1

(6 replies, posted in wolfSSL)

Thanks for the answer!
I think you're right: better wait for the release.

2

(6 replies, posted in wolfSSL)

Are there any live ones here?

3

(6 replies, posted in wolfSSL)

?

4

(6 replies, posted in wolfSSL)

Thank you for answer!
Now I study WolfSLL at home by myself and see it as a replacement for OpenSSL (in Qt).
I want to write some simple programs on my own to understand how to work with WolfSSL.

If you would like further instruction on how to build wolfSSL with Qt to test in your application, please let us know and we can provide more information.

Yes, provide more information, please.

5

(6 replies, posted in wolfSSL)

Hello everyone!
I was write a simple SSL-client/server in Visual Studio, using WolfSSL. It work fine.

For now I try to write a simple SSL server, using Qt and based on QTcpServer.
But I didn't find any information about WolfSSL + Qt.
There is source code:
SslServer.h

#ifndef SSLSERVER_H
#define SSLSERVER_H

#include <QTcpServer>

#define WC_NO_HARDEN
#include <wolfssl/ssl.h>

#define CERT_SERVER_CERT "Certs\\server-cert.pem"
#define CERT_SERVER_KEY  "Certs\\server-key.pem"
#define CERT_SERVER_DH   "Certs\\dh2048.pem"

class SslServer : public QTcpServer
{
    Q_OBJECT

public:
    explicit SslServer(QObject* parent = nullptr);
    virtual ~SslServer() override;

protected:
    virtual void incomingConnection(qintptr socketDescriptor) override final;

private:
    WOLFSSL_CTX* m_CTX;
};

#endif // SSLSERVER_H

SslServer.cpp

#include "SslServer.h"
#include "SslSocket.h"
#include <QDebug>

#pragma comment(lib, "ws2_32.lib")
#pragma comment(lib, "AdvAPI32.lib")

SslServer::SslServer(QObject* parent) :
    QTcpServer(parent),
    m_CTX(nullptr)
{
    WSADATA wsa_data = { 0 };
    WSAStartup(MAKEWORD(2, 0), &wsa_data);

    wolfSSL_Init();

    m_CTX = wolfSSL_CTX_new(wolfTLSv1_2_server_method());
    if (m_CTX)
    {
        if (wolfSSL_CTX_use_certificate_file(m_CTX, CERT_SERVER_CERT, SSL_FILETYPE_PEM) == SSL_SUCCESS)
        {
            if (wolfSSL_CTX_use_PrivateKey_file(m_CTX, CERT_SERVER_KEY, SSL_FILETYPE_PEM) == SSL_SUCCESS)
            {
                if (wolfSSL_CTX_SetTmpDH_file(m_CTX, CERT_SERVER_DH, SSL_FILETYPE_PEM) == SSL_SUCCESS)
                {
                    qDebug() << "SslServer::SslServer -> init SSL is OK";
                }
            }
        }
    }
}

SslServer::~SslServer()
{
    if (m_CTX)
    {
        wolfSSL_CTX_free(m_CTX);
        m_CTX = nullptr;
    }

    wolfSSL_Cleanup();
    WSACleanup();
}

void SslServer::incomingConnection(qintptr socketDescriptor)
{
    qDebug() << "SslServer::incomingConnection";

    SslSocket* sock = new SslSocket(this);

    WOLFSSL* ssl = wolfSSL_new(m_CTX);
    if (ssl)
    {
        wolfSSL_set_fd(ssl, socketDescriptor);

        for (;;)
        {
            // loop because accept didn't work immediately
            int r = wolfSSL_accept(ssl);
            if (r == -1)
            {
                r = wolfSSL_get_error(ssl, r);
                if (r == SSL_ERROR_WANT_READ)
                {
                    Sleep(10);
                    continue;
                }
            }

            break;
        }

        sock->setSocketDescriptor(socketDescriptor);
        sock->SetSSL(ssl);
        qDebug() << "SslServer::incomingConnection -> make SSL socket";
    }

    this->addPendingConnection(sock);
}

Then I was write SSLSocket
There is source code:
SslSocket.h

#ifndef SslSocket_H
#define SslSocket_H

#include <QTcpSocket>

#define WC_NO_HARDEN
#include <wolfssl/ssl.h>

class SslSocket : public QTcpSocket
{
    Q_OBJECT

public:
    explicit SslSocket(QObject* parent = nullptr);
    virtual ~SslSocket() override;

    void SetSSL(WOLFSSL* ssl);

    qint64     read(char* data, qint64 maxlen);
    QByteArray read(qint64 maxlen);
    qint64     write(const char* data, qint64 len);
    
private:
    WOLFSSL* m_SSL;
};

#endif // SslSocket_H

SslSocket.cpp

#include "SslSocket.h"
#include <QDebug>

SslSocket::SslSocket(QObject* parent) :
    QTcpSocket(parent),
    m_SSL(nullptr)
{
}

SslSocket::~SslSocket()
{
    if (m_SSL)
    {
        wolfSSL_shutdown(m_SSL);
        wolfSSL_free(m_SSL);
        m_SSL = nullptr;
    }
}

void SslSocket::SetSSL(WOLFSSL* ssl)
{
    m_SSL = ssl;
}

qint64 SslSocket::read(char* data, qint64 maxlen)
{
    qDebug() << "SslSocket::read 1";
    if (m_SSL && data && maxlen > 0)
    {
        return wolfSSL_read(m_SSL, data, maxlen);
    }

    return 0;
}

QByteArray SslSocket::read(qint64 maxlen)
{
    QByteArray data;

    qDebug() << "SslSocket::read 2, SSL = " << m_SSL;
    if (m_SSL && maxlen > 0)
    {
        data.resize(maxlen);

        maxlen = wolfSSL_read(m_SSL, (void*)data.data(), maxlen);
        if (maxlen > 0)
        {
            data.resize(maxlen);
        }
        else
        {
            data.clear();
        }
    }

    return std::move(data);
}

qint64 SslSocket::write(const char* data, qint64 len)
{
    qDebug() << "SslSocket::write";
    if (m_SSL && data && len > 0)
    {
        return wolfSSL_write(m_SSL, data, len);
    }

    return 0;
}

Server listen port and accept connections is fine.
But a have a problem to receive data from client at this line:

maxlen = wolfSSL_read(m_SSL, (void*)data.data(), maxlen);

Function wolfSSL_read return -1, but method bytesAvailable() in SSLSocket say to there is data to read in socket.

What I do wrong?
How a correct receive data over WolfSSL in Qt?
Thank you!

6

(10 replies, posted in wolfSSL)

I' use as example this source code:
https://github.com/wolfSSL/wolfssl-exam … ls-ecdhe.c

But function wolfSSL_CTX_use_certificate_file() return error while trying parse file server-ecc.pem from WolfSSL library.
I looked inside this function, it's open and read file, but there is some error while parsing.

7

(10 replies, posted in wolfSSL)

Don't understand, what I'm doing wrong...
Please, look at my source code, I post it down here.
On server side, function wolfSSL_accept return error, after function wolfSSL_connect at client side.

Also don't understand how to work with cipher's and certificate's, with functions wolfSSL_CTX_set_cipher_list and wolfSSL_CTX_SetTmpDH.

I was readed manuals, looked samples, but still cannot make it work...

Can you fix my source code, please?
Tell me, please, what I'm doing wrong?

There is simple echo client-server:
SERVER

#include <iostream>
#include <string>
#include <algorithm>
#include <conio.h>
#include <wolfssl/ssl.h>

#define CERT_SERVER_PATH "Certs/server-cert.pem"
#define KEY_SERVER_PATH "Certs/server-key.pem"
#define PORT 1234

#define Assert(expr) _ASSERT_EXPR((expr), _CRT_WIDE(#expr))

#define _WINSOCKAPI_
#include <Windows.h>

#include <winsock2.h>
#pragma comment(lib, "ws2_32.lib")

void Exit(WOLFSSL* ssl)
{
    std::string err_str(80, 0);

    int err = wolfSSL_get_error(ssl, 0);
    wolfSSL_ERR_error_string(err, &err_str[0]);

    std::cerr << err_str << "\n";
    Assert(false && "Error");
    exit(-1);
}

WOLFSSL_CTX* Init()
{
    WSADATA wsa_data;
    WORD version;

    version = MAKEWORD(2, 0);
    WSAStartup(version, &wsa_data);

    wolfSSL_Init();

    auto ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method());

    const char* cipher_list = "DHE-RSA-AES128-SHA256";
    if (wolfSSL_CTX_set_cipher_list(ctx, cipher_list) != SSL_SUCCESS)
        Exit(nullptr);

    return ctx;
}

void LoadCerts(WOLFSSL_CTX* ctx)
{
    if (wolfSSL_CTX_use_certificate_file(ctx, CERT_SERVER_PATH, SSL_FILETYPE_PEM) != SSL_SUCCESS)
        Exit(nullptr);

    if (wolfSSL_CTX_use_PrivateKey_file(ctx, KEY_SERVER_PATH, SSL_FILETYPE_PEM) != SSL_SUCCESS)
        Exit(nullptr);
}

int Send(WOLFSSL* ssl, const std::string& data)
{
    return wolfSSL_write(ssl, (char*)data.c_str(), data.size());
}

int Recv(WOLFSSL* ssl, std::string& data, int size)
{
    return wolfSSL_read(ssl, (char*)&data[0], size);
}

void Clean(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
{
    wolfSSL_shutdown(ssl);
    wolfSSL_free(ssl);
    wolfSSL_CTX_free(ctx);
    wolfSSL_Cleanup();
    WSACleanup();
}

int main()
{
    int yes = 1;
    SOCKET server_socket = INVALID_SOCKET;
    struct sockaddr_in sockaddr;

    WOLFSSL_CTX* ctx = nullptr;
    WOLFSSL* ssl = nullptr;

    if (!(ctx = Init()))
        Exit(nullptr);

    LoadCerts(ctx);

    server_socket = ::WSASocket(AF_INET, SOCK_STREAM, IPPROTO_TCP, 0, 0, 0);

    memset(&sockaddr, 0x00, sizeof(sockaddr_in));
    sockaddr.sin_family = AF_INET;
    sockaddr.sin_port = htons(PORT);
    sockaddr.sin_addr.s_addr = htonl(INADDR_ANY);

    ::setsockopt(server_socket, SOL_SOCKET, SO_REUSEADDR, (const char*)&yes, sizeof(int));
    ::bind(server_socket, (struct sockaddr*)&sockaddr, sizeof(struct sockaddr));
    ::listen(server_socket, 1);

    std::cout << "Waiting connection...\n";
    SOCKET client_socket = ::accept(server_socket, nullptr, nullptr);
    std::cout << "Got new connection\n";

    if (!(ssl = wolfSSL_new(ctx)))
        Exit(ssl);

    wolfSSL_set_fd(ssl, client_socket);

    if (wolfSSL_accept(ssl) != SSL_SUCCESS)
        Exit(ssl);

    std::cout << "Secure socket ready\n";
    std::string data(80, 0);

    if (!Recv(ssl, data, data.size()))
        Exit(ssl);

    std::cout << "Recv: " << data << "\n";

    data.erase(std::remove(data.begin(), data.end(), '\0'), data.end());
    data += "  <---> ECHO\n";

    if (!Send(ssl, data))
        Exit(ssl);

    Clean(ssl, ctx);
    std::cout << "\nDone\n";
    _getch();
    return 0;
}

CLIENT

#include <iostream>
#include <string>
#include <algorithm>
#include <conio.h>
#include <wolfssl/ssl.h>

#define CERT_CLIENT_PATH "Certs/client-cert.pem"
#define IP "127.0.0.1"
#define PORT 1234

#define Assert(expr) _ASSERT_EXPR((expr), _CRT_WIDE(#expr))

#define _WINSOCKAPI_
#include <Windows.h>

#include <winsock2.h>
#pragma comment(lib, "ws2_32.lib")

void Exit(WOLFSSL* ssl)
{
    std::string err_str(80, 0);

    int err = wolfSSL_get_error(ssl, 0);
    wolfSSL_ERR_error_string(err, &err_str[0]);

    std::cerr << err_str << "\n";
    Assert(false && "Error");
    exit(-1);
}

WOLFSSL_CTX* Init()
{
    WSADATA wsa_data;
    WORD version;

    version = MAKEWORD(2, 0);
    WSAStartup(version, &wsa_data);

    wolfSSL_Init();

    auto ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());

    const char* cipher_list = "DHE-RSA-AES128-SHA256";
    if (wolfSSL_CTX_set_cipher_list(ctx, cipher_list) != SSL_SUCCESS)
        Exit(nullptr);

    return ctx;
}

int Send(WOLFSSL* ssl, const std::string& data)
{
    return wolfSSL_write(ssl, (char*)data.c_str(), data.size());
}

int Recv(WOLFSSL* ssl, std::string& data, int size)
{
    return wolfSSL_read(ssl, (char*)&data[0], size);
}

void Clean(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
{
    wolfSSL_shutdown(ssl);
    wolfSSL_free(ssl);
    wolfSSL_CTX_free(ctx);
    wolfSSL_Cleanup();
    WSACleanup();
}

int main()
{
    int yes = 1;
    SOCKET socket = INVALID_SOCKET;
    struct sockaddr_in sockaddr;

    WOLFSSL_CTX* ctx = nullptr;
    WOLFSSL* ssl = nullptr;

    if (!(ctx = Init()))
        Exit(nullptr);

    struct hostent* target = nullptr;

    socket = ::WSASocket(AF_INET, SOCK_STREAM, IPPROTO_TCP, 0, 0, 0);
    target = gethostbyname(IP);

    memset(&sockaddr, 0x00, sizeof(sockaddr_in));
    sockaddr.sin_family = AF_INET;
    ((u_long*)&sockaddr.sin_addr)[0] = ((u_long**)target->h_addr_list)[0][0];
    sockaddr.sin_port = htons(PORT);

    std::cout << "Connecting... ";
    if (::connect(socket, (struct sockaddr*)&sockaddr, sizeof(sockaddr)) == SOCKET_ERROR)
        Exit(nullptr);

    if (!(ssl = wolfSSL_new(ctx)))
        Exit(ssl);

    wolfSSL_set_fd(ssl, socket);

    if (wolfSSL_connect(ssl) == SSL_SUCCESS)
        Exit(ssl);

    std::cout << " Done\n";
    std::string data = "hello";

    if (!Send(ssl, data))
        Exit(ssl);

    if (!Recv(ssl, data, data.size()))
        Exit(ssl);

    std::cout << "Respone: " << data;

    Clean(ssl, ctx);
    std::cout << "\nDone\n";
    _getch();
    return 0;
}

8

(10 replies, posted in wolfSSL)

Thanks for your answer.
About question 2.
1) I add certificate (wolfSSL_CTX_use_certificate_file) and private key file (wolfSSL_CTX_use_PrivateKey_file). What should I do next to use DHE?
2) What can I do with wolfSSL_CTX_set_cipher_list next?

If certificate file and the key will located in one directory with server - this is normal.
Client should not store any files (certificate, keys etc).

9

(10 replies, posted in wolfSSL)

Can anybody help me please?

10

(10 replies, posted in wolfSSL)

Hello everyone!
Not long time ago I has met with the library WolfSSL.
This library has made a big impression on me.
Immediately apologize for my English, I use google translate.

For the study I was wrote two simple programs: an echo server and client to add their support TLS 1.2.

I have a few questions:
1) It is necessary to make sure that the server has only worked with TLS and did not support the work of insecure channel. If the client connecting without TLS support, it must be disconnected by server. How this can be done (on the server side)?

2) It is necessary to add support for TLS to disposable keys were generated and unique to each session, and not store it on file in file system. I read about the mechanism of formation of the key for the current session in SSL/TLS - Ephemeral Diffie-Hellman. How to use it in WolfSSL library?

If possible, please give examples.
Thank you for attention.