
992 err_sys("failed to read STARTTLS command\n");
993
994 if ((!XSTRNCMP(tmpBuf, starttlsCmd[2], XSTRLEN(starttlsCmd[2]))) &&
995 (tmpBuf[XSTRLEN(starttlsCmd[2])] == '-')) {
996 printf("%s\n", tmpBuf);
997 } else {
998 err_sys("incorrect STARTTLS command received");
999 }
1000
1001 /* C: STARTTLS */
1002 if (send(*sockfd, starttlsCmd[3], (SIZE_TYPE)XSTRLEN(starttlsCmd[3]), 0) !=
1003 (int)XSTRLEN(starttlsCmd[3])) {
1004 err_sys("failed to send STARTTLS command\n");
1005 }
1006
1007 /* S: 220 Go ahead */
1008 XMEMSET(tmpBuf, 0, sizeof(tmpBuf));
1009 if (recv(*sockfd, tmpBuf, sizeof(tmpBuf)-1, 0) < 0)
1010 err_sys("failed to read STARTTLS command\n");
1011 tmpBuf[sizeof(tmpBuf)-1] = '\0';
1012
1013 if ((!XSTRNCMP(tmpBuf, starttlsCmd[4], XSTRLEN(starttlsCmd[4]))) &&
1014 (tmpBuf[XSTRLEN(starttlsCmd[4])] == ' ')) {
1015 printf("%s\n", tmpBuf);
1016 } else {
1017 err_sys("incorrect STARTTLS command received, expected 220");
1018 }
1019
1020 return WOLFSSL_SUCCESS;
1021}
1022
1023/* Closes down the SMTP connection */
1024static int SMTP_Shutdown(WOLFSSL* ssl, int wc_shutdown)
1025{
1026 int ret, err = 0;
1027 char tmpBuf[256];
1028
1029 if (ssl == NULL)
1030 return BAD_FUNC_ARG;
1031
1032 printf("\nwolfSSL client shutting down SMTP connection\n");
1033
1034 XMEMSET(tmpBuf, 0, sizeof(tmpBuf));
1035
1036 /* C: QUIT */
1037 WOLFSSL_ASYNC_WHILE_PENDING(
1038 ret = wolfSSL_write(ssl, starttlsCmd[5], (int)XSTRLEN(starttlsCmd[5])),
1039 ret < 0);
1040 if (ret != (int)XSTRLEN(starttlsCmd[5])) {
1041 err_sys("failed to send SMTP QUIT command\n");
1042 }
1043
1044 /* S: 221 2.0.0 Service closing transmission channel */
1045 WOLFSSL_ASYNC_WHILE_PENDING(
1046 ret = wolfSSL_read(ssl, tmpBuf, sizeof(tmpBuf)-1),
1047 ret < 0);
1048 if (ret < 0) {
1049 err_sys("failed to read SMTP closing down response\n");
1050 }
1051 tmpBuf[ret] = 0; /* null terminate message */
1052 printf("%s\n", tmpBuf);
1053
1054 ret = wolfSSL_shutdown(ssl);
1055 if (wc_shutdown && ret == WC_NO_ERR_TRACE(WOLFSSL_SHUTDOWN_NOT_DONE)) {
1056 if (tcp_select(wolfSSL_get_fd(ssl), DEFAULT_TIMEOUT_SEC) ==
1057 TEST_RECV_READY) {
1058 ret = wolfSSL_shutdown(ssl); /* bidirectional shutdown */
1059 if (ret == WOLFSSL_SUCCESS)
1060 printf("Bidirectional shutdown complete\n");
1061 }
1062 if (ret != WOLFSSL_SUCCESS)
1063 LOG_ERROR("Bidirectional shutdown failed\n");
1064 }
1065
1066 return WOLFSSL_SUCCESS;
1067}
1068
1069static int ClientWrite(WOLFSSL* ssl, const char* msg, int msgSz, const char* str,
1070 int exitWithRet)
1071{
1072 int ret, err;
1073
1074 do {
1075 err = 0; /* reset error */
1076 ret = wolfSSL_write(ssl, msg, msgSz);
1077 if (ret <= 0) {
1078 err = wolfSSL_get_error(ssl, 0);
1079 #ifdef WOLFSSL_ASYNC_CRYPT
1080 if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
1081 ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
1082 if (ret < 0) break;
1083 }
1084 #endif
1085 }
1086 } while (err == WOLFSSL_ERROR_WANT_WRITE ||
1087 err == WOLFSSL_ERROR_WANT_READ
1088 #ifdef WOLFSSL_ASYNC_CRYPT
1089 || err == WC_NO_ERR_TRACE(WC_PENDING_E)
1090 #endif
1091 );
1092 if (ret != msgSz) {
1093 char buffer[WOLFSSL_MAX_ERROR_SZ];
1094 LOG_ERROR("SSL_write%s msg error %d, %s\n", str, err,
1095 wolfSSL_ERR_error_string((unsigned long)err, buffer));
1096 if (!exitWithRet) {
1097 err_sys("SSL_write failed");
1098 }
1099 }
1100
1101 return err;
1102}
1103
1104static int ClientRead(WOLFSSL* ssl, char* reply, int replyLen, int mustRead,
1105 const char* str, int exitWithRet)
1106{
1107 int ret, err;
1108 char buffer[WOLFSSL_MAX_ERROR_SZ];
1109 double start = current_time(1), elapsed;
1110
1111 do {
1112 err = 0; /* reset error */
1113 ret = wolfSSL_read(ssl, reply, replyLen);
1114 if (ret <= 0) {
1115 err = wolfSSL_get_error(ssl, 0);
1116 #ifdef WOLFSSL_ASYNC_CRYPT
1117 if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
1118 ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
1119 if (ret < 0) break;
1120 }
1121 else
1122 #endif
1123 if (err != WOLFSSL_ERROR_WANT_READ &&
1124 err != WOLFSSL_ERROR_WANT_WRITE &&
1125 err != WC_NO_ERR_TRACE(APP_DATA_READY))
1126 {
1127 LOG_ERROR("SSL_read reply error %d, %s\n", err,
1128 wolfSSL_ERR_error_string((unsigned long)err, buffer));
1129 if (!exitWithRet) {
1130 err_sys("SSL_read failed");
1131 }
1132 else {
1133 break;
1134 }
1135 }
1136 }
1137
1138 if (mustRead &&
1139 (err == WOLFSSL_ERROR_WANT_READ
1140 || err == WOLFSSL_ERROR_WANT_WRITE)) {
1141 elapsed = current_time(0) - start;
1142 if (elapsed > MAX_NON_BLOCK_SEC) {
1143 LOG_ERROR("Nonblocking read timeout\n");
1144 ret = WOLFSSL_FATAL_ERROR;
1145 break;
1146 }
1147 }
1148 } while ((mustRead && err == WOLFSSL_ERROR_WANT_READ)
1149 || err == WOLFSSL_ERROR_WANT_WRITE
1150 #ifdef WOLFSSL_ASYNC_CRYPT
1151 || err == WC_NO_ERR_TRACE(WC_PENDING_E)
1152 #endif
1153 || err == WC_NO_ERR_TRACE(APP_DATA_READY)
1154 );
1155 if (ret > 0) {
1156 reply[ret] = 0; /* null terminate */
1157 printf("%s%s\n", str, reply);
1158 }
1159
1160 return err;
1161}
1162
1163static int ClientWriteRead(WOLFSSL* ssl, const char* msg, int msgSz,
1164 char* reply, int replyLen, int mustRead,
1165 const char* str, int exitWithRet)
1166{
1167 int ret = 0;
1168
1169 do {
1170 ret = ClientWrite(ssl, msg, msgSz, str, exitWithRet);
1171 if (ret != 0) {
1172 if (!exitWithRet)
1173 err_sys("ClientWrite failed");
1174 else
1175 break;
1176 }
1177 if (wolfSSL_dtls(ssl)) {
1178 ret = tcp_select(wolfSSL_get_fd(ssl), DEFAULT_TIMEOUT_SEC);
1179 if (ret == TEST_TIMEOUT) {
1180 continue;
1181 }
1182 else if (ret == TEST_RECV_READY) {
1183 /* Ready to read */
1184 }
1185 else {
1186 LOG_ERROR("%s tcp_select error\n", str);
1187 if (!exitWithRet)
1188 err_sys("tcp_select failed");
1189 else
1190 ret = WOLFSSL_FATAL_ERROR;
1191 break;
1192 }
1193 }
1194 ret = ClientRead(ssl, reply, replyLen, mustRead, str, exitWithRet);
1195 if (mustRead && ret != 0) {
1196 if (!exitWithRet)
1197 err_sys("ClientRead failed");
1198 else
1199 break;
1200 }
1201 break;
1202 } while (1);
1203
1204 if (ret != 0) {
1205 char buffer[WOLFSSL_MAX_ERROR_SZ];
1206 LOG_ERROR("SSL_write%s msg error %d, %s\n", str, ret,
1207 wolfSSL_ERR_error_string((unsigned long)ret, buffer));
1208 }
1209
1210 return ret;
1211}
1212
1213/* when adding new option, please follow the steps below: */
1214/* 1. add new option message in English section */
1215/* 2. increase the number of the second column */
1216/* 3. increase the array dimension */
1217/* 4. add the same message into Japanese section */
1218/* (will be translated later) */
1219/* 5. add printf() into suitable position of Usage() */
1220static const char* client_usage_msg[][81] = {
1221 /* English */
1222 {
1223 " NOTE: All files relative to wolfSSL home dir\n", /* 0 */
1224 "Max RSA key size in bits for build is set at : ", /* 1 */
1225#ifdef NO_RSA
1226 "RSA not supported\n", /* 2 */
1227#elif defined(WOLFSSL_SP_MATH) /* case of SP math only */
1228#ifdef WOLFSSL_SP_4096
1229 "4096\n", /* 2 */
1230#elif !defined(WOLFSSL_SP_NO_3072)
1231 "3072\n", /* 2 */
1232#elif !defined(WOLFSSL_SP_NO_2048)
1233 "2048\n", /* 2 */
1234#else
1235 "0\n", /* 2 */
1236#endif
1237#elif defined(USE_FAST_MATH)
1238#else
1239 "INFINITE\n", /* 2 */
1240#endif
1241 "-? <num> Help, print this usage\n"
1242 " 0: English, 1: Japanese\n"
1243 "--help Help, in English\n", /* 3 */
1244 "-h <host> Host to connect to, default", /* 4 */
1245 "-p <num> Port to connect on, not 0, default", /* 5 */
1246
1247#ifndef WOLFSSL_TLS13
1248 "-v <num> SSL version [0-3], SSLv3(0) - TLS1.2(3)), default", /* 6 */
1249 "-V Prints valid ssl version numbers"
1250 ", SSLv3(0) - TLS1.2(3)\n", /* 7 */
1251#else
1252 "-v <num> SSL version [0-4], SSLv3(0) - TLS1.3(4)), default", /* 6 */
1253 "-V Prints valid ssl version numbers,"
1254 " SSLv3(0) - TLS1.3(4)\n", /* 7 */
1255#endif
1256 "-l <str> Cipher suite list (: delimited)\n", /* 8 */
1257#ifndef NO_CERTS
1258#ifndef WOLFSSL_NO_CLIENT_AUTH
1259 "-c <file> Certificate file, default", /* 9 */
1260 "-k <file> Key file, default", /* 10 */
1261#endif
1262 "-A <file> Certificate Authority file, default", /* 11 */
1263#endif
1264#ifndef NO_DH
1265 "-Z <num> Minimum DH key bits, default", /* 12 */
1266#endif
1267 "-b <num> Benchmark <num> connections and print stats\n", /* 13 */
1268#ifdef HAVE_ALPN
1269 "-L <str> Application-Layer Protocol"
1270 " Negotiation ({C,F}:<list>)\n", /* 14 */
1271#endif
1272 "-B <num> Benchmark throughput"
1273 " using <num> bytes and print stats\n", /* 15 */
1274#ifndef NO_PSK
1275 "-s Use pre Shared keys\n", /* 16 */
1276#endif
1277 "-d Disable peer checks\n", /* 17 */
1278 "-D Override Date Errors example\n", /* 18 */
1279 "-e List Every cipher suite available, \n", /* 19 */
1280 "-g Send server HTTP GET\n", /* 20 */
1281#ifdef WOLFSSL_DTLS
1282#ifndef WOLFSSL_DTLS13
1283 "-u Use UDP DTLS, add -v 2 for DTLSv1, -v 3 for DTLSv1.2"
1284 " (default)\n", /* 21 */
1285#else
1286 "-u Use UDP DTLS, add -v 2 for DTLSv1, -v 3 for DTLSv1.2"
1287 " (default), -v 4 for DTLSv1.3\n", /* 21 */
1288#endif /* !WOLFSSL_DTLS13 */
1289#endif
1290#ifdef WOLFSSL_SCTP
1291 "-G Use SCTP DTLS,"
1292 " add -v 2 for DTLSv1, -v 3 for DTLSv1.2 (default)\n", /* 22 */
1293#endif
1294#ifndef NO_CERTS
1295 "-m Match domain name in cert\n", /* 23 */
1296#endif
1297 "-N Use Non-blocking sockets\n", /* 24 */
1298#ifndef NO_SESSION_CACHE
1299 "-r Resume session\n", /* 25 */
1300#endif
1301 "-w Wait for bidirectional shutdown\n", /* 26 */
1302 "-M <prot> Use STARTTLS, using <prot> protocol (smtp)\n", /* 27 */
1303#ifdef HAVE_SECURE_RENEGOTIATION
1304 "-R Allow Secure Renegotiation\n", /* 28 */
1305 "-i <str> Force client Initiated Secure Renegotiation. If the\n"
1306 " string 'scr-app-data' is passed in as the value and\n"
1307 " Non-blocking sockets are enabled ('-N') then wolfSSL\n"
1308 " sends a test message during the secure renegotiation.\n"
1309 " The string parameter is optional.\n", /* 29 */
1310#endif
1311 "-f Fewer packets/group messages\n", /* 30 */
1312#if !defined(NO_CERTS) && !defined(WOLFSSL_NO_CLIENT_AUTH)
1313 "-x Disable client cert/key loading\n", /* 31 */
1314#endif
1315 "-X Driven by eXternal test case\n", /* 32 */
1316 "-j Use verify callback override\n", /* 33 */
1317#ifdef SHOW_SIZES
1318 "-z Print structure sizes\n", /* 34 */
1319#endif
1320#ifdef HAVE_SNI
1321 "-S <str> Use Host Name Indication\n", /* 35 */
1322#endif
1323#ifdef HAVE_MAX_FRAGMENT
1324 "-F <num> Use Maximum Fragment Length [1-6]\n", /* 36 */
1325#endif
1326#ifdef HAVE_TRUNCATED_HMAC
1327 "-T Use Truncated HMAC\n", /* 37 */
1328#endif
1329#ifdef HAVE_EXTENDED_MASTER
1330 "-n Disable Extended Master Secret\n", /* 38 */
1331#endif
1332#ifdef HAVE_OCSP
1333 "-o Perform OCSP lookup on peer certificate\n", /* 39 */
1334 "-O <url> Perform OCSP lookup using <url> as responder\n", /* 40 */
1335#endif
1336#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
1337 || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
1338 "-W <num> Use OCSP Stapling (1 v1, 2 v2, 3 v2 multi)\n", /* 41 */
1339 " With 'm' at end indicates MUST staple\n", /* 42 */
1340#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TLS_OCSP_MULTI)
1341 " -W 1 -v 4, Perform multi OCSP stapling for TLS13\n",
1342 /* 43 */
1343#endif
1344#endif
1345#if defined(ATOMIC_USER) && !defined(WOLFSSL_AEAD_ONLY)
1346 "-U Atomic User Record Layer Callbacks\n", /* 44 */
1347#endif
1348#ifdef HAVE_PK_CALLBACKS
1349 "-P Public Key Callbacks\n", /* 45 */
1350#endif
1351#ifdef HAVE_ANON
1352 "-a Anonymous client\n", /* 46 */
1353#endif
1354#ifdef HAVE_CRL
1355 "-C Disable CRL\n", /* 47 */
1356#endif
1357#ifdef WOLFSSL_TRUST_PEER_CERT
1358 "-E <file> Path to load trusted peer cert\n", /* 48 */
1359#endif
1360#ifdef HAVE_WNR
1361 "-q <file> Whitewood config file, defaults\n", /* 49 */
1362#endif
1363 "-H <arg> Internal tests"
1364 " [defCipherList, exitWithRet, verifyFail, useSupCurve,\n"
1365 " loadSSL, disallowETM]\n", /* 50 */
1366#ifdef WOLFSSL_TLS13
1367 "-J Use HelloRetryRequest to choose group for KE\n", /* 51 */
1368 "-K Key Exchange for PSK not using (EC)DHE\n", /* 52 */
1369 "-I Update keys and IVs before sending data\n", /* 53 */
1370#ifndef NO_DH
1371 "-y Key Share with FFDHE named groups only\n", /* 54 */
1372#endif
1373#ifdef HAVE_ECC
1374 "-Y Key Share with ECC named groups only\n", /* 55 */
1375#endif
1376#endif /* WOLFSSL_TLS13 */
1377#ifdef HAVE_CURVE25519
1378 "-t Use X25519 for key exchange\n", /* 56 */
1379#endif
1380#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) && \
1381 !defined(WOLFSSL_NO_CLIENT_AUTH)
1382 "-Q Support requesting certificate post-handshake\n", /* 57 */
1383#endif
1384#ifdef WOLFSSL_EARLY_DATA
1385 "-0 Early data sent to server (0-RTT handshake)\n", /* 58 */
1386#endif
1387#ifdef WOLFSSL_MULTICAST
1388 "-3 <grpid> Multicast, grpid < 256\n", /* 59 */
1389#endif
1390 "-1 <num> Display a result by specified language.\n"
1391 " 0: English, 1: Japanese\n", /* 60 */
1392#if !defined(NO_DH) && !defined(HAVE_FIPS) && \
1393 !defined(HAVE_SELFTEST) && !defined(WOLFSSL_OLD_PRIME_CHECK)
1394 "-2 Disable DH Prime check\n", /* 61 */
1395#endif
1396#ifdef HAVE_SECURE_RENEGOTIATION
1397 "-4 Use resumption for renegotiation\n", /* 62 */
1398#endif
1399#ifdef HAVE_TRUSTED_CA
1400 "-5 Use Trusted CA Key Indication\n", /* 63 */
1401#endif
1402 "-6 Simulate WANT_WRITE errors on every other IO send\n", /* 64 */
1403#ifdef HAVE_CURVE448
1404 "-8 Use X448 for key exchange\n", /* 65 */
1405#endif
1406#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
1407 (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
1408 !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
1409 "-9 Use hash dir look up for certificate loading\n"
1410 " loading from <wolfSSL home>/certs folder\n"
1411 " files in the folder would have the form \"hash.N\" file name\n"
1412 " e.g symbolic link to the file at certs folder\n"
1413 " ln -s ca-cert.pem `openssl x509 -in ca-cert.pem -hash -noout`.0\n",
1414 /* 66 */
1415#endif
1416#if defined(WOLFSSL_WOLFSENTRY_HOOKS) && !defined(NO_FILESYSTEM) && \
1417 !defined(WOLFSENTRY_NO_JSON)
1418 "--wolfsentry-config <file> Path for JSON wolfSentry config\n",
1419 /* 67 */
1420#endif
1421#ifndef WOLFSSL_TLS13
1422 "-7 Set minimum downgrade protocol version [0-3] "
1423 " SSLv3(0) - TLS1.2(3)\n",
1424#else
1425 "-7 Set minimum downgrade protocol version [0-4] "
1426 " SSLv3(0) - TLS1.3(4)\n", /* 68 */
1427#endif
1428#ifdef WOLFSSL_HAVE_MLKEM
1429 "--pqc <alg> Key Share with specified post-quantum algorithm only:\n"
1430#ifndef WOLFSSL_NO_ML_KEM
1431 " ML_KEM_512, ML_KEM_768, ML_KEM_1024,\n"
1432 " SecP256r1MLKEM512,\n"
1433 " SecP384r1MLKEM768,\n"
1434 " SecP521r1MLKEM1024,\n"
1435 " SecP256r1MLKEM768,\n"
1436 " SecP521r1MLKEM1024,\n"
1437 " SecP384r1MLKEM1024,\n"
1438 " X25519MLKEM512,\n"
1439 " X25519MLKEM768,\n"
1440 " X448MLKEM768\n"
1441#endif
1442#ifdef WOLFSSL_MLKEM_KYBER
1443 " KYBER_LEVEL1, KYBER_LEVEL3, KYBER_LEVEL5, "
1444 "P256_KYBER_LEVEL1,\n"
1445 " P384_KYBER_LEVEL3, P256_KYBER_LEVEL3, "
1446 "P521_KYBER_LEVEL5,\n"
1447 " X25519_KYBER_LEVEL1, X25519_KYBER_LEVEL3, "
1448 "X448_KYBER_LEVEL3\n"
1449#endif
1450 "",
1451 /* 69 */
1452#endif
1453#ifdef WOLFSSL_SRTP
1454 "--srtp <profile> (default is SRTP_AES128_CM_SHA1_80)\n", /* 70 */
1455#endif
1456#ifdef WOLFSSL_SYS_CA_CERTS
1457 "--sys-ca-certs Load system CA certs for server cert verification\n", /* 71 */
1458#endif
1459#ifdef HAVE_SUPPORTED_CURVES
1460 "--onlyPskDheKe Must use DHE key exchange with PSK\n", /* 72 */
1461#endif
1462#ifndef NO_PSK
1463 "--openssl-psk Use TLS 1.3 PSK callback compatible with OpenSSL\n", /* 73 */
1464#endif
1465#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_CERT_WITH_EXTERN_PSK) && \
1466 !defined(NO_PSK)
1467 "--psk-with-certs Use TLS 1.3 PSK with certificates\n", /* 74 */
1468#endif
1469#ifdef HAVE_RPK
1470 "--rpk Use RPK for the defined certificates\n", /* 75 */
1471#endif
1472 "--files-are-der Specified files are in DER, not PEM format\n", /* 76 */
1473#ifdef WOLFSSL_SYS_CRYPTO_POLICY
1474 "--crypto-policy <path to crypto policy file>\n", /* 77 */
1475#endif
1476#ifdef HAVE_ECC_BRAINPOOL
1477 "--bpKs Use Brainpool ECC group for key share\n", /* 78 */
1478#endif
1479#if defined(WOLFSSL_TLS13) && defined(HAVE_ECH)
1480 "--ech <base64> Use Encrypted Client Hello with base64 encoded "
1481 "ECH configs\n",
1482 /* 79 */
1483#endif
1484 "\n"
1485 "For simpler wolfSSL TLS client examples, visit\n"
1486 "https://github.com/wolfSSL/wolfssl-examples/tree/master/tls\n", /* 80 */
1487 NULL,
1488 },
1489#ifndef NO_MULTIBYTE_PRINT
1490 /* Japanese */
1491 {
1492 " ๆณจๆ : ๅ
จใฆใฎใใกใคใซใฏ wolfSSL ใใผใ ใปใใฃใฌใฏใใชใใใฎ็ธๅฏพใงใใ"
1493 "\n", /* 0 */
1494 "RSAใฎๆๅคงใใใใฏๆฌกใฎใใใซ่จญๅฎใใใฆใใพใ: ", /* 1 */
1495#ifdef NO_RSA
1496 "RSAใฏใตใใผใใใใฆใใพใใใ\n", /* 2 */
1497#elif defined(WOLFSSL_SP_MATH) /* case of SP math only */
1498#ifndef WOLFSSL_SP_NO_3072
1499 "3072\n", /* 2 */
1500#elif !defined(WOLFSSL_SP_NO_2048)
1501 "2048\n", /* 2 */
1502#else
1503 "0\n", /* 2 */
1504#endif
1505#elif defined(USE_FAST_MATH)
1506#else
1507 "็ก้\n", /* 2 */
1508#endif
1509 "-? <num> ใใซใ, ไฝฟใๆนใ่กจ็คบ\n"
1510 " 0: ่ฑ่ชใ 1: ๆฅๆฌ่ช\n"
1511 "--ใใซใ ๆฅๆฌ่ชใงไฝฟใๆนใ่กจ็คบ\n", /* 3 */
1512 "-h <host> ๆฅ็ถๅ
ใในใ, ๆขๅฎๅค", /* 4 */
1513 "-p <num> ๆฅ็ถๅ
ใใผใ, 0ใฏ็กๅน, ๆขๅฎๅค", /* 5 */
1514
1515#ifndef WOLFSSL_TLS13
1516 "-v <num> SSL ใใผใธใงใณ [0-3], SSLv3(0) - TLS1.2(3)),"
1517 " ๆขๅฎๅค", /* 6 */
1518 "-V ๆๅนใช ssl ใใผใธใงใณ็ชๅทใๅบๅ, SSLv3(0) -"
1519 " TLS1.2(3)\n", /* 7 */
1520#else
1521 "-v <num> SSL ใใผใธใงใณ [0-4], SSLv3(0) - TLS1.3(4)),"
1522 " ๆขๅฎๅค", /* 6 */
1523 "-V ๆๅนใช ssl ใใผใธใงใณ็ชๅทใๅบๅ, SSLv3(0) -"
1524 " TLS1.3(4)\n", /* 7 */
1525#endif
1526 "-l <str> ๆๅทในใคใผใใชในใ (ๅบๅใๆๅญ :)\n", /* 8 */
1527#ifndef NO_CERTS
1528#ifndef WOLFSSL_NO_CLIENT_AUTH
1529 "-c <file> ่จผๆๆธใใกใคใซ, ๆขๅฎๅค", /* 9 */
1530 "-k <file> ้ตใใกใคใซ, ๆขๅฎๅค", /* 10 */
1531#endif
1532 "-A <file> ่ช่จผๅฑใใกใคใซ, ๆขๅฎๅค", /* 11 */
1533#endif
1534#ifndef NO_DH
1535 "-Z <num> ๆๅฐ DH ้ต ใใใ, ๆขๅฎๅค", /* 12 */
1536#endif
1537 "-b <num> ใใณใใใผใฏ <num> ๆฅ็ถๅใณ็ตๆๅบๅใใ\n", /* 13 */
1538#ifdef HAVE_ALPN
1539 "-L <str> ใขใใชใฑใผใทใงใณๅฑคใใญใใณใซใใดใทใจใผใทใงใณใ่กใ"
1540 " ({C,F}:<list>)\n", /* 14 */
1541#endif
1542 "-B <num> <num> ใใคใใ็จใใฆใฎใใณใใใผใฏใปในใซใผใใใๆธฌๅฎ"
1543 "ใจ็ตๆใๅบๅใใ\n", /* 15 */
1544#ifndef NO_PSK
1545 "-s ไบๅๅ
ฑๆ้ตใไฝฟ็จใใ\n", /* 16 */
1546#endif
1547 "-d ใใข็ขบ่ชใ็กๅนใจใใ\n", /* 17 */
1548 "-D ๆฅไปใจใฉใผ็จใณใผใซใใใฏไพใฎไธๆธใใ่กใ\n", /* 18 */
1549 "-e ๅฉ็จๅฏ่ฝใชๅ
จใฆใฎๆๅทในใคใผใใใชในใ, \n", /* 19 */
1550 "-g ใตใผใใผใธ HTTP GET ใ้ไฟก\n", /* 20 */
1551#ifdef WOLFSSL_DTLS
1552 "-u UDP DTLSใไฝฟ็จใใใ\n"
1553#ifndef WOLFSSL_DTLS13
1554 " -v 2 ใ่ฟฝๅ ๆๅฎใใใจDTLSv1, "
1555 "-v 3 ใ่ฟฝๅ ๆๅฎใใใจ DTLSv1.2 (ๆขๅฎๅค)\n", /* 21 */
1556#else
1557 " -v 2 ใ่ฟฝๅ ๆๅฎใใใจDTLSv1, "
1558 "-v 3 ใ่ฟฝๅ ๆๅฎใใใจ DTLSv1.2 (ๆขๅฎๅค),\n"
1559 " -v 4 ใ่ฟฝๅ ๆๅฎใใใจ DTLSv1.3\n", /* 21 */
1560#endif /* !WOLFSSL_DTLS13 */
1561#endif /* WOLFSSL_DTLS */
1562#ifdef WOLFSSL_SCTP
1563 "-G SCTP DTLSใไฝฟ็จใใใ-v 2 ใ่ฟฝๅ ๆๅฎใใใจ"
1564 " DTLSv1, -v 3 ใ่ฟฝๅ ๆๅฎใใใจ DTLSv1.2 (ๆขๅฎๅค)\n", /* 22 */
1565#endif
1566#ifndef NO_CERTS
1567 "-m ่จผๆๆธๅ
ใฎใใกใคใณๅไธ่ดใ็ขบ่ชใใ\n", /* 23 */
1568#endif
1569 "-N ใใณใใญใใญใณใฐใปใฝใฑใใใไฝฟ็จใใ\n", /* 24 */
1570#ifndef NO_SESSION_CACHE
1571 "-r ใปใใทใงใณใ็ถ็ถใใ\n", /* 25 */
1572#endif
1573 "-w ๅๆนๅใทใฃใใใใฆใณใๅพ
ใค\n", /* 26 */
1574 "-M <prot> STARTTLSใไฝฟ็จใใ, <prot>ใใญใใณใซ(smtp)ใ"
1575 "ไฝฟ็จใใ\n", /* 27 */
1576#ifdef HAVE_SECURE_RENEGOTIATION
1577 "-R ใปใญใฅใขใชๅใใดใทใจใผใทใงใณใ่จฑๅฏใใ\n", /* 28 */
1578 "-i <str> ใฏใฉใคใขใณใไธปๅฐใฎใใดใทใจใผใทใงใณใๅผทๅถใใ\n", /* 29 */
1579#endif
1580 "-f ใใๅฐใชใใใฑใใ/ใฐใซใผใใกใใปใผใธใไฝฟ็จใใ\n",/* 30 */
1581#if !defined(NO_CERTS) && !defined(WOLFSSL_NO_CLIENT_AUTH)
1582 "-x ใฏใฉใคใขใณใใฎ่จผๆๆธ/้ตใฎใญใผใใ็กๅนใใ\n", /* 31 */
1583#endif
1584 "-X ๅค้จใในใใปใฑใผในใซใใๅไฝใใ\n", /* 32 */
1585 "-j ใณใผใซใใใฏใปใชใผใใผใฉใคใใฎๆค่จผใไฝฟ็จใใ\n", /* 33 */
1586#ifdef SHOW_SIZES
1587 "-z ๆง้ ไฝใฎใตใคใบใ่กจ็คบใใ\n", /* 34 */
1588#endif
1589#ifdef HAVE_SNI
1590 "-S <str> ใในใๅ่กจ็คบใไฝฟ็จใใ\n", /* 35 */
1591#endif
1592#ifdef HAVE_MAX_FRAGMENT
1593 "-F <num> ๆๅคงใใฉใฐใกใณใ้ท[1-6]ใ่จญๅฎใใ\n", /* 36 */
1594#endif
1595#ifdef HAVE_TRUNCATED_HMAC
1596 "-T Truncated HMACใไฝฟ็จใใ\n", /* 37 */
1597#endif
1598#ifdef HAVE_EXTENDED_MASTER
1599 "-n ใในใฟใผใทใผใฏใฌใใๆกๅผตใ็กๅนใซใใ\n", /* 38 */
1600#endif
1601#ifdef HAVE_OCSP
1602 "-o OCSPใซใใฏใขใใใใใข่จผๆๆธใงๅฎๆฝใใ\n", /* 39 */
1603 "-O <url> OCSPใซใใฏใขใใใใ<url>ใไฝฟ็จใ"
1604 "ๅฟ็ญ่
ใจใใฆๅฎๆฝใใ\n", /* 40 */
1605#endif
1606#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
1607 || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
1608 "-W <num> OCSP Staplingใไฝฟ็จใใ"
1609 " (1 v1, 2 v2, 3 v2 multi)\n", /* 41 */
1610 " 'm' ใๆๅพใซๆๅฎใใใจๅฟ
ใ staple ใไฝฟ็จใใ\n" /* 42 */
1611#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TLS_OCSP_MULTI)
1612 " -W 1 -v 4, "
1613 "TLS13 ไฝฟ็จๆใซ่คๆฐ(Multi)ใฎ OCSP ใๅฎๆฝใใพใ\n" /* 43 */
1614#endif
1615#endif
1616#if defined(ATOMIC_USER) && !defined(WOLFSSL_AEAD_ONLY)
1617 "-U ใขใใใใฏใปใฆใผใถใผ่จ้ฒใฎ"
1618 "ใณใผใซใใใฏใๅฉ็จใใ\n", /* 44 */
1619#endif
1620#ifdef HAVE_PK_CALLBACKS
1621 "-P ๅ
ฌ้้ตใณใผใซใใใฏ\n", /* 45 */
1622#endif
1623#ifdef HAVE_ANON
1624 "-a ๅฟๅใฏใฉใคใขใณใ\n", /* 46 */
1625#endif
1626#ifdef HAVE_CRL
1627 "-C CRLใ็กๅน\n", /* 47 */
1628#endif
1629#ifdef WOLFSSL_TRUST_PEER_CERT
1630 "-E <file> ไฟก้ ผๅบๆฅใใใขใฎ่จผๆๆธใญใผใใฎ็บใฎใใน\n", /* 48 */
1631#endif
1632#ifdef HAVE_WNR
1633 "-q <file> Whitewood ใณใณใใฃใฐใใกใคใซ, ๆขๅฎๅค\n", /* 49 */
1634#endif
1635 "-H <arg> ๅ
้จใในใ"
1636 " [defCipherList, exitWithRet, verifyFail, useSupCurve,\n"
1637 " loadSSL, disallowETM]\n", /* 50 */
1638#ifdef WOLFSSL_TLS13
1639 "-J HelloRetryRequestใKEใฎใฐใซใผใ้ธๆใซไฝฟ็จใใ\n", /* 51 */
1640 "-K ้ตไบคๆใซPSKใไฝฟ็จใ(EC)DHEใฏไฝฟ็จใใชใ\n", /* 52 */
1641 "-I ใใผใฟ้ไฟกๅใซใ้ตใจIVใๆดๆฐใใ\n", /* 53 */
1642#ifndef NO_DH
1643 "-y FFDHEๅๅไปใใฐใซใผใใจใฎ้ตๅ
ฑๆใฎใฟ\n", /* 54 */
1644#endif
1645#ifdef HAVE_ECC
1646 "-Y ECCๅๅไปใใฐใซใผใใจใฎ้ตๅ
ฑๆใฎใฟ\n", /* 55 */
1647#endif
1648#endif /* WOLFSSL_TLS13 */
1649#ifdef HAVE_CURVE25519
1650 "-t X25519ใ้ตไบคๆใซไฝฟ็จใใ\n", /* 56 */
1651#endif
1652#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) && \
1653 !defined(WOLFSSL_NO_CLIENT_AUTH)
1654 "-Q ใในใใใณใใทใงใผใฏใฎ่จผๆ่ฆๆฑใใตใใผใใใ\n", /* 57 */
1655#endif
1656#ifdef WOLFSSL_EARLY_DATA
1657 "-0 Early data ใใตใผใใผใธ้ไฟกใใ"
1658 "๏ผ0-RTTใใณใใทใงใคใฏ๏ผ\n", /* 58 */
1659#endif
1660#ifdef WOLFSSL_MULTICAST
1661 "-3 <grpid> ใใซใใญใฃในใ, grpid < 256\n", /* 59 */
1662#endif
1663 "-1 <num> ๆๅฎใใใ่จ่ชใง็ตๆใ่กจ็คบใใพใใ\n"
1664 " 0: ่ฑ่ชใ 1: ๆฅๆฌ่ช\n", /* 60 */
1665#if !defined(NO_DH) && !defined(HAVE_FIPS) && \
1666 !defined(HAVE_SELFTEST) && !defined(WOLFSSL_OLD_PRIME_CHECK)
1667 "-2 DHใใฉใคใ ็ชๅทใใงใใฏใ็กๅนใซใใ\n", /* 61 */
1668#endif
1669#ifdef HAVE_SECURE_RENEGOTIATION
1670 "-4 ๅไบคๆธใซๅ้ใไฝฟ็จ\n", /* 62 */
1671#endif
1672#ifdef HAVE_TRUSTED_CA
1673 "-5 ไฟก้ ผใงใใ่ช่จผๅฑใฎ้ต่กจ็คบใไฝฟ็จใใ\n", /* 63 */
1674#endif
1675 "-6 WANT_WRITE ใจใฉใผใๅ
จใฆใฎIO ้ไฟกใงใทใใฅใฌใผใใใพใ\n", /* 64 */
1676#ifdef HAVE_CURVE448
1677 "-8 ้ตไบคๆใซ X448 ใไฝฟ็จใใ\n", /* 65 */
1678#endif
1679#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
1680 (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
1681 !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
1682 "-9 ่จผๆๆธใฎ่ชญใฟ่พผใฟใซ hash dir ๆฉ่ฝใไฝฟ็จใใ\n"
1683 " <wolfSSL home>/certs ใใฉใซใใผใใใญใผใใใพใ\n"
1684 " ใใฉใซใใผไธญใฎใใกใคใซใฏใ\"hash.N\"[N:0-9]ๅใงใใๅฟ
่ฆใใใใพใ\n"
1685 " ไปฅไธใฎไพใงใฏca-cert.pemใซใทใณใใชใใฏใชใณใฏใ่จญๅฎใใพใ\n"
1686 " ln -s ca-cert.pem `openssl x509 -in ca-cert.pem -hash -noout`.0\n",
1687 /* 66 */
1688#endif
1689#if defined(WOLFSSL_WOLFSENTRY_HOOKS) && !defined(NO_FILESYSTEM) && \
1690 !defined(WOLFSENTRY_NO_JSON)
1691 "--wolfsentry-config <file> wolfSentry ใณใณใใฃใฐใใกใคใซ\n",
1692 /* 67 */
1693#endif
1694#ifndef WOLFSSL_TLS13
1695 "-7 ๆๅฐใใฆใณใฐใฌใผใๅฏ่ฝใชใใญใใณใซใใผใธใงใณใ่จญๅฎใใพใ [0-3] "
1696 " SSLv3(0) - TLS1.2(3)\n",
1697#else
1698 "-7 ๆๅฐใใฆใณใฐใฌใผใๅฏ่ฝใชใใญใใณใซใใผใธใงใณใ่จญๅฎใใพใ [0-4] "
1699 " SSLv3(0) - TLS1.3(4)\n", /* 68 */
1700#endif
1701#ifdef WOLFSSL_HAVE_MLKEM
1702 "--pqc <alg> post-quantum ๅๅไปใใฐใซใผใใจใฎ้ตๅ
ฑๆใฎใฟ:\n"
1703#ifndef WOLFSSL_NO_ML_KEM
1704 " ML_KEM_512, ML_KEM_768, ML_KEM_1024,\n"
1705 " SecP256r1MLKEM512,\n"
1706 " SecP384r1MLKEM768,\n"
1707 " SecP521r1MLKEM1024,\n"
1708 " SecP256r1MLKEM768,\n"
1709 " SecP521r1MLKEM1024,\n"
1710 " SecP384r1MLKEM1024,\n"
1711 " X25519MLKEM512,\n"
1712 " X25519MLKEM768,\n"
1713 " X448MLKEM768\n"
1714#endif
1715#ifdef WOLFSSL_MLKEM_KYBER
1716 " KYBER_LEVEL1, KYBER_LEVEL3, KYBER_LEVEL5, "
1717 "P256_KYBER_LEVEL1,\n"
1718 " P384_KYBER_LEVEL3, P521_KYBER_LEVEL5\n"
1719#endif
1720 "",
1721 /* 69 */
1722#endif
1723#ifdef WOLFSSL_SRTP
1724 "--srtp <profile> (ใใใฉใซใใฏ SRTP_AES128_CM_SHA1_80)\n", /* 70 */
1725#endif
1726#ifdef WOLFSSL_SYS_CA_CERTS
1727 "--sys-ca-certs Load system CA certs for server cert verification\n", /* 71 */
1728#endif
1729#ifdef HAVE_SUPPORTED_CURVES
1730 "--onlyPskDheKe Must use DHE key exchange with PSK\n", /* 72 */
1731#endif
1732#ifndef NO_PSK
1733 "--openssl-psk Use TLS 1.3 PSK callback compatible with OpenSSL\n", /* 73 */
1734#endif
1735#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_CERT_WITH_EXTERN_PSK) && \
1736 !defined(NO_PSK)
1737 "--psk-with-certs Use TLS 1.3 PSK with certificates\n", /* 74 */
1738#endif
1739#ifdef HAVE_RPK
1740 "--rpk Use RPK for the defined certificates\n", /* 75 */
1741#endif
1742 "--files-are-der Specified files are in DER, not PEM format\n", /* 76 */
1743#ifdef WOLFSSL_SYS_CRYPTO_POLICY
1744 "--crypto-policy <path to crypto policy file>\n", /* 77 */
1745#endif
1746#ifdef HAVE_ECC_BRAINPOOL
1747 "--bpKs Use Brainpool ECC group for key share\n", /* 78 */
1748#endif
1749 "\n"
1750 "ใใ็ฐกๅใชwolfSSL TLS ใฏใฉใคใขใณใใฎไพใซใคใใฆใฏ"
1751 "ไธ่จใซใขใฏใปในใใฆใใ ใใ\n"
1752 "https://github.com/wolfSSL/wolfssl-examples/tree/master/tls\n", /* 79 */
1753 NULL,
1754 },
1755#endif
1756
1757};
1758
1759static void showPeerPEM(WOLFSSL* ssl)
1760{
1761#if defined(OPENSSL_EXTRA) && defined(KEEP_PEER_CERT) && !defined(NO_BIO) && \
1762 defined(WOLFSSL_CERT_GEN) && !defined(OPENSSL_COEXIST)
1763 WOLFSSL_X509* peer = wolfSSL_get_peer_certificate(ssl);
1764 if (peer) {
1765 WOLFSSL_BIO* bioOut = wolfSSL_BIO_new(wolfSSL_BIO_s_file());
1766 if (bioOut == NULL) {
1767 LOG_ERROR("failed to get bio on stdout\n");
1768 }
1769 else {
1770 if (wolfSSL_BIO_set_fp(bioOut, stdout, WOLFSSL_BIO_NOCLOSE)
1771 != WOLFSSL_SUCCESS) {
1772 LOG_ERROR("failed to set stdout to bio output\n");
1773 wolfSSL_BIO_free(bioOut);
1774 bioOut = NULL;
1775 }
1776 }
1777
1778 if (bioOut) {
1779 wolfSSL_BIO_write(bioOut, "---\nServer certificate\n",
1780 (int)XSTRLEN("---\nServer certificate\n"));
1781 wolfSSL_PEM_write_bio_X509(bioOut, peer);
1782 }
1783 wolfSSL_BIO_free(bioOut);
1784 }
1785 wolfSSL_FreeX509(peer);
1786#endif
1787 (void)ssl;
1788}
1789
1790
1791static void Usage(void)
1792{
1793 int msgid = 0;
1794 const char** msg = client_usage_msg[lng_index];
1795
1796 printf("%s%s%s", "wolfSSL client ", LIBWOLFSSL_VERSION_STRING,
1797 msg[msgid]);
1798
1799 /* print out so that scripts can know what the max supported key size is */
1800 printf("%s", msg[++msgid]);
1801#ifdef NO_RSA
1802 printf("%s", msg[++msgid]);
1803#elif defined(WOLFSSL_SP_MATH) /* case of SP math only */
1804 #ifndef WOLFSSL_SP_NO_3072
1805 printf("%s", msg[++msgid]);
1806 #elif !defined(WOLFSSL_SP_NO_2048)
1807 printf("%s", msg[++msgid]);
1808 #else
1809 printf("%s", msg[++msgid]);
1810 #endif
1811#elif defined(USE_FAST_MATH)
1812 #if !defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_SP_MATH)
1813 printf("%d\n", FP_MAX_BITS/2);
1814 #else
1815 printf("%d\n", SP_INT_MAX_BITS/2);
1816 #endif
1817#else
1818 /* normal math has unlimited max size */
1819 printf("%s", msg[++msgid]);
1820#endif
1821
1822 printf("%s", msg[++msgid]); /* ? */
1823 printf("%s %s\n", msg[++msgid], wolfSSLIP); /* -h */
1824 printf("%s %d\n", msg[++msgid], wolfSSLPort); /* -p */
1825#ifndef WOLFSSL_TLS13
1826 printf("%s %d\n", msg[++msgid], CLIENT_DEFAULT_VERSION); /* -v */
1827 printf("%s", msg[++msgid]); /* -V */
1828#else
1829 printf("%s %d\n", msg[++msgid], CLIENT_DEFAULT_VERSION); /* -v */
1830 printf("%s", msg[++msgid]); /* -V */
1831#endif
1832 printf("%s", msg[++msgid]); /* -l */
1833#ifndef NO_CERTS
1834#ifndef WOLFSSL_NO_CLIENT_AUTH
1835 printf("%s %s\n", msg[++msgid], cliCertFile); /* -c */
1836 printf("%s %s\n", msg[++msgid], cliKeyFile); /* -k */
1837#endif
1838 printf("%s %s\n", msg[++msgid], caCertFile); /* -A */
1839#endif
1840#ifndef NO_DH
1841 printf("%s %d\n", msg[++msgid], DEFAULT_MIN_DHKEY_BITS);
1842#endif
1843 printf("%s", msg[++msgid]); /* -b */
1844#ifdef HAVE_ALPN
1845 printf("%s", msg[++msgid]); /* -L <str> */
1846#endif
1847 printf("%s", msg[++msgid]); /* -B <num> */
1848#ifndef NO_PSK
1849 printf("%s", msg[++msgid]); /* -s */
1850#endif
1851 printf("%s", msg[++msgid]); /* -d */
1852 printf("%s", msg[++msgid]); /* -D */
1853 printf("%s", msg[++msgid]); /* -e */
1854 printf("%s", msg[++msgid]); /* -g */
1855#ifdef WOLFSSL_DTLS
1856 printf("%s", msg[++msgid]); /* -u */
1857#endif
1858#ifdef WOLFSSL_SCTP
1859 printf("%s", msg[++msgid]); /* -G */
1860#endif
1861#ifndef NO_CERTS
1862 printf("%s", msg[++msgid]); /* -m */
1863#endif
1864 printf("%s", msg[++msgid]); /* -N */
1865#ifndef NO_SESSION_CACHE
1866 printf("%s", msg[++msgid]); /* -r */
1867#endif
1868 printf("%s", msg[++msgid]); /* -w */
1869 printf("%s", msg[++msgid]); /* -M */
1870#ifdef HAVE_SECURE_RENEGOTIATION
1871 printf("%s", msg[++msgid]); /* -R */
1872 printf("%s", msg[++msgid]); /* -i */
1873#endif
1874 printf("%s", msg[++msgid]); /* -f */
1875#if !defined(NO_CERTS) && !defined(WOLFSSL_NO_CLIENT_AUTH)
1876 printf("%s", msg[++msgid]); /* -x */
1877#endif
1878 printf("%s", msg[++msgid]); /* -X */
1879 printf("%s", msg[++msgid]); /* -j */
1880#ifdef SHOW_SIZES
1881 printf("%s", msg[++msgid]); /* -z */
1882#endif
1883#ifdef HAVE_SNI
1884 printf("%s", msg[++msgid]); /* -S */
1885#endif
1886#ifdef HAVE_MAX_FRAGMENT
1887 printf("%s", msg[++msgid]); /* -F */
1888#endif
1889#ifdef HAVE_TRUNCATED_HMAC
1890 printf("%s", msg[++msgid]); /* -T */
1891#endif
1892#ifdef HAVE_EXTENDED_MASTER
1893 printf("%s", msg[++msgid]); /* -n */
1894#endif
1895#ifdef HAVE_OCSP
1896 printf("%s", msg[++msgid]); /* -o */
1897 printf("%s", msg[++msgid]); /* -O */
1898#endif
1899#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
1900 || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
1901 printf("%s", msg[++msgid]); /* -W */
1902 printf("%s", msg[++msgid]); /* note for -W */
1903#endif
1904#if defined(ATOMIC_USER) && !defined(WOLFSSL_AEAD_ONLY)
1905 printf("%s", msg[++msgid]); /* -U */
1906#endif
1907#ifdef HAVE_PK_CALLBACKS
1908 printf("%s", msg[++msgid]); /* -P */
1909#endif
1910#ifdef HAVE_ANON
1911 printf("%s", msg[++msgid]); /* -a */
1912#endif
1913#ifdef HAVE_CRL
1914 printf("%s", msg[++msgid]); /* -C */
1915#endif
1916#ifdef WOLFSSL_TRUST_PEER_CERT
1917 printf("%s", msg[++msgid]); /* -E */
1918#endif
1919#ifdef HAVE_WNR
1920 printf("%s %s\n", msg[++msgid], wnrConfig); /* -q */
1921#endif
1922 printf("%s", msg[++msgid]); /* -H */
1923 printf("%s", msg[++msgid]); /* more -H options */
1924#ifdef WOLFSSL_TLS13
1925 printf("%s", msg[++msgid]); /* -J */
1926 printf("%s", msg[++msgid]); /* -K */
1927 printf("%s", msg[++msgid]); /* -I */
1928#ifndef NO_DH
1929 printf("%s", msg[++msgid]); /* -y */
1930#endif
1931#ifdef HAVE_ECC
1932 printf("%s", msg[++msgid]); /* -Y */
1933#endif
1934#endif /* WOLFSSL_TLS13 */
1935#ifdef HAVE_CURVE25519
1936 printf("%s", msg[++msgid]); /* -t */
1937#endif
1938#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) && \
1939 !defined(WOLFSSL_NO_CLIENT_AUTH)
1940 printf("%s", msg[++msgid]); /* -Q */
1941#endif
1942#ifdef WOLFSSL_EARLY_DATA
1943 printf("%s", msg[++msgid]); /* -0 */
1944#endif
1945#ifdef WOLFSSL_MULTICAST
1946 printf("%s", msg[++msgid]); /* -3 */
1947#endif
1948 printf("%s", msg[++msgid]); /* -1 */
1949#if !defined(NO_DH) && !defined(HAVE_FIPS) && \
1950 !defined(HAVE_SELFTEST) && !defined(WOLFSSL_OLD_PRIME_CHECK)
1951 printf("%s", msg[++msgid]); /* -2 */
1952#endif
1953#ifdef HAVE_SECURE_RENEGOTIATION
1954 printf("%s", msg[++msgid]); /* -4 */
1955#endif
1956#ifdef HAVE_TRUSTED_CA
1957 printf("%s", msg[++msgid]); /* -5 */
1958#endif
1959 printf("%s", msg[++msgid]); /* -6 */
1960#ifdef HAVE_CURVE448
1961 printf("%s", msg[++msgid]); /* -8 */
1962#endif
1963#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
1964 (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
1965 !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
1966 printf("%s", msg[++msgid]); /* -9 */
1967#endif
1968#if defined(WOLFSSL_WOLFSENTRY_HOOKS) && !defined(NO_FILESYSTEM) && \
1969 !defined(WOLFSENTRY_NO_JSON)
1970 printf("%s", msg[++msgid]); /* --wolfsentry-config */
1971#endif
1972 printf("%s", msg[++msgid]); /* -7 */
1973#ifdef WOLFSSL_HAVE_MLKEM
1974 printf("%s", msg[++msgid]); /* --pqc */
1975#endif
1976#ifdef WOLFSSL_SRTP
1977 printf("%s", msg[++msgid]); /* dtls-srtp */
1978#endif
1979#ifdef WOLFSSL_SYS_CA_CERTS
1980 printf("%s", msg[++msgid]); /* --sys-ca-certs */
1981#endif
1982#ifdef HAVE_SUPPORTED_CURVES
1983 printf("%s", msg[++msgid]); /* --onlyPskDheKe */
1984#endif
1985#ifndef NO_PSK
1986 printf("%s", msg[++msgid]); /* --openssl-psk */
1987#endif
1988#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_CERT_WITH_EXTERN_PSK) && \
1989 !defined(NO_PSK)
1990 printf("%s", msg[++msgid]); /* --psk-with-certs */
1991#endif
1992#ifdef HAVE_RPK
1993 printf("%s", msg[++msgid]); /* --rpk */
1994#endif
1995#ifdef HAVE_ECC_BRAINPOOL
1996 printf("%s", msg[++msgid]); /* --bpKs */
1997#endif
1998#if defined(WOLFSSL_TLS13) && defined(HAVE_ECH)
1999 printf("%s", msg[++msgid]); /* --ech */
2000#endif
2001 printf("%s", msg[++msgid]); /* --files-are-der */
2002 printf("%s", msg[++msgid]); /* Documentation Hint */
2003}
2004
2005#ifdef WOLFSSL_SRTP
2006/**
2007 * client_srtp_test() - test that the computed ekm matches with the server one
2008 * @ssl: ssl context
2009 * @srtp_helper: srtp_test_helper struct shared with the server
2010 *
2011 * if @srtp_helper is NULL no check is made, but the ekm is printed.
2012 *
2013 * calls srtp_helper_get_ekm() to wait and then get the ekm computed by the
2014 * server, then check if it matches the one computed by itself.
2015 */
2016static int client_srtp_test(WOLFSSL *ssl, func_args *args)
2017{
2018 size_t srtp_secret_length;
2019 byte *srtp_secret, *p;
2020 int ret;
2021#ifdef WOLFSSL_COND
2022 srtp_test_helper *srtp_helper = args->srtp_helper;
2023 byte *other_secret = NULL;
2024 size_t other_size = 0;
2025#else
2026 (void)args;
2027#endif
2028
2029 ret = wolfSSL_export_dtls_srtp_keying_material(ssl, NULL,
2030 &srtp_secret_length);
2031 if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) {
2032 LOG_ERROR("DTLS SRTP: Error getting keying material length\n");
2033 return ret;
2034 }
2035
2036 srtp_secret = (byte*)XMALLOC(srtp_secret_length,
2037 NULL, DYNAMIC_TYPE_TMP_BUFFER);
2038 if (srtp_secret == NULL) {
2039 err_sys("DTLS SRTP: Low memory");
2040 }
2041
2042 ret = wolfSSL_export_dtls_srtp_keying_material(ssl, srtp_secret,
2043 &srtp_secret_length);
2044 if (ret != WOLFSSL_SUCCESS) {
2045 XFREE(srtp_secret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
2046 LOG_ERROR("DTLS SRTP: Error getting keying material\n");
2047 return ret;
2048 }
2049
2050 printf("DTLS SRTP: Exported key material: ");
2051 for (p = srtp_secret; p < srtp_secret + srtp_secret_length; p++)
2052 printf("%02X", *p);
2053 printf("\n");
2054
2055#ifdef WOLFSSL_COND
2056 if (srtp_helper != NULL) {
2057 srtp_helper_get_ekm(srtp_helper, &other_secret, &other_size);
2058
2059 if (other_size != srtp_secret_length ||
2060 (XMEMCMP(other_secret, srtp_secret, srtp_secret_length) != 0)) {
2061
2062 /* we are delegated from server to free this buffer */
2063 XFREE(other_secret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
2064 printf("DTLS SRTP: Exported Keying Material mismatch\n");
2065 return WOLFSSL_UNKNOWN;
2066 }
2067
2068 /* we are delegated from server to free this buffer */
2069 XFREE(other_secret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
2070 }
2071#endif /* WOLFSSL_COND */
2072
2073 XFREE(srtp_secret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
2074
2075 return 0;
2076}
2077#endif /* WOLFSSL_SRTP */
2078
2079#if defined(WOLFSSL_STATIC_MEMORY) && \
2080 defined(WOLFSSL_STATIC_MEMORY_DEBUG_CALLBACK)
2081static void ExampleDebugMemoryCb(size_t sz, int bucketSz, byte st, int type) {
2082 switch (st) {
2083 case WOLFSSL_DEBUG_MEMORY_ALLOC:
2084 if (type == DYNAMIC_TYPE_IN_BUFFER) {
2085 printf("IN BUFFER: ");
2086 }
2087
2088 if (type == DYNAMIC_TYPE_OUT_BUFFER) {
2089 printf("OUT BUFFER: ");
2090 }
2091
2092 printf("Alloc'd %d bytes using bucket size %d\n", (int)sz,
2093 bucketSz);
2094 break;
2095
2096 case WOLFSSL_DEBUG_MEMORY_FAIL:
2097 printf("Failed when trying to allocate %d bytes\n", (int)sz);
2098 break;
2099
2100 case WOLFSSL_DEBUG_MEMORY_FREE:
2101 printf("Free'ing : %d\n", (int)sz);
2102 break;
2103
2104 case WOLFSSL_DEBUG_MEMORY_INIT:
2105 printf("Creating memory bucket of size : %d\n", bucketSz);
2106 break;
2107 }
2108}
2109#endif
2110
2111
2112
2113THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
2114{
2115 SOCKET_T sockfd = WOLFSSL_SOCKET_INVALID;
2116
2117 wolfSSL_method_func method = NULL;
2118 WOLFSSL_CTX* ctx = NULL;
2119 WOLFSSL* ssl = NULL;
2120
2121#ifdef WOLFSSL_WOLFSENTRY_HOOKS
2122 wolfsentry_errcode_t wolfsentry_ret;
2123#endif
2124
2125 WOLFSSL* sslResume = NULL;
2126 WOLFSSL_SESSION* session = NULL;
2127#if !defined(NO_SESSION_CACHE) && (defined(OPENSSL_EXTRA) || \
2128 defined(HAVE_EXT_CACHE))
2129 byte* flatSession = NULL;
2130 int flatSessionSz = 0;
2131#endif
2132
2133 char msg[CLI_MSG_SZ];
2134 int msgSz = 0;
2135 char reply[CLI_REPLY_SZ];
2136
2137 word16 port = wolfSSLPort;
2138 char* host = (char*)wolfSSLIP;
2139 const char* domain = "localhost"; /* can't default to www.wolfssl.com
2140 because can't tell if we're really
2141 going there to detect old chacha-poly
2142 */
2143#ifndef WOLFSSL_VXWORKS
2144 int ch;
2145 static const struct mygetopt_long_config long_options[] = {
2146#if defined(WOLFSSL_WOLFSENTRY_HOOKS) && !defined(NO_FILESYSTEM) && \
2147 !defined(WOLFSENTRY_NO_JSON)
2148 { "wolfsentry-config", 1, 256 },
2149#endif
2150 { "help", 0, 257 },
2151#ifndef NO_MULTIBYTE_PRINT
2152 { "ใใซใ", 0, 258 },
2153#endif
2154#if defined(WOLFSSL_HAVE_MLKEM)
2155 { "pqc", 1, 259 },
2156#endif
2157#ifdef WOLFSSL_SRTP
2158 { "srtp", 2, 260 }, /* optional argument */
2159#endif
2160#ifdef WOLFSSL_DTLS13
2161 /* allow waitTicket option even when HAVE_SESSION_TICKET is 0. Otherwise
2162 * tests that use this option will ignore the options following
2163 * --waitTicket in the command line and fail */
2164 {"waitTicket", 0, 261},
2165#endif /* WOLFSSL_DTLS13 */
2166#ifdef WOLFSSL_DTLS_CID
2167 {"cid", 2, 262},
2168#endif /* WOLFSSL_DTLS_CID */
2169#ifdef WOLFSSL_SYS_CA_CERTS
2170 { "sys-ca-certs", 0, 263 },
2171#endif
2172#ifdef HAVE_SUPPORTED_CURVES
2173 { "onlyPskDheKe", 0, 264 },
2174#endif
2175#ifndef NO_PSK
2176 { "openssl-psk", 0, 265 },
2177#endif
2178 { "quieter", 0, 266 },
2179#ifdef HAVE_RPK
2180 { "rpk", 0, 267 },
2181#endif /* HAVE_RPK */
2182 { "files-are-der", 0, 268 },
2183#if defined(WOLFSSL_SYS_CRYPTO_POLICY)
2184 { "crypto-policy", 1, 269 },
2185#endif /* WOLFSSL_SYS_CRYPTO_POLICY */
2186#ifdef HAVE_ECC_BRAINPOOL
2187 { "bpKs", 0, 270 },
2188#endif
2189#if defined(WOLFSSL_TLS13) && defined(HAVE_ECH)
2190 { "ech", 1, 271 },
2191#endif
2192#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_CERT_WITH_EXTERN_PSK) && \
2193 !defined(NO_PSK)
2194 { "psk-with-certs", 0, 272 },
2195#endif
2196 { 0, 0, 0 }
2197 };
2198#endif
2199 int version = CLIENT_INVALID_VERSION;
2200 int minVersion = CLIENT_INVALID_VERSION;
2201 int usePsk = 0;
2202 int opensslPsk = 0;
2203 int usePskWithCerts = 0;
2204 int useAnon = 0;
2205 int sendGET = 0;
2206 int benchmark = 0;
2207 int block = TEST_BUFFER_SIZE;
2208 size_t throughput = 0;
2209 int doDTLS = 0;
2210 int dtlsUDP = 0;
2211#if (defined(WOLFSSL_SCTP) || defined(WOLFSSL_DTLS_MTU)) && \
2212 defined(WOLFSSL_DTLS)
2213 int dtlsMTU = 0;
2214#endif
2215 int dtlsSCTP = 0;
2216 int doMcast = 0;
2217 int matchName = 0;
2218 int doPeerCheck = 1;
2219 int nonBlocking = 0;
2220 int simulateWantWrite = 0;
2221 int resumeSession = 0;
2222 int wc_shutdown = 0;
2223 int disableCRL = 0;
2224 int externalTest = 0;
2225 int ret;
2226 int err = 0;
2227 int scr = 0; /* allow secure renegotiation */
2228 int forceScr = 0; /* force client initiated scr */
2229 int scrAppData = 0;
2230 int resumeScr = 0; /* use resumption for renegotiation */
2231#ifndef WOLFSSL_NO_CLIENT_AUTH
2232 int useClientCert = 1;
2233#else
2234 int useClientCert = 0;
2235#endif
2236 int fewerPackets = 0;
2237 int atomicUser = 0;
2238#ifdef HAVE_PK_CALLBACKS
2239 int pkCallbacks = 0;
2240 PkCbInfo pkCbInfo;
2241#endif
2242 int minDhKeyBits = DEFAULT_MIN_DHKEY_BITS;
2243 char* alpnList = NULL;
2244 unsigned char alpn_opt = 0;
2245 char* cipherList = NULL;
2246 int useDefCipherList = 0;
2247 int customVerifyCert = 0;
2248 const char* verifyCert;
2249 const char* ourCert;
2250 const char* ourKey;
2251
2252 int doSTARTTLS = 0;
2253 char* starttlsProt = NULL;
2254 int useVerifyCb = 0;
2255 int useSupCurve = 0;
2256
2257#ifdef WOLFSSL_TRUST_PEER_CERT
2258 const char* trustCert = NULL;
2259#endif
2260
2261#ifdef HAVE_SNI
2262 char* sniHostName = NULL;
2263#endif
2264#if defined(WOLFSSL_TLS13) && defined(HAVE_ECH)
2265 char* echConfigs64 = NULL;
2266#endif
2267#ifdef HAVE_TRUSTED_CA
2268 int trustedCaKeyId = 0;
2269#endif
2270#ifdef HAVE_MAX_FRAGMENT
2271 byte maxFragment = 0;
2272#endif
2273#ifdef HAVE_TRUNCATED_HMAC
2274 byte truncatedHMAC = 0;
2275#endif
2276#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
2277 || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
2278 byte statusRequest = 0;
2279 byte mustStaple = 0;
2280#endif
2281#ifdef HAVE_EXTENDED_MASTER
2282 byte disableExtMasterSecret = 0;
2283#endif
2284 int helloRetry = 0;
2285 int onlyKeyShare = 0;
2286#ifdef WOLFSSL_TLS13
2287 int noPskDheKe = 0;
2288#ifdef HAVE_SUPPORTED_CURVES
2289 int onlyPskDheKe = 0;
2290#endif
2291 int postHandAuth = 0;
2292#endif
2293 int updateKeysIVs = 0;
2294 int earlyData = 0;
2295#ifdef WOLFSSL_MULTICAST
2296 byte mcastID = 0;
2297#endif
2298#if !defined(NO_DH) && !defined(HAVE_FIPS) && \
2299 !defined(HAVE_SELFTEST) && !defined(WOLFSSL_OLD_PRIME_CHECK)
2300 int doDhKeyCheck = 1;
2301#endif
2302
2303#ifdef HAVE_OCSP
2304 int useOcsp = 0;
2305 char* ocspUrl = NULL;
2306#endif
2307 int useX25519 = 0;
2308 int useX448 = 0;
2309 int useBrainpool = 0;
2310 int usePqc = 0;
2311 char* pqcAlg = NULL;
2312 int exitWithRet = 0;
2313 int loadCertKeyIntoSSLObj = 0;
2314#ifdef WOLFSSL_SYS_CA_CERTS
2315 byte loadSysCaCerts = 0;
2316#endif
2317
2318#ifdef HAVE_ENCRYPT_THEN_MAC
2319 int disallowETM = 0;
2320#endif
2321
2322#ifdef HAVE_WNR
2323 const char* wnrConfigFile = wnrConfig;
2324#endif
2325#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
2326 (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
2327 !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
2328 int useCertFolder = 0;
2329#endif
2330#ifdef WOLFSSL_SRTP
2331 const char* dtlsSrtpProfiles = NULL;
2332#endif
2333
2334#ifdef HAVE_SESSION_TICKET
2335 int waitTicket = 0;
2336#endif /* HAVE_SESSION_TICKET */
2337#ifdef WOLFSSL_DTLS_CID
2338 int useDtlsCID = 0;
2339 char dtlsCID[DTLS_CID_BUFFER_SIZE] = { 0 };
2340#endif /* WOLFSSL_DTLS_CID */
2341#ifdef HAVE_RPK
2342 int useRPK = 0;
2343#endif /* HAVE_RPK */
2344#ifdef WOLFSSL_PEM_TO_DER
2345 int fileFormat = WOLFSSL_FILETYPE_PEM;
2346#else
2347 int fileFormat = WOLFSSL_FILETYPE_ASN1;
2348#endif
2349#if defined(WOLFSSL_SYS_CRYPTO_POLICY)
2350 const char * policy = NULL;
2351#endif /* WOLFSSL_SYS_CRYPTO_POLICY */
2352
2353
2354 char buffer[WOLFSSL_MAX_ERROR_SZ];
2355
2356 int argc = ((func_args*)args)->argc;
2357 char** argv = ((func_args*)args)->argv;
2358
2359
2360#ifdef WOLFSSL_STATIC_MEMORY
2361 #if (defined(HAVE_ECC) && !defined(ALT_ECC_SIZE)) || \
2362 defined(SESSION_CERTS) || defined(WOLFSSL_HAVE_MLKEM)
2363 /* big enough to handle most cases including session certs */
2364 byte memory[320000];
2365 #else
2366 byte memory[80000];
2367 #endif
2368 byte memoryIO[34500]; /* max for IO buffer (TLS packet can be 16k) */
2369 #if !defined(WOLFSSL_STATIC_MEMORY_LEAN)
2370 WOLFSSL_MEM_CONN_STATS ssl_stats;
2371 #if defined(DEBUG_WOLFSSL)
2372 WOLFSSL_MEM_STATS mem_stats;
2373 #endif
2374 #endif
2375 WOLFSSL_HEAP_HINT *heap = NULL;
2376#endif
2377
2378#ifdef WOLFSSL_DUAL_ALG_CERTS
2379 /* Set our preference for verification to be for both the native and
2380 * alternative chains. Ultimately, its the server's choice. This will be
2381 * used in the call to wolfSSL_UseCKS(). */
2382 byte cks_order[3] = {
2383 WOLFSSL_CKS_SIGSPEC_BOTH,
2384 WOLFSSL_CKS_SIGSPEC_ALTERNATIVE,
2385 WOLFSSL_CKS_SIGSPEC_NATIVE,
2386 };
2387#endif /* WOLFSSL_DUAL_ALG_CERTS */
2388
2389 ((func_args*)args)->return_code = -1; /* error state */
2390
2391#ifndef NO_RSA
2392 verifyCert = caCertFile;
2393 ourCert = cliCertFile;
2394 ourKey = cliKeyFile;
2395#else
2396 #ifdef HAVE_ECC
2397 verifyCert = caEccCertFile;
2398 ourCert = cliEccCertFile;
2399 ourKey = cliEccKeyFile;
2400 #elif defined(HAVE_ED25519)
2401 verifyCert = caEdCertFile;
2402 ourCert = cliEdCertFile;
2403 ourKey = cliEdKeyFile;
2404 #elif defined(HAVE_ED448)
2405 verifyCert = caEd448CertFile;
2406 ourCert = cliEd448CertFile;
2407 ourKey = cliEd448KeyFile;
2408 #else
2409 verifyCert = NULL;
2410 ourCert = NULL;
2411 ourKey = NULL;
2412 #endif
2413#endif
2414
2415 (void)session;
2416 (void)sslResume;
2417 (void)atomicUser;
2418 (void)scr;
2419 (void)forceScr;
2420 (void)scrAppData;
2421 (void)resumeScr;
2422 (void)ourKey;
2423 (void)ourCert;
2424 (void)verifyCert;
2425 (void)useClientCert;
2426 (void)disableCRL;
2427 (void)minDhKeyBits;
2428 (void)alpnList;
2429 (void)alpn_opt;
2430 (void)updateKeysIVs;
2431 (void)earlyData;
2432 (void)useX25519;
2433 (void)useX448;
2434 (void)useBrainpool;
2435 (void)helloRetry;
2436 (void)onlyKeyShare;
2437 (void)useSupCurve;
2438 (void)loadCertKeyIntoSSLObj;
2439 (void)usePqc;
2440 (void)pqcAlg;
2441 (void)opensslPsk;
2442 (void)fileFormat;
2443 (void)usePskWithCerts;
2444 StackTrap();
2445
2446 /* Reinitialize the global myVerifyAction. */
2447 myVerifyAction = VERIFY_OVERRIDE_ERROR;
2448
2449#ifndef WOLFSSL_VXWORKS
2450 /* Not used: All used */
2451 while ((ch = mygetopt_long(argc, argv, "?:"
2452 "ab:c:defgh:i;jk:l:mnop:q:rstu;v:wxyz"
2453 "A:B:CDE:F:GH:IJKL:M:NO:PQRS:TUVW:XYZ:"
2454 "01:23:4567:89"
2455 "@#", long_options, 0)) != -1) {
2456 switch (ch) {
2457 case '?' :
2458 if(myoptarg!=NULL) {
2459 lng_index = atoi(myoptarg);
2460 if(lng_index<0||lng_index>1){
2461 lng_index = 0;
2462 }
2463 }
2464 Usage();
2465 XEXIT_T(EXIT_SUCCESS);
2466
2467 case 257 :
2468 lng_index = 0;
2469 Usage();
2470 XEXIT_T(EXIT_SUCCESS);
2471
2472 case 258 :
2473 lng_index = 1;
2474 Usage();
2475 XEXIT_T(EXIT_SUCCESS);
2476
2477 case 'g' :
2478 sendGET = 1;
2479 break;
2480
2481 case 'd' :
2482 doPeerCheck = 0;
2483 break;
2484
2485 case 'e' :
2486 ShowCiphers();
2487 XEXIT_T(EXIT_SUCCESS);
2488
2489 case 'D' :
2490 myVerifyAction = VERIFY_OVERRIDE_DATE_ERR;
2491 break;
2492
2493 case 'C' :
2494 #ifdef HAVE_CRL
2495 disableCRL = 1;
2496 #endif
2497 break;
2498
2499 case 'u' :
2500 doDTLS = 1;
2501 dtlsUDP = 1;
2502 #if (defined(WOLFSSL_SCTP) || defined(WOLFSSL_DTLS_MTU)) && \
2503 defined(WOLFSSL_DTLS)
2504 dtlsMTU = atoi(myoptarg);
2505 #endif
2506 break;
2507
2508 #ifdef WOLFSSL_SRTP
2509 case 260:
2510 doDTLS = 1;
2511 dtlsUDP = 1;
2512 dtlsSrtpProfiles = myoptarg != NULL ? myoptarg :
2513 "SRTP_AES128_CM_SHA1_80";
2514 printf("Using SRTP Profile(s): %s\n", dtlsSrtpProfiles);
2515 break;
2516 #endif
2517
2518#ifdef WOLFSSL_DTLS13
2519 case 261:
2520#ifdef HAVE_SESSION_TICKET
2521 waitTicket = 1;
2522#endif /* HAVE_SESSION_TICKET */
2523 break;
2524#endif /* WOLFSSL_DTLS13 */
2525#ifdef WOLFSSL_DTLS_CID
2526 case 262:
2527 useDtlsCID = 1;
2528 if (myoptarg != NULL) {
2529 if (XSTRLEN(myoptarg) >= DTLS_CID_BUFFER_SIZE) {
2530 err_sys("provided connection ID is too big");
2531 }
2532 else {
2533 XSTRLCPY(dtlsCID, myoptarg, DTLS_CID_BUFFER_SIZE);
2534 }
2535 }
2536 break;
2537#endif /* WOLFSSL_CID */
2538 case 'G' :
2539 #ifdef WOLFSSL_SCTP
2540 doDTLS = 1;
2541 dtlsUDP = 1;
2542 dtlsSCTP = 1;
2543 #endif
2544 break;
2545
2546 case 's' :
2547 usePsk = 1;
2548 break;
2549
2550 #ifdef WOLFSSL_TRUST_PEER_CERT
2551 case 'E' :
2552 trustCert = myoptarg;
2553 break;
2554 #endif
2555
2556 case 'm' :
2557 matchName = 1;
2558 break;
2559
2560 case 'x' :
2561 useClientCert = 0;
2562 break;
2563
2564 case 'X' :
2565 externalTest = 1;
2566 break;
2567
2568 case 'f' :
2569 fewerPackets = 1;
2570 break;
2571
2572 case 'U' :
2573 #if defined(ATOMIC_USER) && !defined(WOLFSSL_AEAD_ONLY)
2574 atomicUser = 1;
2575 #endif
2576 break;
2577
2578 case 'P' :
2579 #ifdef HAVE_PK_CALLBACKS
2580 pkCallbacks = 1;
2581 #endif
2582 break;
2583
2584 case 'h' :
2585 host = myoptarg;
2586 domain = myoptarg;
2587 break;
2588
2589 case 'p' :
2590 port = (word16)atoi(myoptarg);
2591 #if !defined(NO_MAIN_DRIVER) || defined(USE_WINDOWS_API)
2592 if (port == 0)
2593 err_sys("port number cannot be 0");
2594 #endif
2595 break;
2596
2597 case 'v' :
2598 if (myoptarg[0] == 'd') {
2599 version = CLIENT_DOWNGRADE_VERSION;
2600 break;
2601 }
2602 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
2603 else if (myoptarg[0] == 'e') {
2604 version = EITHER_DOWNGRADE_VERSION;
2605 #ifndef NO_CERTS
2606 loadCertKeyIntoSSLObj = 1;
2607 #endif
2608 break;
2609 }
2610 #endif
2611 version = atoi(myoptarg);
2612 if (version < 0 || version > 4) {
2613 Usage();
2614 XEXIT_T(MY_EX_USAGE);
2615 }
2616 break;
2617
2618 case 'V' :
2619 ShowVersions();
2620 XEXIT_T(EXIT_SUCCESS);
2621
2622 case 'l' :
2623 cipherList = myoptarg;
2624 break;
2625
2626 case 'H' :
2627 if (XSTRCMP(myoptarg, "defCipherList") == 0) {
2628 printf("Using default cipher list for testing\n");
2629 useDefCipherList = 1;
2630 }
2631 else if (XSTRCMP(myoptarg, "exitWithRet") == 0) {
2632 printf("Skip exit() for testing\n");
2633 exitWithRet = 1;
2634 }
2635 else if (XSTRCMP(myoptarg, "verifyFail") == 0) {
2636 printf("Verify should fail\n");
2637 myVerifyAction = VERIFY_FORCE_FAIL;
2638 }
2639 else if (XSTRCMP(myoptarg, "verifyInfo") == 0) {
2640 printf("Verify should not override error\n");
2641 myVerifyAction = VERIFY_USE_PREVERIFY;
2642 }
2643 else if (XSTRCMP(myoptarg, "useSupCurve") == 0) {
2644 printf("Attempting to test use supported curve\n");
2645 #if defined(HAVE_ECC) && defined(HAVE_SUPPORTED_CURVES)
2646 useSupCurve = 1;
2647 #else
2648 printf("Supported curves not compiled in!\n");
2649 #endif
2650 }
2651 else if (XSTRCMP(myoptarg, "loadSSL") == 0) {
2652 printf("Load cert/key into wolfSSL object\n");
2653 #ifndef NO_CERTS
2654 loadCertKeyIntoSSLObj = 1;
2655 #else
2656 printf("Certs turned off with NO_CERTS!\n");
2657 #endif
2658 }
2659 else if (XSTRCMP(myoptarg, "disallowETM") == 0) {
2660 printf("Disallow Encrypt-Then-MAC\n");
2661 #ifdef HAVE_ENCRYPT_THEN_MAC
2662 disallowETM = 1;
2663 #endif
2664 }
2665 else {
2666 Usage();
2667 XEXIT_T(MY_EX_USAGE);
2668 }
2669 break;
2670
2671 case 'A' :
2672 customVerifyCert = 1;
2673 verifyCert = myoptarg;
2674 break;
2675
2676 case 'c' :
2677 ourCert = myoptarg;
2678 break;
2679
2680 case 'k' :
2681 ourKey = myoptarg;
2682 break;
2683
2684 case 'Z' :
2685 #ifndef NO_DH
2686 minDhKeyBits = atoi(myoptarg);
2687 if (minDhKeyBits <= 0 || minDhKeyBits > 16000) {
2688 Usage();
2689 XEXIT_T(MY_EX_USAGE);
2690 }
2691 #endif
2692 break;
2693
2694 case 'b' :
2695 benchmark = atoi(myoptarg);
2696 if (benchmark < 0 || benchmark > 1000000) {
2697 Usage();
2698 XEXIT_T(MY_EX_USAGE);
2699 }
2700 break;
2701
2702 case 'B' :
2703 throughput = (size_t)atol(myoptarg);
2704 for (; *myoptarg != '\0'; myoptarg++) {
2705 if (*myoptarg == ',') {
2706 block = atoi(myoptarg + 1);
2707 break;
2708 }
2709 }
2710 if (throughput == 0 || block <= 0) {
2711 Usage();
2712 XEXIT_T(MY_EX_USAGE);
2713 }
2714 break;
2715
2716 case 'N' :
2717 nonBlocking = 1;
2718 break;
2719
2720 case 'r' :
2721 resumeSession = 1;
2722 break;
2723
2724 case 'w' :
2725 wc_shutdown = 1;
2726 break;
2727
2728 case 'R' :
2729 #ifdef HAVE_SECURE_RENEGOTIATION
2730 scr = 1;
2731 #endif
2732 break;
2733
2734 case 'i' :
2735 #ifdef HAVE_SECURE_RENEGOTIATION
2736 scr = 1;
2737 forceScr = 1;
2738 if (XSTRCMP(myoptarg, "scr-app-data") == 0) {
2739 scrAppData = 1;
2740 }
2741 #endif
2742 break;
2743
2744 case 'z' :
2745 #ifndef WOLFSSL_LEANPSK
2746 wolfSSL_GetObjectSize();
2747 #endif
2748 break;
2749
2750 case 'S' :
2751 if (XSTRCMP(myoptarg, "check") == 0) {
2752 #ifdef HAVE_SNI
2753 printf("SNI is: ON\n");
2754 #else
2755 printf("SNI is: OFF\n");
2756 #endif
2757 XEXIT_T(EXIT_SUCCESS);
2758 }
2759 #ifdef HAVE_SNI
2760 sniHostName = myoptarg;
2761 #endif
2762 break;
2763
2764 case 'F' :
2765 #ifdef HAVE_MAX_FRAGMENT
2766 maxFragment = (byte)atoi(myoptarg);
2767 if (maxFragment < WOLFSSL_MFL_MIN ||
2768 maxFragment > WOLFSSL_MFL_MAX) {
2769 Usage();
2770 XEXIT_T(MY_EX_USAGE);
2771 }
2772 #endif
2773 break;
2774
2775 case 'T' :
2776 #ifdef HAVE_TRUNCATED_HMAC
2777 truncatedHMAC = 1;
2778 #endif
2779 break;
2780
2781 case 'n' :
2782 #ifdef HAVE_EXTENDED_MASTER
2783 disableExtMasterSecret = 1;
2784 #endif
2785 break;
2786
2787 case 'W' :
2788 #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
2789 || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
2790 {
2791 word32 myoptargSz;
2792
2793 statusRequest = (byte)atoi(myoptarg);
2794 if (statusRequest > OCSP_STAPLING_OPT_MAX) {
2795 Usage();
2796 XEXIT_T(MY_EX_USAGE);
2797 }
2798
2799 myoptargSz = (word32)XSTRLEN(myoptarg);
2800 if (myoptargSz > 0 &&
2801 XTOUPPER((unsigned char)myoptarg[myoptargSz-1]) == 'M') {
2802 mustStaple = 1;
2803 }
2804 }
2805 #endif
2806 break;
2807
2808 case 'o' :
2809 #ifdef HAVE_OCSP
2810 useOcsp = 1;
2811 #endif
2812 break;
2813
2814 case 'O' :
2815 #ifdef HAVE_OCSP
2816 useOcsp = 1;
2817 ocspUrl = myoptarg;
2818 #endif
2819 break;
2820
2821 case 'a' :
2822 #ifdef HAVE_ANON
2823 useAnon = 1;
2824 #endif
2825 break;
2826
2827 case 'L' :
2828 #ifdef HAVE_ALPN
2829 alpnList = myoptarg;
2830
2831 if (alpnList[0] == 'C' && alpnList[1] == ':')
2832 alpn_opt = WOLFSSL_ALPN_CONTINUE_ON_MISMATCH;
2833 else if (alpnList[0] == 'F' && alpnList[1] == ':')
2834 alpn_opt = WOLFSSL_ALPN_FAILED_ON_MISMATCH;
2835 else {
2836 Usage();
2837 XEXIT_T(MY_EX_USAGE);
2838 }
2839
2840 alpnList += 2;
2841
2842 #endif
2843 break;
2844
2845 case 'M' :
2846 doSTARTTLS = 1;
2847 starttlsProt = myoptarg;
2848
2849 if (XSTRCMP(starttlsProt, "smtp") != 0) {
2850 Usage();
2851 XEXIT_T(MY_EX_USAGE);
2852 }
2853
2854 break;
2855
2856 case 'q' :
2857 #ifdef HAVE_WNR
2858 wnrConfigFile = myoptarg;
2859 #endif
2860 break;
2861
2862 case 'J' :
2863 #ifdef WOLFSSL_TLS13
2864 helloRetry = 1;
2865 #endif
2866 break;
2867
2868 case 'K' :
2869 #ifdef WOLFSSL_TLS13
2870 noPskDheKe = 1;
2871 #endif
2872 break;
2873
2874 case 'I' :
2875 #ifdef WOLFSSL_TLS13
2876 updateKeysIVs = 1;
2877 #endif
2878 break;
2879
2880 case 'y' :
2881 #if defined(WOLFSSL_TLS13) && \
2882 defined(HAVE_SUPPORTED_CURVES) && !defined(NO_DH)
2883 onlyKeyShare = 1;
2884 #endif
2885 break;
2886
2887 case 'Y' :
2888 #if defined(WOLFSSL_TLS13) && \
2889 defined(HAVE_SUPPORTED_CURVES) && defined(HAVE_ECC)
2890 onlyKeyShare = 2;
2891 #endif
2892 break;
2893
2894 case 'j' :
2895 useVerifyCb = 1;
2896 break;
2897
2898 case 't' :
2899 #ifdef HAVE_CURVE25519
2900 useX25519 = 1;
2901 #ifdef HAVE_ECC
2902 useSupCurve = 1;
2903 #if defined(WOLFSSL_TLS13) && \
2904 defined(HAVE_SUPPORTED_CURVES)
2905 onlyKeyShare = 2;
2906 #endif
2907 #endif
2908 #endif
2909 break;
2910
2911 case 'Q' :
2912 #if defined(WOLFSSL_TLS13) && \
2913 defined(WOLFSSL_POST_HANDSHAKE_AUTH) && \
2914 !defined(WOLFSSL_NO_CLIENT_AUTH)
2915 postHandAuth = 1;
2916 #endif
2917 break;
2918
2919 case '0' :
2920 #ifdef WOLFSSL_EARLY_DATA
2921 earlyData = 1;
2922 #endif
2923 break;
2924
2925 case '1' :
2926 lng_index = atoi(myoptarg);
2927 if(lng_index<0||lng_index>1){
2928 lng_index = 0;
2929 }
2930 break;
2931
2932 case '2' :
2933 #if !defined(NO_DH) && !defined(HAVE_FIPS) && \
2934 !defined(HAVE_SELFTEST) && !defined(WOLFSSL_OLD_PRIME_CHECK)
2935 doDhKeyCheck = 0;
2936 #endif
2937 break;
2938
2939 case '3' :
2940 #ifdef WOLFSSL_MULTICAST
2941 doMcast = 1;
2942 mcastID = (byte)(atoi(myoptarg) & 0xFF);
2943 #endif
2944 break;
2945
2946 case '4' :
2947 #ifdef HAVE_SECURE_RENEGOTIATION
2948 scr = 1;
2949 forceScr = 1;
2950 resumeScr = 1;
2951 #endif
2952 break;
2953
2954 case '5' :
2955 #ifdef HAVE_TRUSTED_CA
2956 trustedCaKeyId = 1;
2957 #endif /* HAVE_TRUSTED_CA */
2958 break;
2959
2960 case '6' :
2961#ifdef WOLFSSL_ASYNC_IO
2962 nonBlocking = 1;
2963 simulateWantWrite = 1;
2964#else
2965 LOG_ERROR("Ignoring -6 since async I/O support not "
2966 "compiled in.\n");
2967#endif
2968 break;
2969
2970 case '7' :
2971 minVersion = atoi(myoptarg);
2972 if (minVersion < 0 || minVersion > 4) {
2973 Usage();
2974 XEXIT_T(MY_EX_USAGE);
2975 }
2976 break;
2977
2978 case '8' :
2979 #ifdef HAVE_CURVE448
2980 useX448 = 1;
2981 #ifdef HAVE_ECC
2982 useSupCurve = 1;
2983 #if defined(WOLFSSL_TLS13) && \
2984 defined(HAVE_SUPPORTED_CURVES)
2985 onlyKeyShare = 2;
2986 #endif
2987 #endif
2988 #endif
2989 break;
2990 case '9' :
2991#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
2992 (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
2993 !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
2994 useCertFolder = 1;
2995#endif
2996 break;
2997 case '@' :
2998 {
2999#ifdef HAVE_WC_INTROSPECTION
3000 const char *conf_args = wolfSSL_configure_args();
3001 if (conf_args) {
3002 puts(conf_args);
3003 XEXIT_T(EXIT_SUCCESS);
3004 } else {
3005 fputs("configure args not compiled in.\n",stderr);
3006 XEXIT_T(MY_EX_USAGE);
3007 }
3008#else
3009 fputs("compiled without BUILD_INTROSPECTION.\n",stderr);
3010 XEXIT_T(MY_EX_USAGE);
3011#endif
3012 }
3013
3014 case '#' :
3015 {
3016#ifdef HAVE_WC_INTROSPECTION
3017 const char *cflags = wolfSSL_global_cflags();
3018 if (cflags) {
3019 puts(cflags);
3020 XEXIT_T(EXIT_SUCCESS);
3021 } else {
3022 fputs("CFLAGS not compiled in.\n",stderr);
3023 XEXIT_T(MY_EX_USAGE);
3024 }
3025#else
3026 fputs("compiled without BUILD_INTROSPECTION.\n",stderr);
3027 XEXIT_T(MY_EX_USAGE);
3028#endif
3029 }
3030
3031#ifdef WOLFSSL_WOLFSENTRY_HOOKS
3032 case 256:
3033#if !defined(NO_FILESYSTEM) && !defined(WOLFSENTRY_NO_JSON)
3034 wolfsentry_config_path = myoptarg;
3035#endif
3036 break;
3037#endif
3038
3039#if defined(WOLFSSL_HAVE_MLKEM)
3040 case 259:
3041 {
3042 usePqc = 1;
3043 #if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES)
3044 onlyKeyShare = 3;
3045 #endif
3046 pqcAlg = myoptarg;
3047 }
3048 break;
3049#endif
3050#ifdef WOLFSSL_SYS_CA_CERTS
3051 case 263:
3052 loadSysCaCerts = 1;
3053 break;
3054#endif
3055 case 264:
3056#ifdef HAVE_SUPPORTED_CURVES
3057 #ifdef WOLFSSL_TLS13
3058 onlyPskDheKe = 1;
3059 #endif
3060#endif
3061 break;
3062 case 265:
3063#ifndef NO_PSK
3064 opensslPsk = 1;
3065#endif
3066 break;
3067 case 266:
3068 quieter = 1;
3069 break;
3070 case 267:
3071#ifdef HAVE_RPK
3072 useRPK = 1;
3073#endif /* HAVE_RPK */
3074 break;
3075 case 268:
3076#ifndef NO_CERTS
3077 fileFormat = WOLFSSL_FILETYPE_ASN1;
3078#endif
3079 break;
3080 case 269:
3081#if defined(WOLFSSL_SYS_CRYPTO_POLICY)
3082 policy = myoptarg;
3083#endif /* WOLFSSL_SYS_CRYPTO_POLICY */
3084 break;
3085#ifdef HAVE_ECC_BRAINPOOL
3086 case 270:
3087 useBrainpool = 1;
3088 #if defined(HAVE_ECC) && defined(WOLFSSL_TLS13) && \
3089 defined(HAVE_SUPPORTED_CURVES)
3090 onlyKeyShare = 2;
3091 #endif
3092 break;
3093#endif
3094#if defined(WOLFSSL_TLS13) && defined(HAVE_ECH)
3095 case 271:
3096 echConfigs64 = myoptarg;
3097 break;
3098#endif
3099#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_CERT_WITH_EXTERN_PSK) && \
3100 !defined(NO_PSK)
3101 case 272:
3102 usePskWithCerts = 1;
3103 break;
3104#endif
3105
3106 default:
3107 Usage();
3108 XEXIT_T(MY_EX_USAGE);
3109 }
3110 }
3111
3112 myoptind = 0; /* reset for test cases */
3113#endif /* !WOLFSSL_VXWORKS */
3114
3115#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_CERT_WITH_EXTERN_PSK) && \
3116 !defined(NO_PSK)
3117 if (usePskWithCerts) {
3118 usePsk = 1;
3119 if (noPskDheKe) {
3120 LOG_ERROR("--psk-with-certs requires PSK key exchange with (EC)DHE");
3121 Usage();
3122 XEXIT_T(MY_EX_USAGE);
3123 }
3124 }
3125#endif
3126
3127 if (externalTest) {
3128 /* detect build cases that wouldn't allow test against wolfssl.com */
3129 int done = 0;
3130
3131 #ifdef NO_RSA
3132 done += 1; /* require RSA for external tests */
3133 #endif
3134
3135 if (!XSTRCMP(domain, "www.globalsign.com")) {
3136 /* www.globalsign.com does not respond to ipv6 ocsp requests */
3137 #if defined(TEST_IPV6) && defined(HAVE_OCSP)
3138 done += 1;
3139 #endif
3140
3141 /* www.globalsign.com has limited supported cipher suites */
3142 #if defined(NO_AES) && defined(HAVE_OCSP)
3143 done += 1;
3144 #endif
3145
3146 /* www.globalsign.com only supports static RSA or ECDHE with AES */
3147 /* We cannot expect users to have on static RSA so test for ECC only
3148 * as some users will most likely be on 32-bit systems where ECC
3149 * is not enabled by default */
3150 #if defined(HAVE_OCSP) && !defined(HAVE_ECC)
3151 done += 1;
3152 #endif
3153 }
3154
3155 #ifndef NO_PSK
3156 if (usePsk) {
3157 done += 1; /* don't perform external tests if PSK is enabled */
3158 }
3159 #endif
3160
3161 #ifdef NO_SHA
3162 done += 1; /* external cert chain most likely has SHA */
3163 #endif
3164
3165 #if !defined(HAVE_ECC) && !defined(WOLFSSL_STATIC_RSA) \
3166 || ( defined(HAVE_ECC) && !defined(HAVE_SUPPORTED_CURVES) \
3167 && !defined(WOLFSSL_STATIC_RSA) )
3168 /* google needs ECDHE+Supported Curves or static RSA */
3169 if (!XSTRCASECMP(domain, "www.google.com"))
3170 done += 1;
3171 #endif
3172
3173 #if !defined(HAVE_ECC) && !defined(WOLFSSL_STATIC_RSA)
3174 /* wolfssl needs ECDHE or static RSA */
3175 if (!XSTRCASECMP(domain, "www.wolfssl.com"))
3176 done += 1;
3177 #endif
3178
3179 #if !defined(WOLFSSL_SHA384)
3180 if (!XSTRCASECMP(domain, "www.wolfssl.com")) {
3181 /* wolfssl need sha384 for cert chain verify */
3182 done += 1;
3183 }
3184 #endif
3185
3186 #if !defined(HAVE_AESGCM) && defined(NO_AES) && \
3187 !(defined(HAVE_CHACHA) && defined(HAVE_POLY1305))
3188 /* need at least one of these for external tests */
3189 done += 1;
3190 #endif
3191
3192 /* For the external test, if we disable AES, GoDaddy will reject the
3193 * connection. They only currently support AES suites, RC4 and 3DES
3194 * suites. With AES disabled we only offer PolyChacha suites. */
3195 #if defined(NO_AES) && !defined(HAVE_AESGCM)
3196 if (!XSTRCASECMP(domain, "www.wolfssl.com")) {
3197 done += 1;
3198 }
3199 #endif
3200
3201 if (done) {
3202 LOG_ERROR("external test can't be run in this mode\n");
3203
3204 ((func_args*)args)->return_code = 0;
3205 XEXIT_T(EXIT_SUCCESS);
3206 }
3207 }
3208
3209 /* sort out DTLS versus TLS versions */
3210 if (version == CLIENT_INVALID_VERSION) {
3211 if (doDTLS)
3212 version = CLIENT_DTLS_DEFAULT_VERSION;
3213 else
3214 version = CLIENT_DEFAULT_VERSION;
3215 }
3216 else {
3217 if (doDTLS) {
3218 if (version == 3) {
3219 version = -2;
3220 }
3221 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
3222 else if (version == EITHER_DOWNGRADE_VERSION) {
3223 version = -3;
3224 }
3225 #endif
3226 else if (version == 4) {
3227#ifdef WOLFSSL_DTLS13
3228 version = -4;
3229#else
3230 err_sys("Bad DTLS version");
3231#endif /* WOLFSSL_DTLS13 */
3232 }
3233 else if (version == 2)
3234 version = -1;
3235 }
3236 }
3237
3238#ifndef HAVE_SESSION_TICKET
3239 if ((version >= 4) && resumeSession) {
3240 LOG_ERROR("Can't do TLS 1.3 resumption; need session tickets!\n");
3241 }
3242#endif
3243
3244#ifdef HAVE_WNR
3245 if (wc_InitNetRandom(wnrConfigFile, NULL, 5000) != 0)
3246 err_sys("can't load whitewood net random config file");
3247#endif
3248
3249#ifdef WOLFSSL_HAVE_MLKEM
3250 if (usePqc) {
3251 if (version == CLIENT_DOWNGRADE_VERSION ||
3252 version == EITHER_DOWNGRADE_VERSION)
3253 LOG_ERROR(
3254 "WARNING: If a TLS 1.3 connection is not negotiated, you "
3255 "will not be using a post-quantum group.\n");
3256 else if (version != 4 && version != -4)
3257 err_sys("can only use post-quantum groups with TLS 1.3 or DTLS 1.3");
3258 }
3259#endif
3260
3261 switch (version) {
3262#ifndef NO_OLD_TLS
3263 #ifdef WOLFSSL_ALLOW_SSLV3
3264 case 0:
3265 method = wolfSSLv3_client_method_ex;
3266 break;
3267 #endif
3268
3269 #ifndef NO_TLS
3270 #ifdef WOLFSSL_ALLOW_TLSV10
3271 case 1:
3272 method = wolfTLSv1_client_method_ex;
3273 break;
3274 #endif
3275
3276 case 2:
3277 method = wolfTLSv1_1_client_method_ex;
3278 break;
3279 #endif /* !NO_TLS */
3280#endif /* !NO_OLD_TLS */
3281
3282#ifndef NO_TLS
3283 #ifndef WOLFSSL_NO_TLS12
3284 case 3:
3285 method = wolfTLSv1_2_client_method_ex;
3286 break;
3287 #endif
3288
3289 #ifdef WOLFSSL_TLS13
3290 case 4:
3291 method = wolfTLSv1_3_client_method_ex;
3292 break;
3293 #endif
3294
3295 case CLIENT_DOWNGRADE_VERSION:
3296 if (!doDTLS) {
3297 method = wolfSSLv23_client_method_ex;
3298 }
3299 else {
3300#ifdef WOLFSSL_DTLS
3301 method = wolfDTLS_client_method_ex;
3302#else
3303 err_sys("version not supported");
3304#endif /* WOLFSSL_DTLS */
3305 }
3306 break;
3307 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
3308 case EITHER_DOWNGRADE_VERSION:
3309 method = wolfSSLv23_method_ex;
3310 break;
3311 #endif
3312#endif /* NO_TLS */
3313
3314#ifdef WOLFSSL_DTLS
3315 #ifndef NO_OLD_TLS
3316 case -1:
3317 method = wolfDTLSv1_client_method_ex;
3318 break;
3319 #endif
3320
3321 #ifndef WOLFSSL_NO_TLS12
3322 case -2:
3323 method = wolfDTLSv1_2_client_method_ex;
3324 break;
3325 #endif
3326#ifdef WOLFSSL_DTLS13
3327 case -4:
3328 method = wolfDTLSv1_3_client_method_ex;
3329 break;
3330#endif /* WOLFSSL_DTLS13 */
3331 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
3332 case -3:
3333 method = wolfDTLSv1_2_method_ex;
3334 break;
3335 #endif
3336#endif
3337
3338 default:
3339 err_sys("Bad SSL version");
3340 }
3341
3342 if (method == NULL)
3343 err_sys("unable to get method");
3344
3345#if defined(WOLFSSL_SYS_CRYPTO_POLICY)
3346 if (policy != NULL) {
3347 if (wolfSSL_crypto_policy_enable(policy) != WOLFSSL_SUCCESS) {
3348 err_sys("wolfSSL_crypto_policy_enable failed");
3349 }
3350 }
3351#endif /* WOLFSSL_SYS_CRYPTO_POLICY */
3352
3353#ifdef WOLFSSL_STATIC_MEMORY
3354 #if defined(DEBUG_WOLFSSL) && !defined(WOLFSSL_STATIC_MEMORY_LEAN)
3355 /* print off helper buffer sizes for use with static memory
3356 * printing to stderr in case of debug mode turned on */
3357 LOG_ERROR("static memory management size = %d\n",
3358 wolfSSL_MemoryPaddingSz());
3359 LOG_ERROR("calculated optimum general buffer size = %d\n",
3360 wolfSSL_StaticBufferSz(memory, sizeof(memory), 0));
3361 LOG_ERROR("calculated optimum IO buffer size = %d\n",
3362 wolfSSL_StaticBufferSz(memoryIO, sizeof(memoryIO),
3363 WOLFMEM_IO_POOL_FIXED));
3364 #endif /* DEBUG_WOLFSSL */
3365
3366 if (wc_LoadStaticMemory(&heap, memory, sizeof(memory), WOLFMEM_GENERAL, 1)
3367 != 0) {
3368 err_sys("unable to load static memory");
3369 }
3370
3371#if defined(WOLFSSL_STATIC_MEMORY) && \
3372 defined(WOLFSSL_STATIC_MEMORY_DEBUG_CALLBACK)
3373 wolfSSL_SetDebugMemoryCb(ExampleDebugMemoryCb);
3374#endif
3375 ctx = wolfSSL_CTX_new_ex(method(heap), heap);
3376 if (ctx == NULL)
3377 err_sys("unable to get ctx");
3378#ifdef WOLFSSL_CALLBACKS
3379 wolfSSL_CTX_set_msg_callback(ctx, msgDebugCb);
3380#endif
3381
3382 if (wolfSSL_CTX_load_static_memory(&ctx, NULL, memoryIO, sizeof(memoryIO),
3383 WOLFMEM_IO_POOL_FIXED | WOLFMEM_TRACK_STATS, 1) != WOLFSSL_SUCCESS) {
3384 err_sys("unable to load static memory");
3385 }
3386#else
3387 if (method != NULL) {
3388 ctx = wolfSSL_CTX_new(method(NULL));
3389 if (ctx == NULL)
3390 err_sys("unable to get ctx");
3391 }
3392#endif
3393
3394#ifdef WOLFSSL_SYS_CA_CERTS
3395 if (loadSysCaCerts &&
3396 wolfSSL_CTX_load_system_CA_certs(ctx) != WOLFSSL_SUCCESS) {
3397 err_sys("wolfSSL_CTX_load_system_CA_certs failed");
3398 }
3399#endif /* WOLFSSL_SYS_CA_CERTS */
3400
3401 if (minVersion != CLIENT_INVALID_VERSION) {
3402#ifdef WOLFSSL_DTLS
3403 if (doDTLS) {
3404 switch (minVersion) {
3405 case 4:
3406#ifdef WOLFSSL_DTLS13
3407 minVersion = WOLFSSL_DTLSV1_3;
3408 break;
3409#else
3410 err_sys("invalid minimum downgrade version");
3411#endif /* WOLFSSL_DTLS13 */
3412 case 3:
3413 minVersion = WOLFSSL_DTLSV1_2;
3414 break;
3415 case 2:
3416 minVersion = WOLFSSL_DTLSV1;
3417 break;
3418 }
3419 }
3420#endif /* WOLFSSL_DTLS */
3421 if (wolfSSL_CTX_SetMinVersion(ctx, minVersion) != WOLFSSL_SUCCESS)
3422 err_sys("can't set minimum downgrade version");
3423 }
3424 if (simulateWantWrite) {
3425 #ifdef USE_WOLFSSL_IO
3426 wolfSSL_CTX_SetIOSend(ctx, SimulateWantWriteIOSendCb);
3427 #endif
3428 }
3429
3430#ifdef SINGLE_THREADED
3431 if (wolfSSL_CTX_new_rng(ctx) != WOLFSSL_SUCCESS) {
3432 wolfSSL_CTX_free(ctx); ctx = NULL;
3433 err_sys("Single Threaded new rng at CTX failed");
3434 }
3435#endif
3436
3437#ifdef OPENSSL_COMPATIBLE_DEFAULTS
3438 /* Restore wolfSSL verify defaults */
3439 if (ctx) {
3440 wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_DEFAULT, NULL);
3441 }
3442#endif
3443
3444#ifdef WOLFSSL_SRTP
3445 if (dtlsSrtpProfiles != NULL) {
3446 if (wolfSSL_CTX_set_tlsext_use_srtp(ctx, dtlsSrtpProfiles)
3447 != 0) {
3448 err_sys("unable to set DTLS SRTP profile");
3449 }
3450 }
3451#endif
3452
3453#ifdef WOLFSSL_WOLFSENTRY_HOOKS
3454 if (wolfsentry_setup(&wolfsentry, wolfsentry_config_path,
3455 WOLFSENTRY_ROUTE_FLAG_DIRECTION_OUT) < 0) {
3456 err_sys("unable to initialize wolfSentry");
3457 }
3458
3459 if (wolfSSL_CTX_set_ConnectFilter(
3460 ctx,
3461 (NetworkFilterCallback_t)wolfSentry_NetworkFilterCallback,
3462 wolfsentry) < 0) {
3463 err_sys("unable to install wolfSentry_NetworkFilterCallback");
3464 }
3465#endif
3466
3467 if (cipherList && !useDefCipherList) {
3468 if (wolfSSL_CTX_set_cipher_list(ctx, cipherList) != WOLFSSL_SUCCESS) {
3469 wolfSSL_CTX_free(ctx); ctx = NULL;
3470 err_sys("client can't set cipher list 1");
3471 }
3472 }
3473
3474#ifdef WOLFSSL_LEANPSK
3475 if (!usePsk) {
3476 usePsk = 1;
3477 }
3478#endif
3479
3480#if defined(NO_RSA) && !defined(HAVE_ECC) && !defined(HAVE_ED25519) && \
3481 !defined(HAVE_ED448)
3482 if (!usePsk) {
3483 usePsk = 1;
3484 }
3485#endif
3486
3487 if (fewerPackets)
3488 wolfSSL_CTX_set_group_messages(ctx);
3489#if (defined(WOLFSSL_SCTP) || defined(WOLFSSL_DTLS_MTU)) && \
3490 defined(WOLFSSL_DTLS)
3491 if (dtlsMTU)
3492 wolfSSL_CTX_dtls_set_mtu(ctx, (unsigned short)dtlsMTU);
3493#endif
3494
3495#ifndef NO_DH
3496 if (wolfSSL_CTX_SetMinDhKey_Sz(ctx, (word16)minDhKeyBits)
3497 != WOLFSSL_SUCCESS) {
3498 err_sys("Error setting minimum DH key size");
3499 }
3500#endif
3501
3502#ifdef HAVE_RPK
3503 if (useRPK) {
3504 char ctype[] = {WOLFSSL_CERT_TYPE_RPK};
3505 char stype[] = {WOLFSSL_CERT_TYPE_RPK};
3506
3507 wolfSSL_CTX_set_client_cert_type(ctx, ctype, sizeof(ctype)/sizeof(ctype[0]));
3508 wolfSSL_CTX_set_server_cert_type(ctx, stype, sizeof(stype)/sizeof(stype[0]));
3509 usePsk = 0;
3510 #ifdef HAVE_CRL
3511 disableCRL = 1;
3512 #endif
3513 doPeerCheck = 0;
3514 }
3515#endif /* HAVE_RPK */
3516
3517 if (usePsk) {
3518#ifndef NO_PSK
3519 const char *defaultCipherList = cipherList;
3520
3521 wolfSSL_CTX_set_psk_client_callback(ctx, my_psk_client_cb);
3522#ifdef WOLFSSL_TLS13
3523 #if !defined(WOLFSSL_PSK_TLS13_CB) && !defined(WOLFSSL_PSK_ONE_ID)
3524 if (!opensslPsk) {
3525 wolfSSL_CTX_set_psk_client_cs_callback(ctx, my_psk_client_cs_cb);
3526 }
3527 else
3528 #endif
3529 {
3530 wolfSSL_CTX_set_psk_client_tls13_callback(ctx,
3531 my_psk_client_tls13_cb);
3532 }
3533#if defined(WOLFSSL_CERT_WITH_EXTERN_PSK)
3534 if (usePskWithCerts) {
3535 if (wolfSSL_CTX_set_cert_with_extern_psk(ctx, 1) != WOLFSSL_SUCCESS) {
3536 wolfSSL_CTX_free(ctx); ctx = NULL;
3537 err_sys("client can't enable cert_with_extern_psk");
3538 }
3539 }
3540#endif
3541#endif
3542 if (defaultCipherList == NULL) {
3543 #if defined(HAVE_AESGCM) && !defined(NO_DH)
3544 #ifdef WOLFSSL_TLS13
3545 defaultCipherList = "TLS13-AES128-GCM-SHA256"
3546 #ifndef WOLFSSL_NO_TLS12
3547 ":DHE-PSK-AES128-GCM-SHA256"
3548 #endif
3549 ;
3550 #else
3551 defaultCipherList = "DHE-PSK-AES128-GCM-SHA256";
3552 #endif
3553 #elif defined(HAVE_AESGCM) && defined(WOLFSSL_TLS13)
3554 defaultCipherList = "TLS13-AES128-GCM-SHA256"
3555 #ifndef WOLFSSL_NO_TLS12
3556 ":PSK-AES128-GCM-SHA256"
3557 #endif
3558 ;
3559 #elif defined(HAVE_NULL_CIPHER)
3560 defaultCipherList = "PSK-NULL-SHA256";
3561 #elif !defined(NO_AES_CBC)
3562 defaultCipherList = "PSK-AES128-CBC-SHA256";
3563 #else
3564 defaultCipherList = "PSK-AES128-GCM-SHA256";
3565 #endif
3566 if (wolfSSL_CTX_set_cipher_list(ctx, defaultCipherList)
3567 !=WOLFSSL_SUCCESS) {
3568 wolfSSL_CTX_free(ctx); ctx = NULL;
3569 err_sys("client can't set cipher list 2");
3570 }
3571 }
3572 wolfSSL_CTX_set_psk_callback_ctx(ctx, (void*)defaultCipherList);
3573#endif
3574 if (useClientCert) {
3575 useClientCert = 0;
3576 }
3577 }
3578
3579 if (useAnon) {
3580#ifdef HAVE_ANON
3581 if (cipherList == NULL || (cipherList && useDefCipherList)) {
3582 const char* defaultCipherList;
3583 wolfSSL_CTX_allow_anon_cipher(ctx);
3584 defaultCipherList = "ADH-AES256-GCM-SHA384:"
3585 "ADH-AES128-SHA";
3586 if (wolfSSL_CTX_set_cipher_list(ctx,defaultCipherList)
3587 != WOLFSSL_SUCCESS) {
3588 wolfSSL_CTX_free(ctx); ctx = NULL;
3589 err_sys("client can't set cipher list 4");
3590 }
3591 }
3592#endif
3593 if (useClientCert) {
3594 useClientCert = 0;
3595 }
3596 }
3597
3598#ifdef WOLFSSL_SCTP
3599 if (dtlsSCTP)
3600 wolfSSL_CTX_dtls_set_sctp(ctx);
3601#endif
3602
3603#ifdef WOLFSSL_ENCRYPTED_KEYS
3604 wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
3605#endif
3606
3607#ifdef WOLFSSL_SNIFFER
3608 if (cipherList == NULL && version < 4) {
3609 /* static RSA or ECC cipher suites */
3610 const char* staticCipherList = "AES128-SHA:ECDH-ECDSA-AES128-SHA";
3611 if (wolfSSL_CTX_set_cipher_list(ctx, staticCipherList) != WOLFSSL_SUCCESS) {
3612 wolfSSL_CTX_free(ctx); ctx = NULL;
3613 err_sys("client can't set cipher list 3");
3614 }
3615 }
3616#endif
3617
3618#ifdef HAVE_OCSP
3619 if (useOcsp) {
3620 #if defined(HAVE_IO_TIMEOUT) && defined(HAVE_HTTP_CLIENT)
3621 wolfIO_SetTimeout(DEFAULT_TIMEOUT_SEC);
3622 #endif
3623
3624 if (ocspUrl != NULL) {
3625 wolfSSL_CTX_SetOCSP_OverrideURL(ctx, ocspUrl);
3626 wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_NO_NONCE
3627 | WOLFSSL_OCSP_URL_OVERRIDE);
3628 }
3629 else {
3630 wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_CHECKALL);
3631 }
3632
3633 #ifdef WOLFSSL_NONBLOCK_OCSP
3634 wolfSSL_CTX_SetOCSP_Cb(ctx, OCSPIOCb, OCSPRespFreeCb, NULL);
3635 #endif
3636 }
3637#endif
3638
3639#ifdef USER_CA_CB
3640 wolfSSL_CTX_SetCACb(ctx, CaCb);
3641#endif
3642
3643#if defined(HAVE_EXT_CACHE) && !defined(NO_SESSION_CACHE)
3644 wolfSSL_CTX_sess_set_get_cb(ctx, mySessGetCb);
3645 wolfSSL_CTX_sess_set_new_cb(ctx, mySessNewCb);
3646 wolfSSL_CTX_sess_set_remove_cb(ctx, mySessRemCb);
3647#endif
3648
3649#ifndef NO_CERTS
3650 if (useClientCert && !loadCertKeyIntoSSLObj){
3651 #if defined(NO_FILESYSTEM) && defined(USE_CERT_BUFFERS_2048)
3652 if (wolfSSL_CTX_use_certificate_chain_buffer_format(ctx,
3653 client_cert_der_2048, sizeof_client_cert_der_2048,
3654 WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS)
3655 err_sys("can't load client cert buffer");
3656 #elif !defined(TEST_LOAD_BUFFER)
3657 if (wolfSSL_CTX_use_certificate_chain_file_format(ctx, ourCert, fileFormat)
3658 != WOLFSSL_SUCCESS) {
3659 wolfSSL_CTX_free(ctx); ctx = NULL;
3660 err_sys("can't load client cert file, check file and run from"
3661 " wolfSSL home dir");
3662 }
3663 #else
3664 load_buffer(ctx, ourCert, WOLFSSL_CERT_CHAIN);
3665 #endif
3666 }
3667
3668 #ifdef HAVE_PK_CALLBACKS
3669 pkCbInfo.ourKey = ourKey;
3670 #endif
3671 if (useClientCert && !loadCertKeyIntoSSLObj
3672 #if defined(HAVE_PK_CALLBACKS) && defined(TEST_PK_PRIVKEY)
3673 && !pkCallbacks
3674 #endif
3675 ) {
3676 #ifdef NO_FILESYSTEM
3677 if (wolfSSL_CTX_use_PrivateKey_buffer(ctx, client_key_der_2048,
3678 sizeof_client_key_der_2048, WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS)
3679 err_sys("can't load client private key buffer");
3680 #elif !defined(TEST_LOAD_BUFFER)
3681 if (wolfSSL_CTX_use_PrivateKey_file(ctx, ourKey, fileFormat)
3682 != WOLFSSL_SUCCESS) {
3683 wolfSSL_CTX_free(ctx); ctx = NULL;
3684 err_sys("can't load client private key file, check file and run "
3685 "from wolfSSL home dir");
3686 }
3687 #else
3688 load_buffer(ctx, ourKey, WOLFSSL_KEY);
3689 #endif
3690 }
3691
3692 if ((!usePsk || usePskWithCerts) && !useAnon && !useVerifyCb &&
3693 myVerifyAction != VERIFY_FORCE_FAIL) {
3694 #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
3695 (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
3696 !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
3697 if (useCertFolder) {
3698 WOLFSSL_X509_STORE *store;
3699 WOLFSSL_X509_LOOKUP *lookup;
3700
3701 store = wolfSSL_CTX_get_cert_store(ctx);
3702 if (store == NULL) {
3703 wolfSSL_CTX_free(ctx); ctx = NULL;
3704 err_sys("can't get WOLFSSL_X509_STORE");
3705 }
3706 lookup = wolfSSL_X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir());
3707 if (lookup == NULL) {
3708 wolfSSL_CTX_free(ctx); ctx = NULL;
3709 err_sys("can't add lookup");
3710 }
3711 if (wolfSSL_X509_LOOKUP_ctrl(lookup, WOLFSSL_X509_L_ADD_DIR, caCertFolder,
3712 X509_FILETYPE_PEM, NULL) != WOLFSSL_SUCCESS) {
3713 err_sys("X509_LOOKUP_ctrl w/ L_ADD_DIR failed");
3714 }
3715 } else {
3716 #endif
3717 #ifdef NO_FILESYSTEM
3718 if (wolfSSL_CTX_load_verify_buffer(ctx, ca_cert_der_2048,
3719 sizeof_ca_cert_der_2048, WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) {
3720 wolfSSL_CTX_free(ctx); ctx = NULL;
3721 err_sys("can't load ca buffer, Please run from wolfSSL home dir");
3722 }
3723 #elif !defined(TEST_LOAD_BUFFER)
3724 unsigned int verify_flags = 0;
3725 #ifdef TEST_BEFORE_DATE
3726 verify_flags |= WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY;
3727 #endif
3728 if (doPeerCheck != 0 &&
3729 wolfSSL_CTX_load_verify_locations_ex(ctx, verifyCert, 0, verify_flags)
3730 != WOLFSSL_SUCCESS) {
3731 wolfSSL_CTX_free(ctx); ctx = NULL;
3732 err_sys("can't load ca file, Please run from wolfSSL home dir");
3733 }
3734 #else
3735 load_buffer(ctx, verifyCert, WOLFSSL_CA);
3736 #endif /* !NO_FILESYSTEM */
3737
3738 #ifdef HAVE_ECC
3739 /* load ecc verify too, echoserver uses it by default w/ ecc */
3740 #ifdef NO_FILESYSTEM
3741 if (doPeerCheck != 0 &&
3742 wolfSSL_CTX_load_verify_buffer(ctx, ca_ecc_cert_der_256,
3743 sizeof_ca_ecc_cert_der_256, WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) {
3744 wolfSSL_CTX_free(ctx); ctx = NULL;
3745 err_sys("can't load ecc ca buffer");
3746 }
3747 #elif !defined(TEST_LOAD_BUFFER)
3748 if (doPeerCheck != 0 && !customVerifyCert &&
3749 wolfSSL_CTX_load_verify_locations_ex(ctx, eccCertFile, 0, verify_flags)
3750 != WOLFSSL_SUCCESS) {
3751 wolfSSL_CTX_free(ctx); ctx = NULL;
3752 err_sys("can't load ecc ca file, Please run from wolfSSL home dir");
3753 }
3754 #else
3755 load_buffer(ctx, eccCertFile, WOLFSSL_CA);
3756 #endif /* !TEST_LOAD_BUFFER */
3757 #endif /* HAVE_ECC */
3758 #if defined(WOLFSSL_TRUST_PEER_CERT) && !defined(NO_FILESYSTEM)
3759 if (trustCert) {
3760 if (wolfSSL_CTX_trust_peer_cert(ctx, trustCert,
3761 WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
3762 wolfSSL_CTX_free(ctx); ctx = NULL;
3763 err_sys("can't load trusted peer cert file");
3764 }
3765 }
3766 #endif /* WOLFSSL_TRUST_PEER_CERT && !NO_FILESYSTEM */
3767 #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
3768 (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
3769 !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
3770 }
3771 #endif
3772 }
3773 if (useVerifyCb || myVerifyAction == VERIFY_FORCE_FAIL ||
3774 myVerifyAction == VERIFY_USE_PREVERIFY) {
3775 wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, myVerify);
3776 }
3777 else if ((!usePsk || usePskWithCerts) && !useAnon && doPeerCheck == 0) {
3778 wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_NONE, NULL);
3779 }
3780 else if ((!usePsk || usePskWithCerts) && !useAnon &&
3781 myVerifyAction == VERIFY_OVERRIDE_DATE_ERR) {
3782 wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, myVerify);
3783 }
3784#endif /* !NO_CERTS */
3785
3786#ifdef WOLFSSL_ASYNC_CRYPT
3787 ret = wolfAsync_DevOpen(&devId);
3788 if (ret < 0) {
3789 LOG_ERROR("Async device open failed\nRunning without async\n");
3790 }
3791 wolfSSL_CTX_SetDevId(ctx, devId);
3792#endif /* WOLFSSL_ASYNC_CRYPT */
3793
3794#ifdef HAVE_SNI
3795 if (sniHostName) {
3796 if (wolfSSL_CTX_UseSNI(ctx, WOLFSSL_SNI_HOST_NAME, sniHostName,
3797 (word16) XSTRLEN(sniHostName)) != WOLFSSL_SUCCESS) {
3798 wolfSSL_CTX_free(ctx); ctx = NULL;
3799 err_sys("UseSNI failed");
3800 }
3801 }
3802#endif
3803#ifdef HAVE_MAX_FRAGMENT
3804 if (maxFragment)
3805 if (wolfSSL_CTX_UseMaxFragment(ctx, maxFragment) != WOLFSSL_SUCCESS) {
3806 wolfSSL_CTX_free(ctx); ctx = NULL;
3807 err_sys("UseMaxFragment failed");
3808 }
3809#endif
3810#ifdef HAVE_TRUNCATED_HMAC
3811 if (truncatedHMAC)
3812 if (wolfSSL_CTX_UseTruncatedHMAC(ctx) != WOLFSSL_SUCCESS) {
3813 wolfSSL_CTX_free(ctx); ctx = NULL;
3814 err_sys("UseTruncatedHMAC failed");
3815 }
3816#endif
3817#ifdef HAVE_SESSION_TICKET
3818 if (wolfSSL_CTX_UseSessionTicket(ctx) != WOLFSSL_SUCCESS) {
3819 wolfSSL_CTX_free(ctx); ctx = NULL;
3820 err_sys("UseSessionTicket failed");
3821 }
3822#endif
3823#ifdef HAVE_EXTENDED_MASTER
3824 if (disableExtMasterSecret)
3825 if (wolfSSL_CTX_DisableExtendedMasterSecret(ctx) != WOLFSSL_SUCCESS) {
3826 wolfSSL_CTX_free(ctx); ctx = NULL;
3827 err_sys("DisableExtendedMasterSecret failed");
3828 }
3829#endif
3830#if defined(HAVE_SUPPORTED_CURVES)
3831 #if defined(HAVE_CURVE25519)
3832 if (useX25519) {
3833 if (wolfSSL_CTX_UseSupportedCurve(ctx, WOLFSSL_ECC_X25519)
3834 != WOLFSSL_SUCCESS) {
3835 err_sys("unable to support X25519");
3836 }
3837 }
3838 #endif /* HAVE_CURVE25519 */
3839 #if defined(HAVE_CURVE448)
3840 if (useX448) {
3841 if (wolfSSL_CTX_UseSupportedCurve(ctx, WOLFSSL_ECC_X448)
3842 != WOLFSSL_SUCCESS) {
3843 err_sys("unable to support X448");
3844 }
3845 }
3846 #endif /* HAVE_CURVE448 */
3847 #ifdef HAVE_ECC
3848 #ifdef HAVE_ECC_BRAINPOOL
3849 if (useBrainpool) {
3850 if (version == 4) {
3851 if (wolfSSL_CTX_UseSupportedCurve(ctx,
3852 WOLFSSL_ECC_BRAINPOOLP256R1TLS13)
3853 != WOLFSSL_SUCCESS) {
3854 err_sys("unable to support brainpoolp256r1tls13");
3855 }
3856 }
3857 else if (version == CLIENT_DOWNGRADE_VERSION) {
3858 if (wolfSSL_CTX_UseSupportedCurve(ctx,
3859 WOLFSSL_ECC_BRAINPOOLP256R1TLS13)
3860 != WOLFSSL_SUCCESS) {
3861 err_sys("unable to support brainpoolp256r1tls13");
3862 }
3863 if (minVersion <= 3) {
3864 if (wolfSSL_CTX_UseSupportedCurve(ctx,
3865 WOLFSSL_ECC_BRAINPOOLP256R1)
3866 != WOLFSSL_SUCCESS) {
3867 err_sys("unable to support brainpoolp256r1");
3868 }
3869 }
3870 }
3871 else {
3872 if (wolfSSL_CTX_UseSupportedCurve(ctx, WOLFSSL_ECC_BRAINPOOLP256R1)
3873 != WOLFSSL_SUCCESS) {
3874 err_sys("unable to support brainpoolp256r1");
3875 }
3876 }
3877 }
3878 #endif /* HAVE_ECC_BRAINPOOL */
3879 if (useSupCurve) {
3880 #if !defined(NO_ECC_SECP) && \
3881 (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES))
3882 if (wolfSSL_CTX_UseSupportedCurve(ctx, WOLFSSL_ECC_SECP384R1)
3883 != WOLFSSL_SUCCESS) {
3884 err_sys("unable to support secp384r1");
3885 }
3886 #endif
3887 #if !defined(NO_ECC_SECP) && \
3888 (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES))
3889 if (wolfSSL_CTX_UseSupportedCurve(ctx, WOLFSSL_ECC_SECP256R1)
3890 != WOLFSSL_SUCCESS) {
3891 err_sys("unable to support secp256r1");
3892 }
3893 #endif
3894 }
3895 #endif /* HAVE_ECC */
3896 #ifdef HAVE_FFDHE_2048
3897 if (useSupCurve) {
3898 if (wolfSSL_CTX_UseSupportedCurve(ctx, WOLFSSL_FFDHE_2048)
3899 != WOLFSSL_SUCCESS) {
3900 err_sys("unable to support FFDHE 2048");
3901 }
3902 }
3903 #endif
3904#endif /* HAVE_SUPPORTED_CURVES */
3905
3906#ifdef WOLFSSL_TLS13
3907 if (noPskDheKe)
3908 wolfSSL_CTX_no_dhe_psk(ctx);
3909#ifdef HAVE_SUPPORTED_CURVES
3910 if (onlyPskDheKe)
3911 wolfSSL_CTX_only_dhe_psk(ctx);
3912#endif
3913#endif
3914#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
3915 if (postHandAuth) {
3916 if (wolfSSL_CTX_allow_post_handshake_auth(ctx) != 0) {
3917 err_sys("unable to support post handshake auth");
3918 }
3919 }
3920#endif
3921
3922 if (benchmark) {
3923 ((func_args*)args)->return_code =
3924 ClientBenchmarkConnections(ctx, host, port, dtlsUDP, dtlsSCTP,
3925 benchmark, resumeSession, useX25519,
3926 useX448, usePqc, pqcAlg, helloRetry,
3927 onlyKeyShare, version, earlyData,
3928 useBrainpool);
3929 wolfSSL_CTX_free(ctx); ctx = NULL;
3930 XEXIT_T(EXIT_SUCCESS);
3931 }
3932
3933 if (throughput) {
3934 ((func_args*)args)->return_code =
3935 ClientBenchmarkThroughput(ctx, host, port, dtlsUDP, dtlsSCTP,
3936 block, throughput, useX25519, useX448,
3937 usePqc, pqcAlg, exitWithRet, version,
3938 onlyKeyShare, useBrainpool);
3939 wolfSSL_CTX_free(ctx); ctx = NULL;
3940 if (((func_args*)args)->return_code != EXIT_SUCCESS && !exitWithRet)
3941 XEXIT_T(EXIT_SUCCESS);
3942 else
3943 goto exit;
3944 }
3945
3946 #if defined(WOLFSSL_MDK_ARM)
3947 wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_NONE, NULL);
3948 #endif
3949
3950 #if defined(OPENSSL_EXTRA)
3951 if (wolfSSL_CTX_get_read_ahead(ctx) != 0) {
3952 wolfSSL_CTX_free(ctx); ctx = NULL;
3953 err_sys("bad read ahead default value");
3954 }
3955 if (wolfSSL_CTX_set_read_ahead(ctx, 1) != WOLFSSL_SUCCESS) {
3956 wolfSSL_CTX_free(ctx); ctx = NULL;
3957 err_sys("error setting read ahead value");
3958 }
3959 #endif
3960
3961#if defined(WOLFSSL_STATIC_MEMORY) && defined(DEBUG_WOLFSSL) && \
3962 !defined(WOLFSSL_STATIC_MEMORY_LEAN)
3963 LOG_ERROR("Before creating SSL\n");
3964 if (wolfSSL_CTX_is_static_memory(ctx, &mem_stats) != 1)
3965 err_sys("ctx not using static memory");
3966 if (wolfSSL_PrintStats(&mem_stats) != 1) /* function in test.h */
3967 err_sys("error printing out memory stats");
3968#endif
3969
3970 if (doMcast) {
3971#ifdef WOLFSSL_MULTICAST
3972 wolfSSL_CTX_mcast_set_member_id(ctx, mcastID);
3973 if (wolfSSL_CTX_set_cipher_list(ctx, "WDM-NULL-SHA256")
3974 != WOLFSSL_SUCCESS) {
3975 wolfSSL_CTX_free(ctx); ctx = NULL;
3976 err_sys("Couldn't set multicast cipher list.");
3977 }
3978#endif
3979 }
3980
3981#ifdef HAVE_PK_CALLBACKS
3982 if (pkCallbacks)
3983 SetupPkCallbacks(ctx);
3984#endif
3985
3986 ssl = wolfSSL_new(ctx);
3987 if (ssl == NULL) {
3988 wolfSSL_CTX_free(ctx); ctx = NULL;
3989 err_sys("unable to get SSL object");
3990 }
3991
3992#if defined(WOLFSSL_TLS13) && defined(HAVE_ECH)
3993 if (echConfigs64 != NULL) {
3994 if (wolfSSL_SetEchConfigsBase64(ssl, echConfigs64,
3995 (word32)XSTRLEN(echConfigs64)) != WOLFSSL_SUCCESS) {
3996 wolfSSL_CTX_free(ctx); ctx = NULL;
3997 err_sys("SetEchConfigsBase64 failed");
3998 }
3999 }
4000#endif
4001
4002#ifdef WOLFSSL_DUAL_ALG_CERTS
4003 if (!wolfSSL_UseCKS(ssl, cks_order, sizeof(cks_order))) {
4004 wolfSSL_CTX_free(ctx); ctx = NULL;
4005 err_sys("unable to set the CKS order.");
4006 }
4007#endif /* WOLFSSL_DUAL_ALG_CERTS */
4008
4009#ifndef NO_PSK
4010 if (usePsk) {
4011 #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_TLS13) && \
4012 defined(TEST_PSK_USE_SESSION)
4013 SSL_set_psk_use_session_callback(ssl, my_psk_use_session_cb);
4014 #endif
4015 }
4016#endif
4017
4018#ifndef NO_CERTS
4019 if (useClientCert && loadCertKeyIntoSSLObj){
4020 #ifdef NO_FILESYSTEM
4021 if (wolfSSL_use_certificate_buffer(ssl, client_cert_der_2048,
4022 sizeof_client_cert_der_2048, WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) {
4023 wolfSSL_CTX_free(ctx); ctx = NULL;
4024 err_sys("can't load client cert buffer");
4025 }
4026 #elif !defined(TEST_LOAD_BUFFER)
4027 if (wolfSSL_use_certificate_chain_file_format(ssl, ourCert, fileFormat)
4028 != WOLFSSL_SUCCESS) {
4029 wolfSSL_CTX_free(ctx); ctx = NULL;
4030 err_sys("can't load client cert file, check file and run from"
4031 " wolfSSL home dir");
4032 }
4033 #else
4034 load_ssl_buffer(ssl, ourCert, WOLFSSL_CERT_CHAIN);
4035 #endif
4036 }
4037
4038 if (loadCertKeyIntoSSLObj
4039 #if defined(HAVE_PK_CALLBACKS) && defined(TEST_PK_PRIVKEY)
4040 && !pkCallbacks
4041 #endif
4042 ) {
4043 #ifdef NO_FILESYSTEM
4044 if (wolfSSL_CTX_use_PrivateKey_buffer(ctx, client_key_der_2048,
4045 sizeof_client_key_der_2048, WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS)
4046 err_sys("can't load client private key buffer");
4047 #elif !defined(TEST_LOAD_BUFFER)
4048 if (wolfSSL_use_PrivateKey_file(ssl, ourKey, fileFormat)
4049 != WOLFSSL_SUCCESS) {
4050 wolfSSL_CTX_free(ctx); ctx = NULL;
4051 err_sys("can't load client private key file, check file and run "
4052 "from wolfSSL home dir");
4053 }
4054 #else
4055 load_ssl_buffer(ssl, ourKey, WOLFSSL_KEY);
4056 #endif
4057 }
4058#endif /* !NO_CERTS */
4059
4060#if defined(OPENSSL_EXTRA) || defined(HAVE_SECRET_CALLBACK)
4061 wolfSSL_KeepArrays(ssl);
4062#endif
4063
4064#ifdef HAVE_PK_CALLBACKS
4065 /* This must be before SetKeyShare */
4066 if (pkCallbacks) {
4067 SetupPkCallbackContexts(ssl, &pkCbInfo);
4068 }
4069#endif
4070
4071#if defined(WOLFSSL_STATIC_MEMORY) && defined(DEBUG_WOLFSSL) && \
4072 !defined(WOLFSSL_STATIC_MEMORY_LEAN)
4073 LOG_ERROR("After creating SSL\n");
4074 if (wolfSSL_CTX_is_static_memory(ctx, &mem_stats) != 1)
4075 err_sys("ctx not using static memory");
4076 if (wolfSSL_PrintStats(&mem_stats) != 1) /* function in test.h */
4077 err_sys("error printing out memory stats");
4078#endif
4079
4080#if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES)
4081 if (!helloRetry && (version >= 4 || version <= -4)) {
4082 SetKeyShare(ssl, onlyKeyShare, useX25519, useX448,
4083 useBrainpool, usePqc, pqcAlg, 0);
4084 }
4085 else {
4086 wolfSSL_NoKeyShares(ssl);
4087 }
4088#endif
4089
4090 if (doMcast) {
4091#ifdef WOLFSSL_MULTICAST
4092 /* DTLS multicast secret for testing only */
4093 #define CLI_SRV_RANDOM_SZ 32 /* RAN_LEN (see internal.h) */
4094 #define PMS_SZ 512 /* ENCRYPT_LEN (see internal.h) */
4095 byte pms[PMS_SZ]; /* pre master secret */
4096 byte cr[CLI_SRV_RANDOM_SZ]; /* client random */
4097 byte sr[CLI_SRV_RANDOM_SZ]; /* server random */
4098 const byte suite[2] = {0, 0xfe}; /* WDM_WITH_NULL_SHA256 */
4099
4100 XMEMSET(pms, 0x23, sizeof(pms));
4101 XMEMSET(cr, 0xA5, sizeof(cr));
4102 XMEMSET(sr, 0x5A, sizeof(sr));
4103
4104 if (wolfSSL_set_secret(ssl, 1, pms, sizeof(pms), cr, sr, suite)
4105 != WOLFSSL_SUCCESS) {
4106 wolfSSL_CTX_free(ctx); ctx = NULL;
4107 err_sys("unable to set mcast secret");
4108 }
4109#endif
4110 }
4111
4112 #ifdef HAVE_SESSION_TICKET
4113 wolfSSL_set_SessionTicket_cb(ssl, sessionTicketCB, (void*)"initial session");
4114 #endif
4115
4116#ifdef HAVE_TRUSTED_CA
4117 if (trustedCaKeyId) {
4118 if (wolfSSL_UseTrustedCA(ssl, WOLFSSL_TRUSTED_CA_PRE_AGREED,
4119 NULL, 0) != WOLFSSL_SUCCESS) {
4120 err_sys("UseTrustedCA failed");
4121 }
4122 }
4123#endif
4124#ifdef HAVE_ALPN
4125 if (alpnList != NULL) {
4126 printf("ALPN accepted protocols list : %s\n", alpnList);
4127 wolfSSL_UseALPN(ssl, alpnList, (word32)XSTRLEN(alpnList), alpn_opt);
4128 }
4129#endif
4130
4131#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \
4132 defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
4133 if (statusRequest) {
4134 if (version == 4 &&
4135 (statusRequest == OCSP_STAPLINGV2 || \
4136 statusRequest == OCSP_STAPLINGV2_MULTI)) {
4137 err_sys("Cannot use OCSP Stapling V2 with TLSv1.3");
4138 }
4139
4140 if (wolfSSL_CTX_EnableOCSPStapling(ctx) != WOLFSSL_SUCCESS)
4141 err_sys("can't enable OCSP Stapling Certificate Manager");
4142 if (mustStaple) {
4143 if (wolfSSL_CTX_EnableOCSPMustStaple(ctx) != WOLFSSL_SUCCESS)
4144 err_sys("can't enable OCSP Must Staple");
4145 }
4146
4147 switch (statusRequest) {
4148 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST
4149 case OCSP_STAPLING:
4150 if (wolfSSL_UseOCSPStapling(ssl, WOLFSSL_CSR_OCSP,
4151 WOLFSSL_CSR_OCSP_USE_NONCE) != WOLFSSL_SUCCESS) {
4152 wolfSSL_free(ssl); ssl = NULL;
4153 CloseSocket(sockfd);
4154 wolfSSL_CTX_free(ctx); ctx = NULL;
4155 err_sys("UseCertificateStatusRequest failed");
4156 }
4157 break;
4158 #endif
4159 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
4160 case OCSP_STAPLINGV2:
4161 if (wolfSSL_UseOCSPStaplingV2(ssl,
4162 WOLFSSL_CSR2_OCSP, WOLFSSL_CSR2_OCSP_USE_NONCE)
4163 != WOLFSSL_SUCCESS) {
4164 wolfSSL_free(ssl); ssl = NULL;
4165 CloseSocket(sockfd);
4166 wolfSSL_CTX_free(ctx); ctx = NULL;
4167 err_sys("UseCertificateStatusRequest failed");
4168 }
4169 break;
4170 case OCSP_STAPLINGV2_MULTI:
4171 if (wolfSSL_UseOCSPStaplingV2(ssl,
4172 WOLFSSL_CSR2_OCSP_MULTI, 0)
4173 != WOLFSSL_SUCCESS) {
4174 wolfSSL_free(ssl); ssl = NULL;
4175 CloseSocket(sockfd);
4176 wolfSSL_CTX_free(ctx); ctx = NULL;
4177 err_sys("UseCertificateStatusRequest failed");
4178 }
4179 break;
4180 #endif
4181 default:
4182 err_sys("Invalid OCSP Stapling option");
4183 }
4184
4185 wolfSSL_CTX_EnableOCSP(ctx, 0);
4186 }
4187#endif
4188
4189#if !defined(NO_DH) && !defined(WOLFSSL_OLD_PRIME_CHECK) && \
4190 !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
4191 if (!doDhKeyCheck)
4192 wolfSSL_SetEnableDhKeyTest(ssl, 0);
4193#endif
4194
4195#ifdef HAVE_ENCRYPT_THEN_MAC
4196 if (disallowETM)
4197 wolfSSL_AllowEncryptThenMac(ssl, 0);
4198#endif
4199
4200
4201 tcp_connect(&sockfd, host, port, dtlsUDP, dtlsSCTP, ssl);
4202 if (wolfSSL_set_fd(ssl, sockfd) != WOLFSSL_SUCCESS) {
4203 wolfSSL_free(ssl); ssl = NULL;
4204 CloseSocket(sockfd);
4205 wolfSSL_CTX_free(ctx); ctx = NULL;
4206 err_sys("error in setting fd");
4207 }
4208
4209 if (simulateWantWrite) {
4210 if (dtlsUDP) {
4211 wolfSSL_SetIOWriteCtx(ssl, (void*)&sockfd);
4212 udp_connect(&sockfd, host, port);
4213 }
4214 }
4215
4216 /* STARTTLS */
4217 if (doSTARTTLS) {
4218 if (StartTLS_Init(&sockfd) != WOLFSSL_SUCCESS) {
4219 wolfSSL_free(ssl); ssl = NULL;
4220 CloseSocket(sockfd);
4221 wolfSSL_CTX_free(ctx); ctx = NULL;
4222 err_sys("error during STARTTLS protocol");
4223 }
4224 }
4225
4226#if defined(HAVE_CRL) && !defined(NO_FILESYSTEM)
4227 if (disableCRL == 0 && !useVerifyCb) {
4228 #if defined(HAVE_IO_TIMEOUT) && defined(HAVE_HTTP_CLIENT)
4229 wolfIO_SetTimeout(DEFAULT_TIMEOUT_SEC);
4230 #endif
4231
4232 if (wolfSSL_EnableCRL(ssl, WOLFSSL_CRL_CHECKALL) != WOLFSSL_SUCCESS) {
4233 wolfSSL_free(ssl); ssl = NULL;
4234 CloseSocket(sockfd);
4235 wolfSSL_CTX_free(ctx); ctx = NULL;
4236 err_sys("can't enable crl check");
4237 }
4238 if (wolfSSL_LoadCRL(ssl, crlPemDir, WOLFSSL_FILETYPE_PEM, 0)
4239 != WOLFSSL_SUCCESS) {
4240 wolfSSL_free(ssl); ssl = NULL;
4241 CloseSocket(sockfd);
4242 wolfSSL_CTX_free(ctx); ctx = NULL;
4243 err_sys("can't load crl, check crlfile and date validity");
4244 }
4245 if (wolfSSL_SetCRL_Cb(ssl, CRL_CallBack) != WOLFSSL_SUCCESS) {
4246 wolfSSL_free(ssl); ssl = NULL;
4247 CloseSocket(sockfd);
4248 wolfSSL_CTX_free(ctx); ctx = NULL;
4249 err_sys("can't set crl callback");
4250 }
4251 }
4252#endif
4253#ifdef HAVE_SECURE_RENEGOTIATION
4254 if (scr) {
4255 if (wolfSSL_UseSecureRenegotiation(ssl) != WOLFSSL_SUCCESS) {
4256 wolfSSL_free(ssl); ssl = NULL;
4257 CloseSocket(sockfd);
4258 wolfSSL_CTX_free(ctx); ctx = NULL;
4259 err_sys("can't enable secure renegotiation");
4260 }
4261 }
4262#endif
4263#if defined(ATOMIC_USER) && !defined(WOLFSSL_AEAD_ONLY)
4264 if (atomicUser)
4265 SetupAtomicUser(ctx, ssl);
4266#endif
4267
4268#ifdef WOLFSSL_DTLS_CID
4269 if (useDtlsCID) {
4270 ret = wolfSSL_dtls_cid_use(ssl);
4271 if (ret != WOLFSSL_SUCCESS)
4272 err_sys("Can't enable DTLS ConnectionID");
4273 ret = wolfSSL_dtls_cid_set(ssl, (unsigned char*)dtlsCID,
4274 (word32)XSTRLEN(dtlsCID));
4275 if (ret != WOLFSSL_SUCCESS)
4276 err_sys("Can't set DTLS ConnectionID");
4277 }
4278#endif /* WOLFSSL_DTLS_CID */
4279
4280 if (matchName && doPeerCheck)
4281 wolfSSL_check_domain_name(ssl, domain);
4282#ifndef WOLFSSL_CALLBACKS
4283 if (nonBlocking) {
4284#ifdef WOLFSSL_DTLS
4285 if (doDTLS) {
4286 wolfSSL_dtls_set_using_nonblock(ssl, 1);
4287 }
4288#endif
4289 tcp_set_nonblocking(&sockfd);
4290 ret = NonBlockingSSL_Connect(ssl);
4291 }
4292 else {
4293#ifdef WOLFSSL_EARLY_DATA
4294 if (usePsk && earlyData)
4295 EarlyData(ctx, ssl, kEarlyMsg, sizeof(kEarlyMsg)-1, buffer);
4296#endif
4297 WOLFSSL_ASYNC_WHILE_PENDING(ret = wolfSSL_connect(ssl),
4298 ret != WOLFSSL_SUCCESS);
4299 }
4300#else
4301 timeoutConnect.tv_sec = DEFAULT_TIMEOUT_SEC;
4302 timeoutConnect.tv_usec = 0;
4303 ret = NonBlockingSSL_Connect(ssl); /* will keep retrying on timeout */
4304#endif
4305 if (ret != WOLFSSL_SUCCESS) {
4306 err = wolfSSL_get_error(ssl, 0);
4307 LOG_ERROR("wolfSSL_connect error %d, %s\n", err,
4308 wolfSSL_ERR_error_string((unsigned long)err, buffer));
4309
4310 /* cleanup */
4311 wolfSSL_free(ssl); ssl = NULL;
4312 wolfSSL_CTX_free(ctx); ctx = NULL;
4313 CloseSocket(sockfd);
4314
4315 if (!exitWithRet)
4316 err_sys("wolfSSL_connect failed");
4317 /* see note at top of README */
4318 /* if you're getting an error here */
4319
4320 ((func_args*)args)->return_code = err;
4321 goto exit;
4322 }
4323
4324 showPeerEx(ssl, lng_index);
4325 showPeerPEM(ssl);
4326
4327 /* if the caller requested a particular cipher, check here that either
4328 * a canonical name of the established cipher matches the requested
4329 * cipher name, or the requested cipher name is marked as an alias
4330 * that matches the established cipher.
4331 */
4332 if (cipherList && !useDefCipherList && (! XSTRSTR(cipherList, ":"))) {
4333 WOLFSSL_CIPHER* established_cipher = wolfSSL_get_current_cipher(ssl);
4334 byte requested_cipherSuite0, requested_cipherSuite;
4335 int requested_cipherFlags;
4336 if (established_cipher &&
4337 /* don't test for pseudo-ciphers like "ALL" and "DEFAULT". */
4338 (wolfSSL_get_cipher_suite_from_name(cipherList,
4339 &requested_cipherSuite0,
4340 &requested_cipherSuite,
4341 &requested_cipherFlags) == 0)) {
4342 word32 established_cipher_id =
4343 wolfSSL_CIPHER_get_id(established_cipher);
4344 byte established_cipherSuite0 = (established_cipher_id >> 8) & 0xff;
4345 byte established_cipherSuite = established_cipher_id & 0xff;
4346 const char *established_cipher_name =
4347 wolfSSL_get_cipher_name_from_suite(established_cipherSuite0,
4348 established_cipherSuite);
4349 const char *established_cipher_name_iana =
4350 wolfSSL_get_cipher_name_iana_from_suite(established_cipherSuite0,
4351 established_cipherSuite);
4352
4353 if (established_cipher_name == NULL)
4354 err_sys("error looking up name of established cipher");
4355
4356 if (strcmp(cipherList, established_cipher_name) &&
4357 ((established_cipher_name_iana == NULL) ||
4358 strcmp(cipherList, established_cipher_name_iana))) {
4359 if (! (requested_cipherFlags & WOLFSSL_CIPHER_SUITE_FLAG_NAMEALIAS))
4360 err_sys("Unexpected mismatch between names of requested and established ciphers.");
4361 else if ((requested_cipherSuite0 != established_cipherSuite0) ||
4362 (requested_cipherSuite != established_cipherSuite))
4363 err_sys("Mismatch between IDs of requested and established ciphers.");
4364 }
4365 }
4366 }
4367
4368#if defined(HAVE_OCSP) && !defined(NO_ASN_TIME)
4369#ifdef HAVE_STRFTIME
4370 {
4371 struct tm tm;
4372 char date[32];
4373 ret = wolfSSL_get_ocsp_producedDate_tm(ssl, &tm);
4374 if ((ret == 0) && (strftime(date, sizeof date, "%Y-%m-%d %H:%M:%S %z", &tm) > 0))
4375 printf("OCSP response timestamp: %s\n", date);
4376 }
4377#else
4378 {
4379 byte date[MAX_DATE_SIZE];
4380 int asn_date_format;
4381 ret = wolfSSL_get_ocsp_producedDate(ssl, date, sizeof date, &asn_date_format);
4382 if (ret == 0)
4383 printf("OCSP response timestamp: %s (ASN.1 type %d)\n", (char *)date, asn_date_format);
4384 }
4385#endif
4386#endif
4387
4388#if defined(OPENSSL_EXTRA) || defined(HAVE_SECRET_CALLBACK)
4389 printf("Session timeout set to %ld seconds\n", wolfSSL_get_timeout(ssl));
4390 {
4391 byte* rnd;
4392 byte* pt;
4393 size_t size;
4394
4395 /* get size of buffer then print */
4396 size = wolfSSL_get_client_random(NULL, NULL, 0);
4397 if (size == 0) {
4398 wolfSSL_free(ssl); ssl = NULL;
4399 CloseSocket(sockfd);
4400 wolfSSL_CTX_free(ctx); ctx = NULL;
4401 err_sys("error getting client random buffer size");
4402 }
4403
4404 rnd = (byte*)XMALLOC(size, NULL, DYNAMIC_TYPE_TMP_BUFFER);
4405 if (rnd == NULL) {
4406 wolfSSL_free(ssl); ssl = NULL;
4407 CloseSocket(sockfd);
4408 wolfSSL_CTX_free(ctx); ctx = NULL;
4409 err_sys("error creating client random buffer");
4410 }
4411
4412 size = wolfSSL_get_client_random(ssl, rnd, size);
4413 if (size == 0) {
4414 XFREE(rnd, NULL, DYNAMIC_TYPE_TMP_BUFFER);
4415 wolfSSL_free(ssl); ssl = NULL;
4416 CloseSocket(sockfd);
4417 wolfSSL_CTX_free(ctx); ctx = NULL;
4418 err_sys("error getting client random buffer");
4419 }
4420
4421 printf("Client Random : ");
4422 for (pt = rnd; pt < rnd + size; pt++) printf("%02X", *pt);
4423 printf("\n");
4424 XFREE(rnd, NULL, DYNAMIC_TYPE_TMP_BUFFER);
4425
4426 }
4427#endif
4428
4429#if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && (defined(HAVE_STUNNEL) || \
4430 defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY) || \
4431 defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_OPENSSH)))
4432#if !defined(NO_SESSION_CACHE) && \
4433 (defined(HAVE_SESSION_TICKET) || defined(SESSION_CERTS)) && \
4434 !defined(NO_FILESYSTEM)
4435 #ifndef NO_BIO
4436 /* print out session to stdout */
4437 {
4438 WOLFSSL_BIO* bio = wolfSSL_BIO_new_fp(stdout, WOLFSSL_BIO_NOCLOSE);
4439 if (bio != NULL) {
4440 if (wolfSSL_SESSION_print(bio, wolfSSL_get_session(ssl)) !=
4441 WOLFSSL_SUCCESS) {
4442 wolfSSL_BIO_printf(bio, "BIO error printing session\n");
4443 }
4444 }
4445 wolfSSL_BIO_free(bio);
4446 }
4447 #endif /* !NO_BIO */
4448#endif
4449#endif
4450
4451 if (doSTARTTLS && starttlsProt != NULL) {
4452 if (XSTRCMP(starttlsProt, "smtp") == 0) {
4453 if (SMTP_Shutdown(ssl, wc_shutdown) != WOLFSSL_SUCCESS) {
4454 wolfSSL_free(ssl); ssl = NULL;
4455 CloseSocket(sockfd);
4456 wolfSSL_CTX_free(ctx); ctx = NULL;
4457 err_sys("error closing STARTTLS connection");
4458 }
4459 }
4460
4461 wolfSSL_free(ssl); ssl = NULL;
4462 CloseSocket(sockfd);
4463
4464 wolfSSL_CTX_free(ctx); ctx = NULL;
4465
4466 ((func_args*)args)->return_code = 0;
4467 WOLFSSL_RETURN_FROM_THREAD(0);
4468 }
4469
4470#ifdef HAVE_ALPN
4471 if (alpnList != NULL) {
4472 char *protocol_name = NULL;
4473 word16 protocol_nameSz = 0;
4474
4475 err = wolfSSL_ALPN_GetProtocol(ssl, &protocol_name, &protocol_nameSz);
4476 if (err == WOLFSSL_SUCCESS)
4477 printf("Received ALPN protocol : %s (%d)\n",
4478 protocol_name, protocol_nameSz);
4479 else if (err == WC_NO_ERR_TRACE(WOLFSSL_ALPN_NOT_FOUND))
4480 printf("No ALPN response received (no match with server)\n");
4481 else
4482 printf("Getting ALPN protocol name failed\n");
4483 }
4484#endif
4485
4486#ifdef WOLFSSL_DTLS_CID
4487 if (useDtlsCID && wolfSSL_dtls_cid_is_enabled(ssl)) {
4488 unsigned char receivedCID[DTLS_CID_BUFFER_SIZE];
4489 unsigned int receivedCIDSz;
4490
4491 printf("CID extension was negotiated\n");
4492 ret = wolfSSL_dtls_cid_get_tx_size(ssl, &receivedCIDSz);
4493 if (ret == WOLFSSL_SUCCESS && receivedCIDSz > 0) {
4494 ret = wolfSSL_dtls_cid_get_tx(ssl, receivedCID,
4495 DTLS_CID_BUFFER_SIZE - 1);
4496 if (ret != WOLFSSL_SUCCESS)
4497 err_sys("Can't get negotiated DTLS CID\n");
4498
4499 printf("Sending CID is ");
4500 printBuffer(receivedCID, receivedCIDSz);
4501 printf("\n");
4502 }
4503 else {
4504 printf("other peer provided empty CID\n");
4505 }
4506 }
4507#endif /* WOLFSSL_DTLS_CID */
4508
4509#ifdef HAVE_SECURE_RENEGOTIATION
4510 if (scr && forceScr) {
4511 if (nonBlocking) {
4512 if (!resumeScr) {
4513 if (wolfSSL_Rehandshake(ssl) != WOLFSSL_SUCCESS) {
4514 err = wolfSSL_get_error(ssl, 0);
4515 if (err == WOLFSSL_ERROR_WANT_READ ||
4516 err == WOLFSSL_ERROR_WANT_WRITE) {
4517 if (scrAppData) {
4518 ret = ClientWrite(ssl,
4519 "msg sent during renegotiation",
4520 sizeof("msg sent during renegotiation") - 1,
4521 "", 1);
4522 }
4523 else {
4524 ret = 0;
4525 }
4526 if (ret != 0) {
4527 ret = WOLFSSL_FAILURE;
4528 }
4529 else {
4530 do {
4531 #ifdef WOLFSSL_ASYNC_CRYPT
4532 if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
4533 ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
4534 if (ret < 0) break;
4535 }
4536 #endif
4537 if (err == WC_NO_ERR_TRACE(APP_DATA_READY)) {
4538 if (wolfSSL_read(ssl, reply,
4539 sizeof(reply)-1) < 0) {
4540 err_sys("APP DATA should be present "
4541 "but error returned");
4542 }
4543 printf("Received message during "
4544 "renegotiation: %s\n", reply);
4545 }
4546 err = 0;
4547 if ((ret = wolfSSL_connect(ssl))
4548 != WOLFSSL_SUCCESS) {
4549 err = wolfSSL_get_error(ssl, ret);
4550 }
4551 } while (ret != WOLFSSL_SUCCESS &&
4552 (err == WOLFSSL_ERROR_WANT_READ ||
4553 err == WOLFSSL_ERROR_WANT_WRITE ||
4554 err == WC_NO_ERR_TRACE(APP_DATA_READY) ||
4555 err == WC_NO_ERR_TRACE(WC_PENDING_E)));
4556 }
4557
4558 if (ret == WOLFSSL_SUCCESS) {
4559 printf("NON-BLOCKING RENEGOTIATION SUCCESSFUL\n");
4560 }
4561 }
4562 if (ret != WOLFSSL_SUCCESS) {
4563 err = wolfSSL_get_error(ssl, 0);
4564 LOG_ERROR("wolfSSL_Rehandshake error %d, %s\n", err,
4565 wolfSSL_ERR_error_string(err, buffer));
4566 wolfSSL_free(ssl); ssl = NULL;
4567 CloseSocket(sockfd);
4568 wolfSSL_CTX_free(ctx); ctx = NULL;
4569 err_sys("non-blocking wolfSSL_Rehandshake failed");
4570 }
4571 }
4572 }
4573 else {
4574 LOG_ERROR("not doing secure resumption with non-blocking");
4575 }
4576 } else {
4577 if (!resumeScr) {
4578 printf("Beginning secure renegotiation.\n");
4579 if ((ret = wolfSSL_Rehandshake(ssl)) != WOLFSSL_SUCCESS) {
4580 err = wolfSSL_get_error(ssl, 0);
4581#ifdef WOLFSSL_ASYNC_CRYPT
4582 while (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
4583 err = 0;
4584 ret = wolfSSL_negotiate(ssl);
4585 if (ret != WOLFSSL_SUCCESS) {
4586 err = wolfSSL_get_error(ssl, 0);
4587 if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
4588 ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
4589 if (ret < 0) break;
4590 }
4591 }
4592 }
4593#endif
4594 if (ret != WOLFSSL_SUCCESS) {
4595 printf("err = %d, %s\n", err,
4596 wolfSSL_ERR_error_string(err, buffer));
4597 wolfSSL_free(ssl); ssl = NULL;
4598 CloseSocket(sockfd);
4599 wolfSSL_CTX_free(ctx); ctx = NULL;
4600 err_sys("wolfSSL_Rehandshake failed");
4601 }
4602 }
4603 else {
4604 printf("RENEGOTIATION SUCCESSFUL\n");
4605 }
4606 }
4607 else {
4608 printf("Beginning secure resumption.\n");
4609 if ((ret = wolfSSL_SecureResume(ssl)) != WOLFSSL_SUCCESS) {
4610 err = wolfSSL_get_error(ssl, 0);
4611#ifdef WOLFSSL_ASYNC_CRYPT
4612 while (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
4613 err = 0;
4614 ret = wolfSSL_negotiate(ssl);
4615 if (ret != WOLFSSL_SUCCESS) {
4616 err = wolfSSL_get_error(ssl, 0);
4617 if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
4618 ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
4619 if (ret < 0) break;
4620 }
4621 }
4622 }
4623#endif
4624 if (ret != WOLFSSL_SUCCESS) {
4625 printf("err = %d, %s\n", err,
4626 wolfSSL_ERR_error_string(err, buffer));
4627 wolfSSL_free(ssl); ssl = NULL;
4628 CloseSocket(sockfd);
4629 wolfSSL_CTX_free(ctx); ctx = NULL;
4630 err_sys("wolfSSL_SecureResume failed");
4631 }
4632 }
4633 else {
4634 printf("SECURE RESUMPTION SUCCESSFUL\n");
4635 }
4636 }
4637 }
4638 }
4639#endif /* HAVE_SECURE_RENEGOTIATION */
4640
4641 XMEMSET(msg, 0, sizeof(msg));
4642 if (sendGET) {
4643 printf("SSL connect ok, sending GET...\n");
4644
4645 msgSz = (int)XSTRLEN(kHttpGetMsg);
4646 XMEMCPY(msg, kHttpGetMsg, (size_t)msgSz);
4647 }
4648 else {
4649 msgSz = (int)XSTRLEN(kHelloMsg);
4650 XMEMCPY(msg, kHelloMsg, (size_t)msgSz);
4651 }
4652
4653/* allow some time for exporting the session */
4654#ifdef WOLFSSL_SESSION_EXPORT_DEBUG
4655 TEST_DELAY();
4656#endif /* WOLFSSL_SESSION_EXPORT_DEBUG */
4657
4658#ifdef WOLFSSL_SRTP
4659 if (dtlsSrtpProfiles != NULL) {
4660 err = client_srtp_test(ssl, (func_args*)args);
4661 if (err != 0) {
4662 if (exitWithRet) {
4663 ((func_args*)args)->return_code = err;
4664 wolfSSL_free(ssl); ssl = NULL;
4665 CloseSocket(sockfd);
4666 wolfSSL_CTX_free(ctx); ctx = NULL;
4667 goto exit;
4668 }
4669 /* else */
4670 err_sys("SRTP check failed");
4671 }
4672 }
4673#endif /* WOLFSSL_SRTP */
4674
4675#ifdef WOLFSSL_TLS13
4676 if (updateKeysIVs)
4677 wolfSSL_update_keys(ssl);
4678#endif
4679
4680 err = ClientWriteRead(ssl, msg, msgSz, reply, sizeof(reply)-1, 1, "",
4681 exitWithRet);
4682 if (exitWithRet && (err != 0)) {
4683 ((func_args*)args)->return_code = err;
4684 wolfSSL_free(ssl); ssl = NULL;
4685 CloseSocket(sockfd);
4686 wolfSSL_CTX_free(ctx); ctx = NULL;
4687 goto exit;
4688 }
4689
4690#if defined(WOLFSSL_TLS13)
4691 if (updateKeysIVs || postHandAuth)
4692 (void)ClientWrite(ssl, msg, msgSz, "", 0);
4693#endif
4694
4695#if defined(HAVE_SESSION_TICKET)
4696 while (waitTicket == 1) {
4697 unsigned char ticketBuf[SESSION_TICKET_LEN];
4698 int zeroReturn = 0;
4699 word32 size;
4700
4701 (void)zeroReturn;
4702 size = sizeof(ticketBuf);
4703 err = wolfSSL_get_SessionTicket(ssl, ticketBuf, &size);
4704 if (err < 0)
4705 err_sys("wolfSSL_get_SessionTicket failed");
4706
4707 if (size == 0) {
4708 err = process_handshake_messages(ssl, !nonBlocking, &zeroReturn);
4709 if (err < 0)
4710 err_sys("error waiting for session ticket ");
4711 }
4712 else {
4713 waitTicket = 0;
4714 }
4715 }
4716#endif
4717
4718#ifndef NO_SESSION_CACHE
4719 if (resumeSession) {
4720 session = wolfSSL_get1_session(ssl);
4721 }
4722#endif
4723
4724#if !defined(NO_SESSION_CACHE) && (defined(OPENSSL_EXTRA) || \
4725 defined(HAVE_EXT_CACHE))
4726 if (session != NULL && resumeSession) {
4727 flatSessionSz = wolfSSL_i2d_SSL_SESSION(session, NULL);
4728 if (flatSessionSz != 0) {
4729 int checkSz = wolfSSL_i2d_SSL_SESSION(session, &flatSession);
4730 if (flatSession == NULL)
4731 err_sys("error creating flattened session buffer");
4732 if (checkSz != flatSessionSz) {
4733 XFREE(flatSession, NULL, DYNAMIC_TYPE_TMP_BUFFER);
4734 err_sys("flat session size check failure");
4735 }
4736 /* using heap based flat session, free original session */
4737 wolfSSL_SESSION_free(session);
4738 session = NULL;
4739 }
4740 }
4741#endif
4742
4743 ret = wolfSSL_shutdown(ssl);
4744 if (wc_shutdown && ret == WC_NO_ERR_TRACE(WOLFSSL_SHUTDOWN_NOT_DONE)) {
4745 while (tcp_select(wolfSSL_get_fd(ssl), DEFAULT_TIMEOUT_SEC) ==
4746 TEST_RECV_READY) {
4747 ret = wolfSSL_shutdown(ssl); /* bidirectional shutdown */
4748 if (ret == WOLFSSL_SUCCESS) {
4749 printf("Bidirectional shutdown complete\n");
4750 break;
4751 }
4752 else if (ret != WC_NO_ERR_TRACE(WOLFSSL_SHUTDOWN_NOT_DONE)) {
4753 LOG_ERROR("Bidirectional shutdown failed\n");
4754 break;
4755 }
4756 }
4757 if (ret != WOLFSSL_SUCCESS)
4758 LOG_ERROR("Bidirectional shutdown failed\n");
4759 }
4760#if defined(ATOMIC_USER) && !defined(WOLFSSL_AEAD_ONLY)
4761 if (atomicUser)
4762 FreeAtomicUser(ssl);
4763#endif
4764
4765 /* display collected statistics */
4766#if defined(WOLFSSL_STATIC_MEMORY) && !defined(WOLFSSL_STATIC_MEMORY_LEAN)
4767 if (wolfSSL_is_static_memory(ssl, &ssl_stats) != 1)
4768 err_sys("static memory was not used with ssl");
4769
4770 LOG_ERROR("\nprint off SSL memory stats\n");
4771 LOG_ERROR("*** This is memory state before wolfSSL_free is called\n");
4772 wolfSSL_PrintStatsConn(&ssl_stats);
4773#endif
4774
4775 wolfSSL_free(ssl); ssl = NULL;
4776 CloseSocket(sockfd);
4777
4778#ifndef NO_SESSION_CACHE
4779 if (resumeSession) {
4780 sslResume = wolfSSL_new(ctx);
4781 if (sslResume == NULL) {
4782 wolfSSL_CTX_free(ctx); ctx = NULL;
4783 err_sys("unable to get SSL object");
4784 }
4785
4786#if !defined(NO_DH) && !defined(WOLFSSL_OLD_PRIME_CHECK) && \
4787 !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
4788 if (!doDhKeyCheck)
4789 wolfSSL_SetEnableDhKeyTest(sslResume, 0);
4790#endif
4791#ifdef HAVE_PK_CALLBACKS
4792 if (pkCallbacks) {
4793 SetupPkCallbackContexts(sslResume, &pkCbInfo);
4794 }
4795#endif
4796
4797 if (dtlsUDP) {
4798 TEST_DELAY();
4799 }
4800 tcp_connect(&sockfd, host, port, dtlsUDP, dtlsSCTP, sslResume);
4801 if (wolfSSL_set_fd(sslResume, sockfd) != WOLFSSL_SUCCESS) {
4802 wolfSSL_free(sslResume); sslResume = NULL;
4803 CloseSocket(sockfd);
4804 wolfSSL_CTX_free(ctx); ctx = NULL;
4805 err_sys("error in setting fd");
4806 }
4807 if (simulateWantWrite) {
4808 if (dtlsUDP) {
4809 wolfSSL_SetIOWriteCtx(ssl, (void*)&sockfd);
4810 udp_connect(&sockfd, host, port);
4811 }
4812 }
4813#ifdef HAVE_ALPN
4814 if (alpnList != NULL) {
4815 printf("ALPN accepted protocols list : %s\n", alpnList);
4816 wolfSSL_UseALPN(sslResume, alpnList, (word32)XSTRLEN(alpnList),
4817 alpn_opt);
4818 }
4819#endif
4820#ifdef HAVE_SECURE_RENEGOTIATION
4821 if (scr) {
4822 if (wolfSSL_UseSecureRenegotiation(sslResume) != WOLFSSL_SUCCESS) {
4823 wolfSSL_free(sslResume); sslResume = NULL;
4824 CloseSocket(sockfd);
4825 wolfSSL_CTX_free(ctx); ctx = NULL;
4826 err_sys("can't enable secure renegotiation");
4827 }
4828 }
4829#endif
4830
4831#if !defined(NO_SESSION_CACHE) && (defined(OPENSSL_EXTRA) || \
4832 defined(HAVE_EXT_CACHE))
4833 if (flatSession) {
4834 const byte* constFlatSession = flatSession;
4835 session = wolfSSL_d2i_SSL_SESSION(NULL,
4836 &constFlatSession, flatSessionSz);
4837 }
4838#endif
4839
4840 wolfSSL_set_session(sslResume, session);
4841
4842#if !defined(NO_SESSION_CACHE) && (defined(OPENSSL_EXTRA) || \
4843 defined(HAVE_EXT_CACHE))
4844 XFREE(flatSession, NULL, DYNAMIC_TYPE_TMP_BUFFER);
4845#endif
4846 wolfSSL_SESSION_free(session);
4847 session = NULL;
4848
4849#ifdef HAVE_SESSION_TICKET
4850 wolfSSL_set_SessionTicket_cb(sslResume, sessionTicketCB,
4851 (void*)"resumed session");
4852#endif
4853
4854#ifndef WOLFSSL_CALLBACKS
4855 if (nonBlocking) {
4856#ifdef WOLFSSL_DTLS
4857 if (doDTLS) {
4858 wolfSSL_dtls_set_using_nonblock(sslResume, 1);
4859 }
4860#endif
4861 tcp_set_nonblocking(&sockfd);
4862 ret = NonBlockingSSL_Connect(sslResume);
4863 }
4864 else {
4865 #ifdef WOLFSSL_EARLY_DATA
4866 #ifndef HAVE_SESSION_TICKET
4867 if (!usePsk) {
4868 }
4869 else
4870 #endif
4871 if (earlyData) {
4872 EarlyData(ctx, sslResume, kEarlyMsg, sizeof(kEarlyMsg)-1, buffer);
4873 }
4874 #endif
4875 do {
4876 err = 0; /* reset error */
4877 ret = wolfSSL_connect(sslResume);
4878 if (ret != WOLFSSL_SUCCESS) {
4879 err = wolfSSL_get_error(sslResume, 0);
4880 #ifdef WOLFSSL_ASYNC_CRYPT
4881 if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
4882 ret = wolfSSL_AsyncPoll(sslResume,
4883 WOLF_POLL_FLAG_CHECK_HW);
4884 if (ret < 0) break;
4885 }
4886 #endif
4887 }
4888 } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
4889 }
4890#else
4891 timeoutConnect.tv_sec = DEFAULT_TIMEOUT_SEC;
4892 timeoutConnect.tv_usec = 0;
4893 ret = NonBlockingSSL_Connect(sslResume); /* will keep retrying on timeout */
4894#endif
4895 if (ret != WOLFSSL_SUCCESS) {
4896 err = wolfSSL_get_error(sslResume, 0);
4897 LOG_ERROR("wolfSSL_connect resume error %d, %s\n", err,
4898 wolfSSL_ERR_error_string((unsigned long)err, buffer));
4899 wolfSSL_free(sslResume); sslResume = NULL;
4900 CloseSocket(sockfd);
4901 wolfSSL_CTX_free(ctx); ctx = NULL;
4902 err_sys("wolfSSL_connect resume failed");
4903 }
4904
4905 showPeerEx(sslResume, lng_index);
4906 showPeerPEM(sslResume);
4907
4908 if (wolfSSL_session_reused(sslResume))
4909 printf("reused session id\n");
4910 else
4911 LOG_ERROR("didn't reuse session id!!!\n");
4912
4913#ifdef HAVE_ALPN
4914 if (alpnList != NULL) {
4915 char *protocol_name = NULL;
4916 word16 protocol_nameSz = 0;
4917
4918 printf("Sending ALPN accepted list : %s\n", alpnList);
4919 err = wolfSSL_ALPN_GetProtocol(sslResume, &protocol_name,
4920 &protocol_nameSz);
4921 if (err == WOLFSSL_SUCCESS)
4922 printf("Received ALPN protocol : %s (%d)\n",
4923 protocol_name, protocol_nameSz);
4924 else if (err == WC_NO_ERR_TRACE(WOLFSSL_ALPN_NOT_FOUND))
4925 printf("Not received ALPN response (no match with server)\n");
4926 else
4927 printf("Getting ALPN protocol name failed\n");
4928 }
4929#endif
4930
4931 /* allow some time for exporting the session */
4932 #ifdef WOLFSSL_SESSION_EXPORT_DEBUG
4933 TEST_DELAY();
4934 #endif /* WOLFSSL_SESSION_EXPORT_DEBUG */
4935
4936#ifdef HAVE_SECURE_RENEGOTIATION
4937 if (scr && forceScr) {
4938 if (nonBlocking) {
4939 printf("not doing secure renegotiation on example with"
4940 " nonblocking yet\n");
4941 } else {
4942 if (!resumeScr) {
4943 printf("Beginning secure renegotiation.\n");
4944 if (wolfSSL_Rehandshake(sslResume) != WOLFSSL_SUCCESS) {
4945 err = wolfSSL_get_error(sslResume, 0);
4946 LOG_ERROR("err = %d, %s\n", err,
4947 wolfSSL_ERR_error_string(err, buffer));
4948 wolfSSL_free(sslResume); sslResume = NULL;
4949 CloseSocket(sockfd);
4950 wolfSSL_CTX_free(ctx); ctx = NULL;
4951 err_sys("wolfSSL_Rehandshake failed");
4952 }
4953 else {
4954 printf("RENEGOTIATION SUCCESSFUL\n");
4955 }
4956 }
4957 else {
4958 printf("Beginning secure resumption.\n");
4959 if (wolfSSL_SecureResume(sslResume) != WOLFSSL_SUCCESS) {
4960 err = wolfSSL_get_error(sslResume, 0);
4961 LOG_ERROR("err = %d, %s\n", err,
4962 wolfSSL_ERR_error_string(err, buffer));
4963 wolfSSL_free(sslResume); sslResume = NULL;
4964 CloseSocket(sockfd);
4965 wolfSSL_CTX_free(ctx); ctx = NULL;
4966 err_sys("wolfSSL_SecureResume failed");
4967 }
4968 else {
4969 printf("SECURE RESUMPTION SUCCESSFUL\n");
4970 }
4971 }
4972 }
4973 }
4974#endif /* HAVE_SECURE_RENEGOTIATION */
4975
4976 XMEMSET(msg, 0, sizeof(msg));
4977 if (sendGET) {
4978 msgSz = (int)XSTRLEN(kHttpGetMsg);
4979 XMEMCPY(msg, kHttpGetMsg, (size_t)msgSz);
4980 }
4981 else {
4982 msgSz = (int)XSTRLEN(kResumeMsg);
4983 XMEMCPY(msg, kResumeMsg, (size_t)msgSz);
4984 }
4985
4986 (void)ClientWriteRead(sslResume, msg, msgSz, reply, sizeof(reply)-1,
4987 sendGET, " resume", 0);
4988
4989 ret = wolfSSL_shutdown(sslResume);
4990 if (wc_shutdown && ret == WC_NO_ERR_TRACE(WOLFSSL_SHUTDOWN_NOT_DONE))
4991 wolfSSL_shutdown(sslResume); /* bidirectional shutdown */
4992
4993 /* display collected statistics */
4994 #if defined(WOLFSSL_STATIC_MEMORY) && !defined(WOLFSSL_STATIC_MEMORY_LEAN)
4995 if (wolfSSL_is_static_memory(sslResume, &ssl_stats) != 1)
4996 err_sys("static memory was not used with ssl");
4997
4998 LOG_ERROR("\nprint off SSLresume memory stats\n");
4999 LOG_ERROR("*** This is memory state before wolfSSL_free is called\n");
5000 wolfSSL_PrintStatsConn(&ssl_stats);
5001 #endif
5002
5003 wolfSSL_free(sslResume); sslResume = NULL;
5004 CloseSocket(sockfd);
5005 }
5006#endif /* !NO_SESSION_CACHE */
5007
5008 wolfSSL_CTX_free(ctx); ctx = NULL;
5009
5010 ((func_args*)args)->return_code = 0;
5011
5012exit:
5013
5014#ifdef WOLFSSL_WOLFSENTRY_HOOKS
5015 wolfsentry_ret =
5016 wolfsentry_shutdown(WOLFSENTRY_CONTEXT_ARGS_OUT_EX4(&wolfsentry, NULL));
5017 if (wolfsentry_ret < 0) {
5018 LOG_ERROR(
5019 "wolfsentry_shutdown() returned " WOLFSENTRY_ERROR_FMT "\n",
5020 WOLFSENTRY_ERROR_FMT_ARGS(wolfsentry_ret));
5021 }
5022#endif
5023
5024#ifdef WOLFSSL_ASYNC_CRYPT
5025 wolfAsync_DevClose(&devId);
5026#endif
5027
5028#if defined(HAVE_ECC) && defined(FP_ECC) && defined(HAVE_THREAD_LS) \
5029 && defined(HAVE_STACK_SIZE)
5030 wc_ecc_fp_free(); /* free per thread cache */
5031#endif
5032
5033 /* There are use cases when these assignments are not read. To avoid
5034 * potential confusion those warnings have been handled here.
5035 */
5036 (void) useClientCert;
5037 (void) verifyCert;
5038 (void) ourCert;
5039 (void) ourKey;
5040 (void) useVerifyCb;
5041 (void) customVerifyCert;
5042
5043 WOLFSSL_RETURN_FROM_THREAD(0);
5044}
5045
5046#endif /* !NO_WOLFSSL_CLIENT && !NO_TLS */
5047
5048
5049/* so overall tests can pull in test function */
5050#ifndef NO_MAIN_DRIVER
5051
5052 int main(int argc, char** argv)
5053 {
5054 func_args args;
5055
5056 StartTCP();
5057
5058#if defined(WOLFSSL_SRTP) && defined(WOLFSSL_COND)
5059 args.srtp_helper = NULL;
5060#endif
5061 args.argc = argc;
5062 args.argv = argv;
5063 args.return_code = 0;
5064
5065#if defined(DEBUG_WOLFSSL) && !defined(WOLFSSL_MDK_SHELL) && !defined(STACK_TRAP)
5066 wolfSSL_Debugging_ON();
5067#endif
5068 wolfSSL_Init();
5069#ifdef WOLFSSL_SWDEV
5070 if (wc_SwDev_Init() != 0) {
5071 fprintf(stderr, "wc_SwDev_Init failed\n");
5072 return EXIT_FAILURE;
5073 }
5074#endif
5075 ChangeToWolfRoot();
5076
5077#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_TLS)
5078#ifdef HAVE_STACK_SIZE
5079 StackSizeCheck(&args, client_test);
5080#else
5081 client_test(&args);
5082#endif
5083#else
5084 fprintf(stderr, "Client not compiled in!\n");
5085#endif
5086#ifdef WOLFSSL_SWDEV
5087 wc_SwDev_Cleanup();
5088#endif
5089 wolfSSL_Cleanup();
5090
5091#ifdef HAVE_WNR
5092 if (wc_FreeNetRandom() < 0)
5093 err_sys("Failed to free netRandom context");
5094#endif /* HAVE_WNR */
5095
5096 return args.return_code;
5097 }
5098
5099 int myoptind = 0;
5100 char* myoptarg = NULL;
5101
5102#endif /* NO_MAIN_DRIVER */