/* * Adapted from: * * client.c * * Copyright (C) 2006-2015 wolfSSL Inc. * * This file is part of wolfSSL. (formerly known as CyaSSL) * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #include #include #include #include #include #include #include #include #include #include #include #include #if 0 # define dbg(...) say(__VA_ARGS__) #else # define dbg(...) ((void)0) #endif static ssize_t safe_write(int fd, const void *buf, size_t count) { ssize_t n; do { n = write(fd, buf, count); } while (n < 0 && errno == EINTR); return n; } static ssize_t full_write(int fd, const void *buf, size_t len) { ssize_t cc; ssize_t total; total = 0; while (len) { cc = safe_write(fd, buf, len); if (cc < 0) { if (total) { /* we already wrote some! */ /* user can do another write to know the error code */ return total; } return cc; /* write() returns -1 on failure. */ } total += cc; buf = ((const char *)buf) + cc; len -= cc; } return total; } static void say(const char *s, ...) { char buf[256]; va_list p; int sz; va_start(p, s); sz = vsnprintf(buf, sizeof(buf), s, p); full_write(STDERR_FILENO, buf, sz >= 0 && sz < sizeof(buf) ? sz : strlen(buf)); va_end(p); } static void die(const char *s, ...) { char buf[256]; va_list p; int sz; va_start(p, s); sz = vsnprintf(buf, sizeof(buf), s, p); full_write(STDERR_FILENO, buf, sz >= 0 && sz < sizeof(buf) ? sz : strlen(buf)); exit(1); va_end(p); } static void err_sys(const char *msg) { die("%s\n", msg); } /* ==== */ #if 0 static void showPeer(WOLFSSL* ssl) { WOLFSSL_CIPHER* cipher; WOLFSSL_X509* peer = wolfSSL_get_peer_certificate(ssl); if (peer) ShowX509(peer, "peer's cert info:"); else say("peer has no cert!\n"); say("SSL version is %s\n", wolfSSL_get_version(ssl)); cipher = wolfSSL_get_current_cipher(ssl); say("SSL cipher suite is %s\n", wolfSSL_CIPHER_get_name(cipher)); { WOLFSSL_X509_CHAIN* chain = wolfSSL_get_peer_chain(ssl); int count = wolfSSL_get_chain_count(chain); int i; for (i = 0; i < count; i++) { int length; unsigned char buffer[3072]; WOLFSSL_X509* chainX509; wolfSSL_get_chain_cert_pem(chain, i, buffer, sizeof(buffer), &length); buffer[length] = 0; say("cert %d has length %d data = \n%s\n", i, length, buffer); chainX509 = wolfSSL_get_chain_X509(chain, i); if (chainX509) ShowX509(chainX509, "session cert info:"); else say("get_chain_X509 failed\n"); wolfSSL_FreeX509(chainX509); } } } #endif WOLFSSL *prepare(int sockfd) { WOLFSSL_METHOD* method; WOLFSSL_CTX* ctx; WOLFSSL* ssl; wolfSSL_Init(); method = wolfTLSv1_1_client_method(); if (method == NULL) err_sys("out of memory"); ctx = wolfSSL_CTX_new(method); if (ctx == NULL) err_sys("out of memory"); // if (cipherList) // if (wolfSSL_CTX_set_cipher_list(ctx, cipherList) != SSL_SUCCESS) // err_sys("client can't set cipher list 1"); // if (fewerPackets) // wolfSSL_CTX_set_group_messages(ctx); //#ifndef NO_DH // wolfSSL_CTX_SetMinDhKey_Sz(ctx, (word16)minDhKeyBits); //#endif // if (usePsk) { // wolfSSL_CTX_set_psk_client_callback(ctx, my_psk_client_cb); // if (cipherList == NULL) { // const char *defaultCipherList; //#if defined(HAVE_AESGCM) && !defined(NO_DH) // defaultCipherList = "DHE-PSK-AES128-GCM-SHA256"; //#elif defined(HAVE_NULL_CIPHER) // defaultCipherList = "PSK-NULL-SHA256"; //#else // defaultCipherList = "PSK-AES128-CBC-SHA256"; //#endif // if (wolfSSL_CTX_set_cipher_list(ctx,defaultCipherList) != SSL_SUCCESS) // err_sys("client can't set cipher list 2"); // } // useClientCert = 0; // } // if (useAnon) { // if (cipherList == NULL) { // wolfSSL_CTX_allow_anon_cipher(ctx); // if (wolfSSL_CTX_set_cipher_list(ctx,"ADH-AES128-SHA") != SSL_SUCCESS) // err_sys("client can't set cipher list 4"); // } // useClientCert = 0; // } //#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) // wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); //#endif // if (useOcsp) { // if (ocspUrl != NULL) { // wolfSSL_CTX_SetOCSP_OverrideURL(ctx, ocspUrl); // wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_NO_NONCE // | WOLFSSL_OCSP_URL_OVERRIDE); // } // else // wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_NO_NONCE); // } // //#ifdef USER_CA_CB // wolfSSL_CTX_SetCACb(ctx, CaCb); //#endif // //#ifdef VERIFY_CALLBACK // wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myVerify); //#endif //#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) // if (useClientCert) { // if (wolfSSL_CTX_use_certificate_chain_file(ctx, ourCert) != SSL_SUCCESS) // err_sys("can't load client cert file, check file and run from" // " wolfSSL home dir"); // if (wolfSSL_CTX_use_PrivateKey_file(ctx, ourKey, SSL_FILETYPE_PEM) != SSL_SUCCESS) // err_sys("can't load client private key file, check file and run " // "from wolfSSL home dir"); // } // // if (!usePsk && !useAnon) { // if (wolfSSL_CTX_load_verify_locations(ctx, verifyCert,0) != SSL_SUCCESS) // err_sys("can't load ca file, Please run from wolfSSL home dir"); //#ifdef HAVE_ECC // /* load ecc verify too, echoserver uses it by default w/ ecc */ // if (wolfSSL_CTX_load_verify_locations(ctx, eccCert, 0) != SSL_SUCCESS) // err_sys("can't load ecc ca file, Please run from wolfSSL home dir"); //#endif // } //#endif /* !NO_FILESYSTEM && !NO_CERTS */ //#if !defined(NO_CERTS) // if (!usePsk && !useAnon && doPeerCheck == 0) // wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); // if (!usePsk && !useAnon && overrideDateErrors == 1) // wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myDateCb); //#endif wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); //#ifdef HAVE_SNI // if (sniHostName) // if (wolfSSL_CTX_UseSNI(ctx, 0, sniHostName, XSTRLEN(sniHostName)) != SSL_SUCCESS) // err_sys("UseSNI failed"); //#endif //#ifdef HAVE_MAX_FRAGMENT // if (maxFragment) // if (wolfSSL_CTX_UseMaxFragment(ctx, maxFragment) != SSL_SUCCESS) // err_sys("UseMaxFragment failed"); //#endif //#ifdef HAVE_TRUNCATED_HMAC // if (truncatedHMAC) // if (wolfSSL_CTX_UseTruncatedHMAC(ctx) != SSL_SUCCESS) // err_sys("UseTruncatedHMAC failed"); //#endif //#ifdef HAVE_SESSION_TICKET // if (wolfSSL_CTX_UseSessionTicket(ctx) != SSL_SUCCESS) // err_sys("UseSessionTicket failed"); //#endif //#if defined(WOLFSSL_MDK_ARM) // wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); //#endif ssl = wolfSSL_new(ctx); if (ssl == NULL) err_sys("out of memory"); //#ifdef HAVE_SESSION_TICKET // wolfSSL_set_SessionTicket_cb(ssl, sessionTicketCB, (void*)"initial session"); //#endif // if (doDTLS) { // SOCKADDR_IN_T addr; // build_addr(&addr, host, port, 1); // wolfSSL_dtls_set_peer(ssl, &addr, sizeof(addr)); // tcp_socket(&sockfd, 1); // } wlse { // tcp_connect(&sockfd, host, port, 0); // } //#ifdef HAVE_POLY1305 // /* use old poly to connect with google server */ // if (!XSTRNCMP(domain, "www.google.com", 14)) { // if (wolfSSL_use_old_poly(ssl, 1) != 0) // err_sys("unable to set to old poly"); // } //#endif wolfSSL_set_fd(ssl, sockfd); //#ifdef HAVE_CRL // if (disableCRL == 0) { // if (wolfSSL_EnableCRL(ssl, WOLFSSL_CRL_CHECKALL) != SSL_SUCCESS) // err_sys("can't enable crl check"); // if (wolfSSL_LoadCRL(ssl, crlPemDir, SSL_FILETYPE_PEM, 0) != SSL_SUCCESS) // err_sys("can't load crl, check crlfile and date validity"); // if (wolfSSL_SetCRL_Cb(ssl, CRL_CallBack) != SSL_SUCCESS) // err_sys("can't set crl callback"); // } //#endif //#ifdef HAVE_SECURE_RENEGOTIATION // if (scr) { // if (wolfSSL_UseSecureRenegotiation(ssl) != SSL_SUCCESS) // err_sys("can't enable secure renegotiation"); // } //#endif //#ifdef ATOMIC_USER // if (atomicUser) // SetupAtomicUser(ctx, ssl); //#endif //#ifdef HAVE_PK_CALLBACKS // if (pkCallbacks) // SetupPkCallbacks(ctx, ssl); //#endif // if (matchName && doPeerCheck) // wolfSSL_check_domain_name(ssl, domain); if (wolfSSL_connect(ssl) != SSL_SUCCESS) { // /* see note at top of README */ // int err = wolfSSL_get_error(ssl, 0); // char buffer[WOLFSSL_MAX_ERROR_SZ]; // say("err = %d, %s\n", err, // wolfSSL_ERR_error_string(err, buffer)); err_sys("SSL_connect failed"); } // showPeer(ssl); //#ifdef HAVE_SECURE_RENEGOTIATION // if (scr && forceScr) { // if (wolfSSL_Rehandshake(ssl) != SSL_SUCCESS) { // int err = wolfSSL_get_error(ssl, 0); // char buffer[WOLFSSL_MAX_ERROR_SZ]; // say("err = %d, %s\n", err, // wolfSSL_ERR_error_string(err, buffer)); // err_sys("wolfSSL_Rehandshake failed"); // } // } //#endif return ssl; } static struct pollfd pfd[2] = { { -1, POLLIN|POLLERR|POLLHUP, 0 }, { -1, POLLIN|POLLERR|POLLHUP, 0 }, }; #define STDIN pfd[0] #define NETWORK pfd[1] #define STDIN_READY() (pfd[0].revents & (POLLIN|POLLERR|POLLHUP)) #define NETWORK_READY() (pfd[1].revents & (POLLIN|POLLERR|POLLHUP)) static void wait_for_input(void) { if (STDIN.fd == NETWORK.fd) /* means both are -1 */ exit(0); dbg("polling\n"); STDIN.revents = NETWORK.revents = 0; while (poll(pfd, 2, -1) < 0 && errno == EINTR) continue; } static void do_io_until_eof_and_exit(WOLFSSL *ssl, int fd) { int len; char ibuf[4 * 1024]; NETWORK.fd = fd; STDIN.fd = 0; len = 0; /* only to suppress compiler warning */ for (;;) { wait_for_input(); if (STDIN_READY()) { dbg("reading stdin\n"); len = read(STDIN_FILENO, ibuf, sizeof(ibuf)); if (len < 0) die("read error on stdin\n"); if (len == 0) { dbg("read len = 0, stdin not polled anymore\n"); STDIN.fd = -1; } else { int n = wolfSSL_write(ssl, ibuf, len); if (n != len) die("SSL_write(%d) failed (returned %d)\n", len, n); } } if (NETWORK_READY()) { dbg("%s%s%s\n", (pfd[1].revents & POLLIN) ? "POLLIN" : "", (pfd[1].revents & POLLERR) ? "|POLLERR" : "", (pfd[1].revents & POLLHUP) ? "|POLLHUP" : "" ); /* We are using blocking socket here. * (Nonblocking socket would complicate writing to it). * Therefore, SSL_read _can block_ here. * This is not what wget expects (it wants to see short reads). * Therefore, we use smallish buffer here, to approximate that. */ len = wolfSSL_read(ssl, ibuf, sizeof(ibuf) < 1024 ? sizeof(ibuf) : 1024 ); if (len < 0) die("SSL_read error on network (%d)\n", len); if (len > 0) { int n; n = full_write(STDOUT_FILENO, ibuf, len); if (n != len) die("write(%d) to stdout returned %d\n", len, n); continue; } /* Blocking reads are easier wtr EOF detection (no EAGAIN error to check for) */ dbg("read len = 0, network not polled anymore\n"); NETWORK.fd = -1; /* saw EOF on network, and we processed * and wrote out all ssl data. Signal it: */ close(STDOUT_FILENO); } } } int main(int argc, char **argv) { WOLFSSL *ssl; int fd; char *fd_str; if (!argv[1]) die("Syntax error\n"); if (argv[1][0] != '-') die("Syntax error\n"); if (argv[1][1] != 'd') die("Syntax error\n"); fd_str = argv[1] + 2; if (!fd_str[0]) fd_str = argv[2]; if (!fd_str || fd_str[0] < '0' || fd_str[0] > '9') die("Syntax error\n"); fd = atoi(fd_str); if (fd < 3) die("Syntax error\n"); ssl = prepare(fd); do_io_until_eof_and_exit(ssl, fd); /* does not return */ // if (doDTLS == 0) { /* don't send alert after "break" command */ // ret = wolfSSL_shutdown(ssl); // if (wc_shutdown && ret == SSL_SHUTDOWN_NOT_DONE) // wolfSSL_shutdown(ssl); /* bidirectional shutdown */ // } //#ifdef ATOMIC_USER // if (atomicUser) // FreeAtomicUser(ssl); //#endif // wolfSSL_free(ssl); // CloseSocket(sockfd); // wolfSSL_CTX_free(ctx); return 0; }