Skip to content

Commit

Permalink
add crypto-policy option to example client and server.
Browse files Browse the repository at this point in the history
  • Loading branch information
@philljj
philljj committed Nov 21, 2024
1 parent d3b28ff commit 0b8d992
Show file tree
Hide file tree
Showing 2 changed files with 57 additions and 27 deletions.
43 changes: 29 additions & 14 deletions examples/client/client.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1167,7 +1167,7 @@ static int ClientWriteRead(WOLFSSL* ssl, const char* msg, int msgSz,
/* 4. add the same message into Japanese section */
/* (will be translated later) */
/* 5. add printf() into suitable position of Usage() */
static const char* client_usage_msg[][77] = {
static const char* client_usage_msg[][78] = {
/* English */
{
" NOTE: All files relative to wolfSSL home dir\n", /* 0 */
Expand Down Expand Up @@ -1403,9 +1403,12 @@ static const char* client_usage_msg[][77] = {
"--rpk Use RPK for the defined certificates\n", /* 74 */
#endif
"--files-are-der Specified files are in DER, not PEM format\n", /* 75 */
#ifdef WOLFSSL_SYS_CRYPTO_POLICY
"--crypto-policy <path to crypto policy file>\n", /* 76 */
#endif
"\n"
"For simpler wolfSSL TLS client examples, visit\n"
"https://github.com/wolfSSL/wolfssl-examples/tree/master/tls\n", /* 76 */
"https://github.com/wolfSSL/wolfssl-examples/tree/master/tls\n", /* 77 */
NULL,
},
#ifndef NO_MULTIBYTE_PRINT
Expand Down Expand Up @@ -1648,10 +1651,13 @@ static const char* client_usage_msg[][77] = {
"--rpk Use RPK for the defined certificates\n", /* 74 */
#endif
"--files-are-der Specified files are in DER, not PEM format\n", /* 75 */
#ifdef WOLFSSL_SYS_CRYPTO_POLICY
"--crypto-policy <path to crypto policy file>\n", /* 76 */
#endif
"\n"
"より簡単なwolfSSL TLS クライアントの例については"
"下記にアクセスしてください\n"
"https://github.com/wolfSSL/wolfssl-examples/tree/master/tls\n", /* 76 */
"https://github.com/wolfSSL/wolfssl-examples/tree/master/tls\n", /* 77 */
NULL,
},
#endif
Expand Down Expand Up @@ -2068,6 +2074,9 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
{ "rpk", 0, 267 },
#endif /* HAVE_RPK */
{ "files-are-der", 0, 268 },
#if defined(WOLFSSL_SYS_CRYPTO_POLICY)
{ "crypto-policy", 1, 269 },
#endif /* WOLFSSL_SYS_CRYPTO_POLICY */
{ 0, 0, 0 }
};
#endif
Expand Down Expand Up @@ -2212,6 +2221,10 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
int useRPK = 0;
#endif /* HAVE_RPK */
int fileFormat = WOLFSSL_FILETYPE_PEM;
#if defined(WOLFSSL_SYS_CRYPTO_POLICY)
const char * policy = NULL;
#endif /* WOLFSSL_SYS_CRYPTO_POLICY */


char buffer[WOLFSSL_MAX_ERROR_SZ];

Expand Down Expand Up @@ -2931,6 +2944,12 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
case 268:
fileFormat = WOLFSSL_FILETYPE_ASN1;
break;
case 269:
#if defined(WOLFSSL_SYS_CRYPTO_POLICY)
policy = myoptarg;
#endif /* WOLFSSL_SYS_CRYPTO_POLICY */
break;

default:
Usage();
XEXIT_T(MY_EX_USAGE);
Expand Down Expand Up @@ -3158,6 +3177,13 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
if (method == NULL)
err_sys("unable to get method");

#if defined(WOLFSSL_SYS_CRYPTO_POLICY)
if (policy != NULL) {
if (wolfSSL_crypto_policy_enable(policy) != WOLFSSL_SUCCESS) {
err_sys("wolfSSL_crypto_policy_enable failed");
}
}
#endif /* WOLFSSL_SYS_CRYPTO_POLICY */

#ifdef WOLFSSL_STATIC_MEMORY
#if defined(DEBUG_WOLFSSL) && !defined(WOLFSSL_STATIC_MEMORY_LEAN)
Expand Down Expand Up @@ -4818,10 +4844,6 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
int main(int argc, char** argv)
{
func_args args;
#if defined(WOLFSSL_SYS_CRYPTO_POLICY)
const char * policy = "examples/crypto_policies/default/wolfssl.txt";
#endif /* WOLFSSL_SYS_CRYPTO_POLICY */


StartTCP();

Expand All @@ -4836,13 +4858,6 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
wolfSSL_Debugging_ON();
#endif
wolfSSL_Init();
#if defined(WOLFSSL_SYS_CRYPTO_POLICY)
if (wolfSSL_crypto_policy_enable(policy) != WOLFSSL_SUCCESS) {
fprintf(stderr, "crypto_policy_enable failed\n");
wolfSSL_Cleanup();
return EXIT_FAILURE;
}
#endif /* WOLFSSL_SYS_CRYPTO_POLICY */
ChangeToWolfRoot();

#ifndef NO_WOLFSSL_CLIENT
Expand Down
41 changes: 28 additions & 13 deletions examples/server/server.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -872,7 +872,7 @@ static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519,
/* 4. add the same message into Japanese section */
/* (will be translated later) */
/* 5. add printf() into suitable position of Usage() */
static const char* server_usage_msg[][65] = {
static const char* server_usage_msg[][66] = {
/* English */
{
" NOTE: All files relative to wolfSSL home dir\n", /* 0 */
Expand Down Expand Up @@ -1055,11 +1055,14 @@ static const char* server_usage_msg[][65] = {
#ifdef WOLFSSL_DUAL_ALG_CERTS
"--altPrivKey <file> Generate alternative signature with this key.\n",
/* 65 */
#endif
#ifdef WOLFSSL_SYS_CRYPTO_POLICY
"--crypto-policy <path to crypto policy file>\n", /* 66 */
#endif
"\n"
"For simpler wolfSSL TLS server examples, visit\n"
"https://github.com/wolfSSL/wolfssl-examples/tree/master/tls\n",
/* 66 */
/* 67 */
NULL,
},
#ifndef NO_MULTIBYTE_PRINT
Expand Down Expand Up @@ -1260,12 +1263,15 @@ static const char* server_usage_msg[][65] = {
#ifdef WOLFSSL_DUAL_ALG_CERTS
"--altPrivKey <file> Generate alternative signature with this key.\n",
/* 65 */
#endif
#ifdef WOLFSSL_SYS_CRYPTO_POLICY
"--crypto-policy <path to crypto policy file>\n", /* 66 */
#endif
"\n"
"より簡単なwolfSSL TSL クライアントの例については"
"下記にアクセスしてください\n"
"https://github.com/wolfSSL/wolfssl-examples/tree/master/tls\n",
/* 66 */
/* 67 */
NULL,
},
#endif
Expand Down Expand Up @@ -1544,6 +1550,9 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
#ifdef WOLFSSL_DUAL_ALG_CERTS
{ "altPrivKey", 1, 267},
#endif
#if defined(WOLFSSL_SYS_CRYPTO_POLICY)
{ "crypto-policy", 1, 268 },
#endif /* WOLFSSL_SYS_CRYPTO_POLICY */
{ 0, 0, 0 }
};
#endif
Expand Down Expand Up @@ -1668,6 +1677,9 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
#if defined(HAVE_CRL) && !defined(NO_FILESYSTEM)
char* crlDir = NULL;
#endif
#if defined(WOLFSSL_SYS_CRYPTO_POLICY)
const char * policy = NULL;
#endif /* WOLFSSL_SYS_CRYPTO_POLICY */

#ifdef WOLFSSL_STATIC_MEMORY
/* Note: Actual memory used is much less, this is the entire buffer buckets,
Expand Down Expand Up @@ -2437,6 +2449,11 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
altPrivKey = myoptarg;
break;
#endif
case 268:
#if defined(WOLFSSL_SYS_CRYPTO_POLICY)
policy = myoptarg;
#endif /* WOLFSSL_SYS_CRYPTO_POLICY */
break;

case -1:
default:
Expand Down Expand Up @@ -2591,6 +2608,14 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
if (method == NULL)
err_sys_ex(runWithErrors, "unable to get method");

#if defined(WOLFSSL_SYS_CRYPTO_POLICY)
if (policy != NULL) {
if (wolfSSL_crypto_policy_enable(policy) != WOLFSSL_SUCCESS) {
err_sys("wolfSSL_crypto_policy_enable failed");
}
}
#endif /* WOLFSSL_SYS_CRYPTO_POLICY */

#ifdef WOLFSSL_STATIC_MEMORY
#if defined(DEBUG_WOLFSSL) && !defined(WOLFSSL_STATIC_MEMORY_LEAN)
/* print off helper buffer sizes for use with static memory
Expand Down Expand Up @@ -3995,9 +4020,6 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
{
func_args args;
tcp_ready ready;
#if defined(WOLFSSL_SYS_CRYPTO_POLICY)
const char * policy = "examples/crypto_policies/default/wolfssl.txt";
#endif /* WOLFSSL_SYS_CRYPTO_POLICY */

StartTCP();

Expand All @@ -4017,13 +4039,6 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
#ifdef WC_RNG_SEED_CB
wc_SetSeed_Cb(wc_GenerateSeed);
#endif
#if defined(WOLFSSL_SYS_CRYPTO_POLICY)
if (wolfSSL_crypto_policy_enable(policy) != WOLFSSL_SUCCESS) {
fprintf(stderr, "crypto_policy_enable failed\n");
wolfSSL_Cleanup();
return EXIT_FAILURE;
}
#endif /* WOLFSSL_SYS_CRYPTO_POLICY */
ChangeToWolfRoot();

#ifndef NO_WOLFSSL_SERVER
Expand Down

0 comments on commit 0b8d992

Please sign in to comment.