Add example for TLS server with crypto callbacks.

Author: dgarske

tls/client-tls-cryptocb.c

@@ -47,12 +47,6 @@ typedef struct {
     int exampleVar; /* example, not used */
 } myCryptoCbCtx;
 
-static void error_out(char* msg, int err)
-{
-    printf("Failed at %s with code %d\n", msg, err);
-    exit(1);
-}
-
 
 /* Example crypto dev callback function that calls software version */
 /* This is where you would plug-in calls to your own hardware crypto */
@@ -386,19 +380,21 @@ int main(int argc, char** argv)
 {
     int                ret = 0;
 #ifdef WOLF_CRYPTO_CB
-    int                sockfd;
+    int                sockfd = SOCKET_INVALID;
     struct sockaddr_in servAddr;
     char               buff[256];
     size_t             len;
 
     /* declare wolfSSL objects */
-    WOLFSSL_CTX* ctx;
-    WOLFSSL*     ssl;
+    WOLFSSL_CTX* ctx = NULL;
+    WOLFSSL*     ssl = NULL;
+    WOLFSSL_CIPHER* cipher;
 
     int devId = 1; /* anything besides -2 (INVALID_DEVID) */
     myCryptoCbCtx myCtx;
 
     /* example data for callback */
+    memset(&myCtx, 0, sizeof(myCtx));
     myCtx.exampleVar = 1;
 
     /* Check for proper calling convention */
@@ -413,7 +409,7 @@ int main(int argc, char** argv)
     if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) == -1) {
         fprintf(stderr, "ERROR: failed to create the socket\n");
         ret = -1;
-        goto end;
+        goto exit;
     }
 
     /* Initialize the server address struct with zeros */
@@ -427,36 +423,46 @@ int main(int argc, char** argv)
     if (inet_pton(AF_INET, argv[1], &servAddr.sin_addr) != 1) {
         fprintf(stderr, "ERROR: invalid address\n");
         ret = -1;
-        goto end;
+        goto exit;
     }
 
     /* Connect to the server */
     if ((ret = connect(sockfd, (struct sockaddr*) &servAddr, sizeof(servAddr)))
          == -1) {
         fprintf(stderr, "ERROR: failed to connect\n");
-        goto end;
+        goto exit;
     }
 
+#if 0
+    wolfSSL_Debugging_ON();
+#endif
+
     /*---------------------------------*/
     /* Start of wolfSSL initialization and configuration */
     /*---------------------------------*/
     /* Initialize wolfSSL */
     if ((ret = wolfSSL_Init()) != WOLFSSL_SUCCESS) {
         fprintf(stderr, "ERROR: Failed to initialize the library\n");
-        goto socket_cleanup;
+        goto exit;
     }
 
     /* Create and initialize WOLFSSL_CTX */
-    if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL) {
+    if ((ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method())) == NULL) {
         fprintf(stderr, "ERROR: failed to create WOLFSSL_CTX\n");
         ret = -1;
-        goto socket_cleanup;
+        goto exit;
     }
 
+#if 0
+    wolfSSL_CTX_set_cipher_list(ctx, "TLS13-AES256-GCM-SHA384");
+#endif
+
     /* register a devID for crypto callbacks */
     ret = wc_CryptoCb_RegisterDevice(devId, myCryptoCb, &myCtx);
-    if (ret != 0)
-        error_out("wc_CryptoCb_RegisterDevice", ret);
+    if (ret != 0) {
+        fprintf(stderr, "ERROR: wc_CryptoCb_RegisterDevice failed %d\n", ret);
+        goto exit;
+    }
 
     /* register a devID for crypto callbacks */
     wolfSSL_CTX_SetDevId(ctx, devId);
@@ -466,69 +472,73 @@ int main(int argc, char** argv)
          != SSL_SUCCESS) {
         fprintf(stderr, "ERROR: failed to load %s, please check the file.\n",
                 CA_FILE);
-        goto ctx_cleanup;
+        goto exit;
     }
 
     /* Create a WOLFSSL object */
     if ((ssl = wolfSSL_new(ctx)) == NULL) {
         fprintf(stderr, "ERROR: failed to create WOLFSSL object\n");
         ret = -1;
-        goto ctx_cleanup;
+        goto exit;
     }
 
     /* Attach wolfSSL to the socket */
     if ((ret = wolfSSL_set_fd(ssl, sockfd)) != WOLFSSL_SUCCESS) {
         fprintf(stderr, "ERROR: Failed to set the file descriptor\n");
-        goto cleanup;
+        goto exit;
     }
 
     /* Connect to wolfSSL on the server side */
     if ((ret = wolfSSL_connect(ssl)) != SSL_SUCCESS) {
         fprintf(stderr, "ERROR: failed to connect to wolfSSL\n");
-        goto cleanup;
+        goto exit;
     }
 
+    cipher = wolfSSL_get_current_cipher(ssl);
+    printf("SSL cipher suite is %s\n", wolfSSL_CIPHER_get_name(cipher));
+
     /* Get a message for the server from stdin */
     printf("Message for server: ");
     memset(buff, 0, sizeof(buff));
     if (fgets(buff, sizeof(buff), stdin) == NULL) {
         fprintf(stderr, "ERROR: failed to get message for server\n");
         ret = -1;
-        goto cleanup;
+        goto exit;
     }
     len = strnlen(buff, sizeof(buff));
 
     /* Send the message to the server */
     if ((ret = wolfSSL_write(ssl, buff, len)) != len) {
         fprintf(stderr, "ERROR: failed to write entire message\n");
         fprintf(stderr, "%d bytes of %d bytes were sent", ret, (int) len);
-        goto cleanup;
+        goto exit;
     }
 
     /* Read the server data into our buff array */
     memset(buff, 0, sizeof(buff));
     if ((ret = wolfSSL_read(ssl, buff, sizeof(buff)-1)) == -1) {
         fprintf(stderr, "ERROR: failed to read\n");
-        goto cleanup;
+        goto exit;
     }
 
     /* Print to stdout any data the server sends */
     printf("Server: %s\n", buff);
 
-    ret = 0;
+    ret = 0; /* return success */
 
+exit:
     /* Cleanup and return */
-cleanup:
-    wolfSSL_free(ssl);      /* Free the wolfSSL object                  */
-ctx_cleanup:
-    wolfSSL_CTX_free(ctx);  /* Free the wolfSSL context object          */
+    if (sockfd != SOCKET_INVALID)
+        close(sockfd);          /* Close the connection to the server       */
+    if (ssl != NULL)
+        wolfSSL_free(ssl);      /* Free the wolfSSL object                  */
+    if (ctx != NULL)
+        wolfSSL_CTX_free(ctx);  /* Free the wolfSSL context object          */
     wolfSSL_Cleanup();      /* Cleanup the wolfSSL environment          */
-socket_cleanup:
-    close(sockfd);          /* Close the connection to the server       */
-end:
 
 #else
     printf("Please configure wolfSSL with --enable-cryptocb and try again\n");
 #endif /* WOLF_CRYPTO_CB */
-    return ret;               /* Return reporting a success               */
+
+    return ret;
 }