From bc6461083054d76abde9c33702c068ee0bf6a0d7 Mon Sep 17 00:00:00 2001 From: Alexander M Pickering Date: Fri, 15 Nov 2024 15:25:07 -0600 Subject: rename and reorganize --- init | 2 +- libressl.patch | 678 ++++++++++++++------------------------------------------ libressl2.patch | 405 --------------------------------- 3 files changed, 162 insertions(+), 923 deletions(-) delete mode 100644 libressl2.patch diff --git a/init b/init index b7ba829..348c86b 100755 --- a/init +++ b/init @@ -13,7 +13,7 @@ mv libcrypto.a /usr/x86_64-w64-mingw32/lib cd busybox-w32 cp /root/busybox-w32-packaging/config .config -git apply /root/busybox-w32-packaging/libressl2.patch +git apply /root/busybox-w32-packaging/libressl.patch # For some reason this code only causes errors on -O0 if [ -n "$ZERO_PATCH" ]; then git apply /root/busybox-w32-packaging/zero.patch diff --git a/libressl.patch b/libressl.patch index 564d620..00d5d4b 100644 --- a/libressl.patch +++ b/libressl.patch @@ -12,18 +12,10 @@ index bc1453e12..69f76cbb3 100644 void tls_run_copy_loop(tls_state_t *tls, unsigned flags) FAST_FUNC; diff --git a/networking/ssl_client.c b/networking/ssl_client.c -index 757745896..653b6f48e 100644 +index 757745896..38163440f 100644 --- a/networking/ssl_client.c +++ b/networking/ssl_client.c -@@ -24,6 +24,7 @@ - //usage:#define ssl_client_full_usage "" - - #include "libbb.h" -+#include - - int ssl_client_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE; - int ssl_client_main(int argc UNUSED_PARAM, char **argv) -@@ -69,7 +70,7 @@ int ssl_client_main(int argc UNUSED_PARAM, char **argv) +@@ -69,7 +69,7 @@ int ssl_client_main(int argc UNUSED_PARAM, char **argv) } #endif @@ -32,34 +24,8 @@ index 757745896..653b6f48e 100644 BUILD_BUG_ON(TLSLOOP_EXIT_ON_LOCAL_EOF != 1); tls_run_copy_loop(tls, /*flags*/ opt & 1); -diff --git a/networking/ssl_helper-wolfssl/ssl_helper.c b/networking/ssl_helper-wolfssl/ssl_helper.c -index 38b7b56c6..834912a68 100644 ---- a/networking/ssl_helper-wolfssl/ssl_helper.c -+++ b/networking/ssl_helper-wolfssl/ssl_helper.c -@@ -160,10 +160,10 @@ WOLFSSL *prepare(int sockfd) - - method = wolfTLSv1_1_client_method(); - if (method == NULL) -- err_sys("out of memory"); -+ err_sys("out of memory 3"); - ctx = wolfSSL_CTX_new(method); - if (ctx == NULL) -- err_sys("out of memory"); -+ err_sys("out of memory 2"); - // if (cipherList) - // if (wolfSSL_CTX_set_cipher_list(ctx, cipherList) != SSL_SUCCESS) - // err_sys("client can't set cipher list 1"); -@@ -279,7 +279,7 @@ WOLFSSL *prepare(int sockfd) - - ssl = wolfSSL_new(ctx); - if (ssl == NULL) -- err_sys("out of memory"); -+ err_sys("out of memory 1"); - - //#ifdef HAVE_SESSION_TICKET - // wolfSSL_set_SessionTicket_cb(ssl, sessionTicketCB, (void*)"initial session"); diff --git a/networking/tls.c b/networking/tls.c -index 9f1dd67ec..7e8da6df2 100644 +index 9f1dd67ec..60e1afe99 100644 --- a/networking/tls.c +++ b/networking/tls.c @@ -2221,6 +2221,7 @@ static void send_client_finished(tls_state_t *tls) @@ -76,8 +42,8 @@ index 9f1dd67ec..7e8da6df2 100644 - /*send_empty_client_cert(tls); - WRONG (breaks handshake hash calc) */ - /* need to hash _all_ server replies first, up to ServerHelloDone */ -+ //send_empty_client_cert(tls); - WRONG (breaks handshake hash calc) -+ //need to hash _all_ server replies first, up to ServerHelloDone ++ //send_empty_client_cert(tls); - WRONG (breaks handshake hash calc) / ++ // need to hash _all_ server replies first, up to ServerHelloDone / len = tls_xread_handshake_block(tls, 4); } @@ -87,18 +53,18 @@ index 9f1dd67ec..7e8da6df2 100644 send_change_cipher_spec(tls); - /* from now on we should send encrypted */ - /* tls->write_seq64_be = 0; - already is */ -+ // from now on we should send encrypted -+ // tls->write_seq64_be = 0; - already is ++ // from now on we should send encrypted / ++ // tls->write_seq64_be = 0; - already is / tls->flags |= ENCRYPT_ON_WRITE; send_client_finished(tls); - /* Get CHANGE_CIPHER_SPEC */ -+ // Get CHANGE_CIPHER_SPEC ++ // Get CHANGE_CIPHER_SPEC / len = tls_xread_record(tls, "switch to encrypted traffic"); if (len != 1 || memcmp(tls->inbuf, rec_CHANGE_CIPHER_SPEC, 6) != 0) bad_record_die(tls, "switch to encrypted traffic", len); -@@ -2327,29 +2328,29 @@ void FAST_FUNC tls_handshake(tls_state_t *tls, const char *sni) +@@ -2327,29 +2328,30 @@ void FAST_FUNC tls_handshake(tls_state_t *tls, const char *sni) } else if (!(tls->flags & ENCRYPTION_AESGCM)) { unsigned mac_blocks = (unsigned)(TLS_MAC_SIZE(tls) + AES_BLOCK_SIZE-1) / AES_BLOCK_SIZE; @@ -107,6 +73,7 @@ index 9f1dd67ec..7e8da6df2 100644 - */ + // all incoming packets now should be encrypted and have + // at least IV + (MAC padded to blocksize): ++ // tls->min_encrypted_len_on_read = AES_BLOCK_SIZE + (mac_blocks * AES_BLOCK_SIZE); } else { tls->min_encrypted_len_on_read = 8 + AES_BLOCK_SIZE; @@ -114,16 +81,16 @@ index 9f1dd67ec..7e8da6df2 100644 dbg("min_encrypted_len_on_read: %u\n", tls->min_encrypted_len_on_read); - /* Get (encrypted) FINISHED from the server */ -+ // Get (encrypted) FINISHED from the server ++ // Get (encrypted) FINISHED from the server / len = tls_xread_record(tls, "'server finished'"); if (len < 4 || tls->inbuf[RECHDR_LEN] != HANDSHAKE_FINISHED) bad_record_die(tls, "'server finished'", len); dbg("<< FINISHED\n"); - /* application data can be sent/received */ -+ // application data can be sent/received ++ // application data can be sent/received / - /* free handshake data */ -+ // free handshake data ++ // free handshake data / psRsaKey_clear(&tls->hsd->server_rsa_pub_key); // if (PARANOIA) // memset(tls->hsd, 0, tls->hsd->hsd_size); @@ -135,41 +102,34 @@ index 9f1dd67ec..7e8da6df2 100644 static void tls_xwrite(tls_state_t *tls, int len) { diff --git a/networking/wget.c b/networking/wget.c -index 6a64836fb..918ad6812 100644 +index 6a64836fb..4a5b4c9f0 100644 --- a/networking/wget.c +++ b/networking/wget.c -@@ -169,7 +169,11 @@ - //usage: "\n -Y on/off Use proxy" - - #include "libbb.h" -- -+#include -+#include -+#include -+#include -+#include - #if 0 - # define log_io(...) bb_error_msg(__VA_ARGS__) - # define SENDFMT(fp, fmt, ...) \ -@@ -354,6 +358,39 @@ static ALWAYS_INLINE void progress_meter(int flag UNUSED_PARAM) {} - #endif - +@@ -1,4 +1,3 @@ +-/* vi: set sw=4 ts=4: */ + /* + * wget - retrieve a file using HTTP or FTP + * +@@ -460,6 +459,49 @@ static FILE *open_socket(len_and_sockaddr *lsa) + return fp; + } +#if ENABLE_PLATFORM_MINGW32 +/* Use windows installed certificates for wget */ +#include +#include +#include -+void gather_certificates(struct tls_config *cfg) ++char* gather_certificates(struct tls_config *cfg) +{ -+ printf("Gathering certificates\n"); ++ FILE *pemfile; ++ pemfile = tmpfile(); + HCERTSTORE dstore; -+ dstore = CertOpenSystemStore(0,"CA"); ++ dstore = CertOpenSystemStore(0,"ROOT"); + size_t numcerts; + if(!dstore) + bb_error_msg_and_die("Error opening 'CA' cert store"); -+ X509_STORE *store = X509_STORE_new(); + PCCERT_CONTEXT ctx = NULL; ++ size_t certs_len; + for(;;) + { + ctx = CertEnumCertificatesInStore(dstore,ctx); @@ -178,223 +138,121 @@ index 6a64836fb..918ad6812 100644 + char *dcert = ctx->pbCertEncoded; + size_t dcert_len = ctx->cbCertEncoded; + X509 *x509cert; -+ x509cert = d2i_X509(NULL,dcert,dcert_len); ++ x509cert = d2i_X509(NULL,&dcert,dcert_len); + if(x509cert == NULL) + bb_error_msg_and_die("Failed to convert cert"); -+ X509_STORE_add_cert(store,x509cert); ++ if(!PEM_write_X509(pemfile, x509cert)) ++ bb_error_msg_and_die("Failed to write cert"); + X509_free(x509cert); + } -+ CertCloseStore(store, CERT_CLOSE_STORE_CHECK_FLAG); ++ CertCloseStore(dstore, CERT_CLOSE_STORE_CHECK_FLAG); ++ size_t pemsize = ftell(pemfile); ++ char *pemmem = (char*)malloc(pemsize); ++ if(pemmem == NULL) ++ bb_error_msg_and_die("out of memory"); ++ rewind(pemfile); ++ if(fread(pemmem, sizeof(char), pemsize, pemfile) != pemsize) ++ bb_error_msg_and_die("Failed to read temp ca pem file"); ++ tls_config_set_ca_mem(cfg, pemmem, pemsize); +} -+ +#endif - /* IPv6 knows scoped address types i.e. link and site local addresses. Link - * local addresses can have a scope identifier to specify the - * interface/link an address is valid on (e.g. fe80::1%eth0). This scope -@@ -482,18 +519,45 @@ static char* sanitize_string(char *s) - return s; - } - -+static char tlsgets_trim_sanitize(struct tls *ctx, const char *fmt) -+{ -+ printf("wget tlsgets_trim_sanitize 1\n"); -+ char c; -+ char *buf_ptr; -+ ssize_t len = TLS_WANT_POLLIN; -+ while(len == TLS_WANT_POLLIN) -+ len = tls_read(ctx,G.wget_buf, sizeof(G.wget_buf)); -+ if(len == -1) -+ bb_error_msg_and_die("tls read error: %s", tls_error(ctx)); -+ printf("Read %zd bytes\n", len); -+ printf("Data Read: %s\n",G.wget_buf); -+ buf_ptr = strchrnul(G.wget_buf, '\n'); -+ c = *buf_ptr; -+ sanitize_string(G.wget_buf); -+ log_io("< %s", G.wget_buf); -+ if (fmt && (option_mask32 & WGET_OPT_SERVER_RESPONSE)) -+ fprintf(stderr, fmt, G.wget_buf); -+ return c; -+} + - /* Returns '\n' if it was seen, else '\0'. Trims at first '\r' or '\n' */ - static char fgets_trim_sanitize(FILE *fp, const char *fmt) - { - char c; - char *buf_ptr; - -+ printf("wget fgets_trim_sanitize 1\n"); - set_alarm(); -- if (fgets(G.wget_buf, sizeof(G.wget_buf), fp) == NULL) -- bb_simple_perror_msg_and_die("error getting response"); -+ printf("wget fgets_trim_sanitize 2\n"); -+ printf("wget_buf: %d\n",sizeof(G.wget_buf)); -+ if (fgets(G.wget_buf, sizeof(G.wget_buf), fp) == NULL){ -+ bb_error_msg_and_die("error getting response: %d %s",errno, strerror(errno)); -+ } - clear_alarm(); - -+ printf("wget fgets_trim_sanitize 3\n"); - buf_ptr = strchrnul(G.wget_buf, '\n'); -+ printf("wget fgets_trim_sanitize 4\n"); - c = *buf_ptr; - #if 1 - /* Disallow any control chars: trim at first char < 0x20 */ -@@ -504,10 +568,12 @@ static char fgets_trim_sanitize(FILE *fp, const char *fmt) - *buf_ptr = '\0'; - #endif - -+ printf("wget fgets_trim_sanitize 7\n"); - log_io("< %s", G.wget_buf); - - if (fmt && (option_mask32 & WGET_OPT_SERVER_RESPONSE)) - fprintf(stderr, fmt, G.wget_buf); -+ printf("wget fgets_trim_sanitize 8\n"); - - return c; - } -@@ -636,6 +702,46 @@ static void parse_url(const char *src_url, struct host_info *h) - */ - } - -+static int tls_sanitized_hdr(struct tls *ctx, char* start, char **header, char **value) -+{ -+ printf("wget tls_sanitized_hdr 1\n"); -+ printf("wget_buf was: %s\n",G.wget_buf); -+ char c; -+ char *s; -+ //c = tlsgets_trim_sanitize(ctx, " %s\n"); -+ if(*start =='\n'){ -+ printf("Found end of headers\n"); -+ return 0; -+ } -+ if(G.wget_buf[0] == '\0') -+ return -1; -+ printf("While getting header, buf was: %s\n", G.wget_buf); -+ *header = G.wget_buf; -+ /* Convert to lowercase */ -+ for(s = G.wget_buf; isalnum(*s) || *s == '-' || *s == '.' || *s == '_'; ++s) -+ *s |= 0x20; -+ /* Find seperator */ -+ if(*s != ':') -+ bb_error_msg_and_die("Bad header line: %s", G.wget_buf); -+ *s++ = '\0'; -+ s = skip_whitespace(s); -+ *value = s; -+ s = strchr(s,'\n'); -+ if(*s == NULL) { -+ printf("Buffer too small!\n"); -+ while (tls_read(ctx, &c, sizeof(char)) == 1 && c != '\n') -+ /*Consume the rest of the header */; -+ } -+ if (c != '\n'){ -+ printf("buffer too small!\n"); -+ while (tls_read(ctx,&c,sizeof(char)) == 1 && c != EOF && c != '\n') -+ /* Rats! The buffer isn't big enough to hold the entire header value */ -+ printf("."); -+ } -+ printf("wget tls_sanitized_hdr 2\n"); -+ return hdrval; -+} -+ - static char *get_sanitized_hdr(FILE *fp) - { - char *s, *hdrval; -@@ -689,6 +795,7 @@ static void reset_beg_range_to_zero(void) + /* We balk at any control chars in other side's messages. + * This prevents nasty surprises (e.g. ESC sequences) in "Location:" URLs + * and error messages. +@@ -689,6 +731,9 @@ static void reset_beg_range_to_zero(void) } #if ENABLE_FEATURE_WGET_OPENSSL -+# if !ENABLE_PLATFORM_MINGW32 ++#include ++#include ++/* static int spawn_https_helper_openssl(const char *host, unsigned port) { char *allocated = NULL; -@@ -777,6 +884,38 @@ static int spawn_https_helper_openssl(const char *host, unsigned port) +@@ -698,7 +743,7 @@ static int spawn_https_helper_openssl(const char *host, unsigned port) + IF_FEATURE_WGET_HTTPS(volatile int child_failed = 0;) + + if (socketpair(AF_UNIX, SOCK_STREAM, 0, sp) != 0) +- /* Kernel can have AF_UNIX support disabled */ ++ // Kernel can have AF_UNIX support disabled / + bb_simple_perror_msg_and_die("socketpair"); + + if (!strchr(host, ':')) +@@ -709,18 +754,18 @@ static int spawn_https_helper_openssl(const char *host, unsigned port) + fflush_all(); + pid = xvfork(); + if (pid == 0) { +- /* Child */ ++ // Child / + char *argv[13]; + char **argp; + + close(sp[0]); + xmove_fd(sp[1], 0); + xdup2(0, 1); +- /* +- * openssl s_client -quiet -connect www.kernel.org:443 2>/dev/null +- * It prints some debug stuff on stderr, don't know how to suppress it. +- * Work around by dev-nulling stderr. We lose all error messages :( +- */ ++ // ++ // openssl s_client -quiet -connect www.kernel.org:443 2>/dev/null ++ // It prints some debug stuff on stderr, don't know how to suppress it. ++ // Work around by dev-nulling stderr. We lose all error messages :( ++ // + xmove_fd(2, 3); + xopen("/dev/null", O_RDWR); + memset(&argv, 0, sizeof(argv)); +@@ -729,18 +774,18 @@ static int spawn_https_helper_openssl(const char *host, unsigned port) + argv[2] = (char*)"-quiet"; + argv[3] = (char*)"-connect"; + argv[4] = (char*)host; +- /* +- * Per RFC 6066 Section 3, the only permitted values in the +- * TLS server_name (SNI) field are FQDNs (DNS hostnames). +- * IPv4 and IPv6 addresses, port numbers are not allowed. +- */ ++ // ++ // Per RFC 6066 Section 3, the only permitted values in the ++ // TLS server_name (SNI) field are FQDNs (DNS hostnames). ++ // IPv4 and IPv6 addresses, port numbers are not allowed. ++ // + argp = &argv[5]; + if (!is_ip_address(servername)) { + *argp++ = (char*)"-servername"; //[5] + *argp++ = (char*)servername; //[6] + } + if (!(option_mask32 & WGET_OPT_NO_CHECK_CERT)) { +- /* Abort on bad server certificate */ ++ // Abort on bad server certificate / + *argp++ = (char*)"-verify"; //[7] + *argp++ = (char*)"100"; //[8] + *argp++ = (char*)"-verify_return_error"; //[9] +@@ -762,10 +807,10 @@ static int spawn_https_helper_openssl(const char *host, unsigned port) + # else + bb_perror_msg_and_die("can't execute '%s'", argv[0]); + # endif +- /* notreached */ ++ // notreached / + } + +- /* Parent */ ++ // Parent / + free(servername); + free(allocated); + close(sp[1]); +@@ -777,6 +822,7 @@ static int spawn_https_helper_openssl(const char *host, unsigned port) # endif return sp[0]; } -+# else -+#include -+#include -+static int spawn_https_helper_openssl(const char *host, unsigned port) -+{ -+ char* allocated = NULL; -+ char *servername, *cmd; -+ int sp[2]; -+ if (socketpair(AF_UNIX, SOCK_STREAM, 0, sp) != 0) -+ bb_simple_perror_msg_and_die("socketpair"); -+ -+ if(!strchr(host,":")) -+ host = allocated = xasprintf("%s:%u",host,port); -+ servername = xstrdup(host); -+ fflush_all(); -+ -+ struct tls *ctx = tls_client(); -+ if(ctx == NULL) -+ bb_error_msg_and_die("Out of memory 1"); -+ struct tls_config *config = tls_config_new(); -+ if(config == NULL) -+ bb_error_msg_and_die("Out of memory 2"); -+ if(tls_configure(ctx,config) != 0) -+ bb_error_msg_and_die("Failed to configure client"); -+ tls_connect_fds(ctx, sp[0], sp[1], servername); -+ tls_config_free(config); -+ free(allocated); -+ free(servername); -+ printf("Connected sp %s\n"); -+ return sp[0]; -+} -+# endif ++*/ #endif #if ENABLE_FEATURE_WGET_HTTPS -@@ -1151,6 +1290,7 @@ static void download_one_url(const char *url) - server.user = NULL; - target.user = NULL; - -+ printf("wget download_one_url 1\n"); - parse_url(url, &target); - - /* Use the proxy if necessary */ -@@ -1172,6 +1312,7 @@ static void download_one_url(const char *url) - server.host = target.host; - } - } -+ printf("wget download_one_url 2\n"); - - if (ENABLE_FEATURE_IPV6) - strip_ipv6_scope_id(target.host); -@@ -1191,6 +1332,7 @@ static void download_one_url(const char *url) - G.fname_out = fname_out_alloc = xstrdup(G.fname_out); - } - } -+ printf("wget download_one_url 3\n"); - #if ENABLE_FEATURE_WGET_STATUSBAR - G.curfile = bb_get_last_path_component_nostrip(G.fname_out); - #endif -@@ -1206,15 +1348,19 @@ static void download_one_url(const char *url) - * We are not sure it exists on remote side */ - } - -+ printf("wget download_one_url 4\n"); - redir_limit = 16; - resolve_lsa: -+ printf("wget download_one_url 5\n"); - lsa = xhost2sockaddr(server.host, server.port); - if (!(option_mask32 & WGET_OPT_QUIET)) { - char *s = xmalloc_sockaddr2dotted(&lsa->u.sa); - fprintf(stderr, "Connecting to %s (%s)\n", server.host, s); - free(s); - } -+ printf("wget download_one_url 6\n"); - establish_session: -+ printf("wget download_one_url 7\n"); - /*G.content_len = 0; - redundant, got_clen = 0 is enough */ - G.got_clen = 0; - G.chunked = 0; -@@ -1229,37 +1375,64 @@ static void download_one_url(const char *url) - +@@ -1230,26 +1276,51 @@ static void download_one_url(const char *url) /* Open socket to http(s) server */ #if ENABLE_FEATURE_WGET_OPENSSL -+ printf("wget download_one_url 8\n"); /* openssl (and maybe internal TLS) support is configured */ + struct tls *ctx; if (server.protocol == P_HTTPS) { @@ -402,21 +260,21 @@ index 6a64836fb..918ad6812 100644 * Inconvenient API since we can't give it an open fd */ - int fd = spawn_https_helper_openssl(server.host, server.port); --# if ENABLE_FEATURE_WGET_HTTPS ++ //int fd = spawn_https_helper_openssl(server.host, server.port); + # if ENABLE_FEATURE_WGET_HTTPS - if (fd < 0) { /* no openssl? try internal */ - sfp = open_socket(lsa); - spawn_ssl_client(server.host, fileno(sfp), /*flags*/ 0); - goto socket_opened; -+ printf("wget download_one_url 9\n"); -+ //int fd = spawn_https_helper_openssl(server.host, server.port); -+ char *allocated, *servername, *p, *host; -+ if(!strchr(server.host, ":")) +- } ++ char *allocated, *servername, *host, *pemmem; ++ struct tls_config *config; ++ if(!strchr(server.host, ':')) + host = allocated = xasprintf("%s:%u", server.host, server.port); + servername = xstrdup(host); + ctx = tls_client(); + if(ctx == NULL) + bb_error_msg_and_die("Out of memory 1"); -+ struct tls_config *config; + config = tls_config_new(); + if(config == NULL) + bb_error_msg_and_die("Out of memory 2"); @@ -424,287 +282,73 @@ index 6a64836fb..918ad6812 100644 + bb_error_msg_and_die("Failed to set ca path"); + if(tls_config_set_ca_file(config, "cert.pem") != 0) + bb_error_msg_and_die("Failed to set ca file"); ++ gather_certificates(config); + if(tls_configure(ctx,config) != 0) + bb_error_msg_and_die("Failed to configure client"); + sfp = tmpfile(); + dfp = tmpfile(); -+ printf("TLS connection to %s\n", server.host); + if(tls_connect(ctx, servername, NULL) != 0) + bb_error_msg_and_die("Failed to connect: %s", tls_error(ctx)); ++ free(pemmem); + tls_config_free(config); + free(allocated); + free(servername); -+ printf("wget download_one_url 10\n"); -+ printf("wget download_one_url 13\n"); + //sfp = fdopen(fd, "r+"); -+ if (!sfp){ ++ if (!sfp) + bb_error_msg_and_die("Error opening fd: %s",strerror(errno)); - } --# else -- /* We don't check for exec("openssl") failure in this case */ --# endif + # else + /* We don't check for exec("openssl") failure in this case */ + # endif - sfp = fdopen(fd, "r+"); - if (!sfp) - bb_die_memory_exhausted(); -+ printf("wget download_one_url 14\n"); ++ //sfp = fdopen(fd, "r+"); ++ //if (!sfp) ++ // bb_die_memory_exhausted(); goto socket_opened; } - sfp = open_socket(lsa); -+ printf("wget download_one_url 15\n"); + //sfp = open_socket(lsa); socket_opened: #elif ENABLE_FEATURE_WGET_HTTPS /* Only internal TLS support is configured */ -+ printf("wget download_one_url 16\n"); - sfp = open_socket(lsa); - if (server.protocol == P_HTTPS) - spawn_ssl_client(server.host, fileno(sfp), /*flags*/ 0); - #else -+ printf("wget download_one_url 17\n"); - /* ssl (https) support is not configured */ - sfp = open_socket(lsa); - #endif -+ printf("wget download_one_url 18\n"); - /* Send HTTP request */ - if (use_proxy) { - SENDFMT(sfp, "GET %s://%s/%s HTTP/1.1\r\n", -@@ -1270,6 +1443,7 @@ static void download_one_url(const char *url) - (option_mask32 & WGET_OPT_POST) ? "POST" : "GET", - target.path); - } -+ printf("wget download_one_url 19\n"); - if (!USR_HEADER_HOST) - SENDFMT(sfp, "Host: %s\r\n", target.host); - if (!USR_HEADER_USER_AGENT) -@@ -1280,6 +1454,7 @@ static void download_one_url(const char *url) - */ - SENDFMT(sfp, "Connection: close\r\n"); - -+ printf("wget download_one_url 20\n"); - #if ENABLE_FEATURE_WGET_AUTHENTICATION - if (target.user && !USR_HEADER_AUTH) { - SENDFMT(sfp, "Proxy-Authorization: Basic %s\r\n"+6, -@@ -1291,6 +1466,7 @@ static void download_one_url(const char *url) - } - #endif - -+ printf("wget download_one_url 21\n"); - if (G.beg_range != 0 && !USR_HEADER_RANGE) - SENDFMT(sfp, "Range: bytes=%"OFF_FMT"u-\r\n", G.beg_range); - -@@ -1300,6 +1476,7 @@ static void download_one_url(const char *url) - fputs(G.extra_headers, sfp); - } - -+ printf("wget download_one_url 22\n"); - if (option_mask32 & WGET_OPT_POST_FILE) { - int fd = xopen_stdin(G.post_file); - G.post_data = xmalloc_read(fd, NULL); -@@ -1314,15 +1491,18 @@ static void download_one_url(const char *url) - ); - } - # if ENABLE_PLATFORM_MINGW32 -+ printf("wget download_one_url 23\n"); - if (!USR_HEADER_CONTENT_LENGTH) - SENDFMT(sfp, "Content-Length: %u\r\n", - (int)strlen(G.post_data) - ); -+ printf("wget download_one_url 24\n"); - SENDFMT(sfp, - "\r\n" - "%s", - G.post_data - ); -+ printf("wget download_one_url 25\n"); - } else - # else - SENDFMT(sfp, -@@ -1338,6 +1518,7 @@ static void download_one_url(const char *url) - SENDFMT(sfp, "\r\n"); - } - -+ printf("wget download_one_url 26\n"); - fflush(sfp); - - /* Tried doing this unconditionally. -@@ -1345,31 +1526,55 @@ static void download_one_url(const char *url) - */ - #if SSL_SUPPORTED - if (target.protocol == P_HTTPS) { -+ printf("wget download_one_url 26-2\n"); - /* If we use SSL helper, keeping our end of the socket open for writing - * makes our end (i.e. the same fd!) readable (EAGAIN instead of EOF) - * even after child closes its copy of the fd. - * This helps: - */ +@@ -1353,7 +1424,35 @@ static void download_one_url(const char *url) shutdown(fileno(sfp), SHUT_WR); -+ printf("wget download_one_url 26-3\n"); } #endif - -+ + //How much data did we actually get? -+ size_t wlen = ftell(sfp); -+ char *outbuf = (char*)malloc(sizeof(char) * wlen); ++ size_t wlen, bufsize; ++ wlen = ftell(sfp); ++ bufsize = 4096; ++ char buf[bufsize]; ++ char *outbuf; ++ outbuf = (char*)malloc(sizeof(char) * wlen); + rewind(sfp); -+ if(fread(outbuf, sizeof(char), wlen, sfp) < wlen) -+ bb_error_msg_and_die("Failed to read tmpfile: %s\n", strerror(errno)); ++ rewind(dfp); ++ if(fread(outbuf, sizeof(char), wlen, sfp) < wlen) ++ bb_error_msg_and_die("Failed to read tmpfile: %s", strerror(errno)); + if(tls_write(ctx, outbuf, wlen) < wlen) -+ bb_error_msg_and_die("Failed to write:%s\n",tls_error(ctx)); -+ -+ printf("About to seek\n"); -+ fseek(dfp,0,SEEK_END); -+ printf("Done seeking...\n"); -+ long dflen = ftell(dfp); -+ printf("wget download_one_url dflen: %ld\n", dflen); -+ long sflen = ftell(sfp); -+ printf("wget download_one_url sflen: %ld\n", sflen); ++ bb_error_msg_and_die("Failed to write:%s",tls_error(ctx)); ++ ssize_t len; ++ len = TLS_WANT_POLLIN; ++ while(len == TLS_WANT_POLLIN || len > 0){ ++ len = tls_read(ctx, buf, bufsize); ++ if(len == -1) ++ bb_error_msg_and_die("Failed tls read: %s", tls_error(ctx)); ++ if (len != TLS_WANT_POLLIN){ ++ wlen = fwrite(buf, sizeof(char), len, dfp); ++ if(wlen != len) ++ bb_error_msg_and_die("Failed to write to tempfile: (%zu) (%zd) %s", wlen, len, strerror(errno)); ++ } ++ } ++ if(len == -1) ++ bb_error_msg_and_die("tls read error: %s", tls_error(ctx)); + rewind(dfp); + sfp = dfp; /* * Retrieve HTTP response line and check for "200" status code. */ - read_response: -- fgets_trim_sanitize(sfp, " %s\n"); -+ printf("wget download_one_url 27\n"); -+ tlsgets_trim_sanitize(ctx, " %s\n"); -+ printf("wget download_one_url 27-1\n"); - - str = G.wget_buf; -+ printf("wget_buf was: %s\n",G.wget_buf); - str = skip_non_whitespace(str); - str = skip_whitespace(str); - // FIXME: no error check - // xatou wouldn't work: "200 OK" - status = atoi(str); -+ printf("Status was: %d\n",status); - switch (status) { - case 0: - case 100: -- while (get_sanitized_hdr(sfp) != NULL) -+ while (tls_sanitized_hdr(ctx) != NULL) - /* eat all remaining headers */; - goto read_response; - -@@ -1441,7 +1646,13 @@ However, in real world it was observed that some web servers - /* - * Retrieve HTTP headers. - */ -- while ((str = get_sanitized_hdr(sfp)) != NULL) { -+ printf("wget download_one_url 28\n"); -+ printf("At this point wget_buf is: %s\n",G.wget_buf); -+ str = strchr(str,'\n'); -+ char *header, *value; -+ while (tls_sanitized_hdr(ctx, str, &header, &value) > 0) { -+ printf("wget Retreiving the next part of the headers\n"); -+ printf("wget str was: %s\n", str); - static const char keywords[] ALIGN1 = - "content-length\0""transfer-encoding\0""location\0"; - enum { -@@ -1453,6 +1664,7 @@ However, in real world it was observed that some web servers - - /* strip trailing whitespace */ - char *s = strchrnul(str, '\0') - 1; -+ printf("Stripping whitespace at %s\n", s); - while (s >= str && (*s == ' ' || *s == '\t')) { - *s = '\0'; - s--; -@@ -1460,6 +1672,7 @@ However, in real world it was observed that some web servers - key = index_in_strings(keywords, G.wget_buf) + 1; - if (key == KEY_content_length) { - G.content_len = BB_STRTOOFF(str, NULL, 10); -+ printf("Got content length: %jd\n", G.content_len); - if (G.content_len < 0 || errno) { - bb_error_msg_and_die("content-length %s is garbage", str); - } -@@ -1469,6 +1682,7 @@ However, in real world it was observed that some web servers - if (key == KEY_transfer_encoding) { - if (strcmp(str_tolower(str), "chunked") != 0) - bb_error_msg_and_die("transfer encoding '%s' is not supported", str); -+ printf("Got transfer encodeing: chunked\n"); - G.chunked = 1; - } - if (key == KEY_location && status >= 300) { -@@ -1494,9 +1708,11 @@ However, in real world it was observed that some web servers - goto resolve_lsa; - } /* else: lsa stays the same: we use proxy */ - } -+ printf("Got location header: %s\n",target.path); - goto establish_session; - } - } -+ printf("wget download_one_url 29\n"); - // if (status >= 300) - // bb_error_msg_and_die("bad redirection (no Location: header from server)"); - -@@ -1514,6 +1730,7 @@ However, in real world it was observed that some web servers - - free(lsa); - -+ printf("wget download_one_url 30\n"); - if (!(option_mask32 & WGET_OPT_SPIDER)) { - if (G.output_fd < 0) - G.output_fd = xopen(G.fname_out, G.o_flags); -@@ -1536,6 +1753,7 @@ However, in real world it was observed that some web servers - /* ftpcmd("QUIT", NULL, sfp); - why bother? */ - } - #endif -+ printf("wget download_one_url 31\n"); - fclose(sfp); - - free(server.allocated); -@@ -1544,11 +1762,13 @@ However, in real world it was observed that some web servers - free(target.user); - free(fname_out_alloc); - free(redirected_path); -+ printf("wget download_one_url 32\n"); - } - - int wget_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE; - int wget_main(int argc UNUSED_PARAM, char **argv) - { -+ printf("wget main 1\n"); - #if ENABLE_FEATURE_WGET_LONG_OPTIONS - static const char wget_longopts[] ALIGN1 = - /* name, has_arg, val */ -@@ -1590,6 +1810,7 @@ IF_DESKTOP( "no-parent\0" No_argument "\xf0") - #endif - - INIT_G(); -+ printf("wget main 2\n"); - - #if ENABLE_FEATURE_WGET_TIMEOUT - G.timeout_seconds = 900; -@@ -1626,6 +1847,8 @@ IF_DESKTOP( "no-parent\0" No_argument "\xf0") - IF_FEATURE_WGET_LONG_OPTIONS(, &G.post_data) - IF_FEATURE_WGET_LONG_OPTIONS(, &G.post_file) - ); -+ -+ printf("wget main 3\n"); - #if 0 /* option bits debug */ - if (option_mask32 & WGET_OPT_RETRIES) bb_error_msg("-t NUM"); - if (option_mask32 & WGET_OPT_nsomething) bb_error_msg("-nsomething"); -@@ -1670,6 +1893,7 @@ IF_DESKTOP( "no-parent\0" No_argument "\xf0") - } - #endif - -+ printf("wget main 4\n"); - G.output_fd = -1; - G.o_flags = O_WRONLY | O_CREAT | O_TRUNC | O_EXCL; - if (G.fname_out) { /* -O FILE ? */ -@@ -1691,8 +1915,11 @@ IF_DESKTOP( "no-parent\0" No_argument "\xf0") - } - } - -- while (*argv) -+ printf("wget main 5\n"); -+ while (*argv) { -+ printf("wget main 5-%s\n",argv); - download_one_url(*argv++); -+ } - - if (G.output_fd >= 0) - xclose(G.output_fd); diff --git a/scripts/trylink b/scripts/trylink index 2456252a3..6186284f1 100755 --- a/scripts/trylink diff --git a/libressl2.patch b/libressl2.patch deleted file mode 100644 index be030ab..0000000 --- a/libressl2.patch +++ /dev/null @@ -1,405 +0,0 @@ -diff --git a/include/libbb.h b/include/libbb.h -index bc1453e12..69f76cbb3 100644 ---- a/include/libbb.h -+++ b/include/libbb.h -@@ -962,7 +962,7 @@ static inline tls_state_t *new_tls_state(void) - tls_state_t *tls = xzalloc(sizeof(*tls)); - return tls; - } --void tls_handshake(tls_state_t *tls, const char *sni) FAST_FUNC; -+//void tls_handshake(tls_state_t *tls, const char *sni) FAST_FUNC; - #define TLSLOOP_EXIT_ON_LOCAL_EOF (1 << 0) - void tls_run_copy_loop(tls_state_t *tls, unsigned flags) FAST_FUNC; - -diff --git a/networking/ssl_client.c b/networking/ssl_client.c -index 757745896..38163440f 100644 ---- a/networking/ssl_client.c -+++ b/networking/ssl_client.c -@@ -69,7 +69,7 @@ int ssl_client_main(int argc UNUSED_PARAM, char **argv) - } - #endif - -- tls_handshake(tls, sni); -+ //tls_handshake(tls, sni); - - BUILD_BUG_ON(TLSLOOP_EXIT_ON_LOCAL_EOF != 1); - tls_run_copy_loop(tls, /*flags*/ opt & 1); -diff --git a/networking/tls.c b/networking/tls.c -index 9f1dd67ec..60e1afe99 100644 ---- a/networking/tls.c -+++ b/networking/tls.c -@@ -2221,6 +2221,7 @@ static void send_client_finished(tls_state_t *tls) - xwrite_encrypted(tls, sizeof(*record), RECORD_TYPE_HANDSHAKE); - } - -+/* - void FAST_FUNC tls_handshake(tls_state_t *tls, const char *sni) - { - // Client RFC 5246 Server -@@ -2291,8 +2292,8 @@ void FAST_FUNC tls_handshake(tls_state_t *tls, const char *sni) - // defined in Section 7.4.2." - // (i.e. the same format as server certs) - -- /*send_empty_client_cert(tls); - WRONG (breaks handshake hash calc) */ -- /* need to hash _all_ server replies first, up to ServerHelloDone */ -+ //send_empty_client_cert(tls); - WRONG (breaks handshake hash calc) / -+ // need to hash _all_ server replies first, up to ServerHelloDone / - len = tls_xread_handshake_block(tls, 4); - } - -@@ -2308,13 +2309,13 @@ void FAST_FUNC tls_handshake(tls_state_t *tls, const char *sni) - send_client_key_exchange(tls); - - send_change_cipher_spec(tls); -- /* from now on we should send encrypted */ -- /* tls->write_seq64_be = 0; - already is */ -+ // from now on we should send encrypted / -+ // tls->write_seq64_be = 0; - already is / - tls->flags |= ENCRYPT_ON_WRITE; - - send_client_finished(tls); - -- /* Get CHANGE_CIPHER_SPEC */ -+ // Get CHANGE_CIPHER_SPEC / - len = tls_xread_record(tls, "switch to encrypted traffic"); - if (len != 1 || memcmp(tls->inbuf, rec_CHANGE_CIPHER_SPEC, 6) != 0) - bad_record_die(tls, "switch to encrypted traffic", len); -@@ -2327,29 +2328,30 @@ void FAST_FUNC tls_handshake(tls_state_t *tls, const char *sni) - } else - if (!(tls->flags & ENCRYPTION_AESGCM)) { - unsigned mac_blocks = (unsigned)(TLS_MAC_SIZE(tls) + AES_BLOCK_SIZE-1) / AES_BLOCK_SIZE; -- /* all incoming packets now should be encrypted and have -- * at least IV + (MAC padded to blocksize): -- */ -+ // all incoming packets now should be encrypted and have -+ // at least IV + (MAC padded to blocksize): -+ // - tls->min_encrypted_len_on_read = AES_BLOCK_SIZE + (mac_blocks * AES_BLOCK_SIZE); - } else { - tls->min_encrypted_len_on_read = 8 + AES_BLOCK_SIZE; - } - dbg("min_encrypted_len_on_read: %u\n", tls->min_encrypted_len_on_read); - -- /* Get (encrypted) FINISHED from the server */ -+ // Get (encrypted) FINISHED from the server / - len = tls_xread_record(tls, "'server finished'"); - if (len < 4 || tls->inbuf[RECHDR_LEN] != HANDSHAKE_FINISHED) - bad_record_die(tls, "'server finished'", len); - dbg("<< FINISHED\n"); -- /* application data can be sent/received */ -+ // application data can be sent/received / - -- /* free handshake data */ -+ // free handshake data / - psRsaKey_clear(&tls->hsd->server_rsa_pub_key); - // if (PARANOIA) - // memset(tls->hsd, 0, tls->hsd->hsd_size); - free(tls->hsd); - tls->hsd = NULL; - } -+*/ - - static void tls_xwrite(tls_state_t *tls, int len) - { -diff --git a/networking/wget.c b/networking/wget.c -index 6a64836fb..03de9336c 100644 ---- a/networking/wget.c -+++ b/networking/wget.c -@@ -1,4 +1,3 @@ --/* vi: set sw=4 ts=4: */ - /* - * wget - retrieve a file using HTTP or FTP - * -@@ -460,6 +459,56 @@ static FILE *open_socket(len_and_sockaddr *lsa) - return fp; - } - -+#if ENABLE_PLATFORM_MINGW32 -+/* Use windows installed certificates for wget */ -+#include -+#include -+#include -+void gather_certificates(struct tls_config *cfg) -+{ -+ printf("Gathering certificates\n"); -+ FILE *pemfile; -+ pemfile = tmpfile(); -+ HCERTSTORE dstore; -+ dstore = CertOpenSystemStore(0,"ROOT"); -+ size_t numcerts; -+ if(!dstore) -+ bb_error_msg_and_die("Error opening 'CA' cert store"); -+ PCCERT_CONTEXT ctx = NULL; -+ size_t certs_len; -+ printf("About to start looping\n"); -+ for(;;) -+ { -+ printf("About to start top of the loop\n"); -+ ctx = CertEnumCertificatesInStore(dstore,ctx); -+ if(!ctx) -+ break; -+ char *dcert = ctx->pbCertEncoded; -+ size_t dcert_len = ctx->cbCertEncoded; -+ X509 *x509cert; -+ x509cert = d2i_X509(NULL,&dcert,dcert_len); -+ if(x509cert == NULL) -+ bb_error_msg_and_die("Failed to convert cert"); -+ if(!PEM_write_X509(pemfile, x509cert)) -+ bb_error_msg_and_die("Failed to write cert"); -+ X509_free(x509cert); -+ printf("Bottom of the loop\n"); -+ } -+ printf("Out of the loop\n"); -+ CertCloseStore(dstore, CERT_CLOSE_STORE_CHECK_FLAG); -+ size_t pemsize = ftell(pemfile); -+ char *pemmem = (char*)malloc(pemsize); -+ if(pemmem == NULL) -+ bb_error_msg_and_die("out of memory"); -+ rewind(pemfile); -+ if(fread(pemmem, sizeof(char), pemsize, pemfile) != pemsize) -+ bb_error_msg_and_die("Failed to read temp ca pem file"); -+ printf("About to set ca, it is: %s\n",pemmem); -+ tls_config_set_ca_mem(cfg, pemmem, pemsize); -+ printf("Done configuring ca\n"); -+} -+#endif -+ - /* We balk at any control chars in other side's messages. - * This prevents nasty surprises (e.g. ESC sequences) in "Location:" URLs - * and error messages. -@@ -689,6 +738,9 @@ static void reset_beg_range_to_zero(void) - } - - #if ENABLE_FEATURE_WGET_OPENSSL -+#include -+#include -+/* - static int spawn_https_helper_openssl(const char *host, unsigned port) - { - char *allocated = NULL; -@@ -698,7 +750,7 @@ static int spawn_https_helper_openssl(const char *host, unsigned port) - IF_FEATURE_WGET_HTTPS(volatile int child_failed = 0;) - - if (socketpair(AF_UNIX, SOCK_STREAM, 0, sp) != 0) -- /* Kernel can have AF_UNIX support disabled */ -+ // Kernel can have AF_UNIX support disabled / - bb_simple_perror_msg_and_die("socketpair"); - - if (!strchr(host, ':')) -@@ -709,18 +761,18 @@ static int spawn_https_helper_openssl(const char *host, unsigned port) - fflush_all(); - pid = xvfork(); - if (pid == 0) { -- /* Child */ -+ // Child / - char *argv[13]; - char **argp; - - close(sp[0]); - xmove_fd(sp[1], 0); - xdup2(0, 1); -- /* -- * openssl s_client -quiet -connect www.kernel.org:443 2>/dev/null -- * It prints some debug stuff on stderr, don't know how to suppress it. -- * Work around by dev-nulling stderr. We lose all error messages :( -- */ -+ // -+ // openssl s_client -quiet -connect www.kernel.org:443 2>/dev/null -+ // It prints some debug stuff on stderr, don't know how to suppress it. -+ // Work around by dev-nulling stderr. We lose all error messages :( -+ // - xmove_fd(2, 3); - xopen("/dev/null", O_RDWR); - memset(&argv, 0, sizeof(argv)); -@@ -729,18 +781,18 @@ static int spawn_https_helper_openssl(const char *host, unsigned port) - argv[2] = (char*)"-quiet"; - argv[3] = (char*)"-connect"; - argv[4] = (char*)host; -- /* -- * Per RFC 6066 Section 3, the only permitted values in the -- * TLS server_name (SNI) field are FQDNs (DNS hostnames). -- * IPv4 and IPv6 addresses, port numbers are not allowed. -- */ -+ // -+ // Per RFC 6066 Section 3, the only permitted values in the -+ // TLS server_name (SNI) field are FQDNs (DNS hostnames). -+ // IPv4 and IPv6 addresses, port numbers are not allowed. -+ // - argp = &argv[5]; - if (!is_ip_address(servername)) { - *argp++ = (char*)"-servername"; //[5] - *argp++ = (char*)servername; //[6] - } - if (!(option_mask32 & WGET_OPT_NO_CHECK_CERT)) { -- /* Abort on bad server certificate */ -+ // Abort on bad server certificate / - *argp++ = (char*)"-verify"; //[7] - *argp++ = (char*)"100"; //[8] - *argp++ = (char*)"-verify_return_error"; //[9] -@@ -762,10 +814,10 @@ static int spawn_https_helper_openssl(const char *host, unsigned port) - # else - bb_perror_msg_and_die("can't execute '%s'", argv[0]); - # endif -- /* notreached */ -+ // notreached / - } - -- /* Parent */ -+ // Parent / - free(servername); - free(allocated); - close(sp[1]); -@@ -777,6 +829,7 @@ static int spawn_https_helper_openssl(const char *host, unsigned port) - # endif - return sp[0]; - } -+*/ - #endif - - #if ENABLE_FEATURE_WGET_HTTPS -@@ -1230,26 +1283,52 @@ static void download_one_url(const char *url) - /* Open socket to http(s) server */ - #if ENABLE_FEATURE_WGET_OPENSSL - /* openssl (and maybe internal TLS) support is configured */ -+ struct tls *ctx; - if (server.protocol == P_HTTPS) { - /* openssl-based helper - * Inconvenient API since we can't give it an open fd - */ -- int fd = spawn_https_helper_openssl(server.host, server.port); -+ //int fd = spawn_https_helper_openssl(server.host, server.port); - # if ENABLE_FEATURE_WGET_HTTPS -- if (fd < 0) { /* no openssl? try internal */ -- sfp = open_socket(lsa); -- spawn_ssl_client(server.host, fileno(sfp), /*flags*/ 0); -- goto socket_opened; -- } -+ char *allocated, *servername, *host; -+ struct tls_config *config; -+ if(!strchr(server.host, ':')) -+ host = allocated = xasprintf("%s:%u", server.host, server.port); -+ servername = xstrdup(host); -+ ctx = tls_client(); -+ if(ctx == NULL) -+ bb_error_msg_and_die("Out of memory 1"); -+ config = tls_config_new(); -+ if(config == NULL) -+ bb_error_msg_and_die("Out of memory 2"); -+ if(tls_config_set_ca_path(config, "certs") != 0) -+ bb_error_msg_and_die("Failed to set ca path"); -+ if(tls_config_set_ca_file(config, "cert.pem") != 0) -+ bb_error_msg_and_die("Failed to set ca file"); -+ gather_certificates(config); -+ if(tls_configure(ctx,config) != 0) -+ bb_error_msg_and_die("Failed to configure client"); -+ sfp = tmpfile(); -+ dfp = tmpfile(); -+ printf("TLS connection to %s\n", server.host); -+ if(tls_connect(ctx, servername, NULL) != 0) -+ bb_error_msg_and_die("Failed to connect: %s", tls_error(ctx)); -+ tls_config_free(config); -+ free(allocated); -+ free(servername); -+ printf("wget download_one_url 13\n"); -+ //sfp = fdopen(fd, "r+"); -+ if (!sfp) -+ bb_error_msg_and_die("Error opening fd: %s",strerror(errno)); - # else - /* We don't check for exec("openssl") failure in this case */ - # endif -- sfp = fdopen(fd, "r+"); -- if (!sfp) -- bb_die_memory_exhausted(); -+ //sfp = fdopen(fd, "r+"); -+ //if (!sfp) -+ // bb_die_memory_exhausted(); - goto socket_opened; - } -- sfp = open_socket(lsa); -+ //sfp = open_socket(lsa); - socket_opened: - #elif ENABLE_FEATURE_WGET_HTTPS - /* Only internal TLS support is configured */ -@@ -1353,7 +1432,41 @@ static void download_one_url(const char *url) - shutdown(fileno(sfp), SHUT_WR); - } - #endif -- -+ printf("wget download_one_url 14\n"); -+ //How much data did we actually get? -+ size_t wlen, bufsize; -+ wlen = ftell(sfp); -+ bufsize = 4096; -+ char buf[bufsize]; -+ char *outbuf; -+ outbuf = (char*)malloc(sizeof(char) * wlen); -+ rewind(sfp); -+ rewind(dfp); -+ if(fread(outbuf, sizeof(char), wlen, sfp) < wlen) -+ bb_error_msg_and_die("Failed to read tmpfile: %s", strerror(errno)); -+ if(tls_write(ctx, outbuf, wlen) < wlen) -+ bb_error_msg_and_die("Failed to write:%s",tls_error(ctx)); -+ ssize_t len; -+ printf("wget download_one_url about to read\n"); -+ len = TLS_WANT_POLLIN; -+ while(len == TLS_WANT_POLLIN || len > 0){ -+ printf("This loop through the read, len is %zd\n", len); -+ len = tls_read(ctx, buf, bufsize); -+ printf("After tls read\n"); -+ if(len == -1) -+ bb_error_msg_and_die("Failed tls read: %s", tls_error(ctx)); -+ if (len != TLS_WANT_POLLIN){ -+ printf("Read from %zd bytes from tls: %s\n", len, buf); -+ wlen = fwrite(buf, sizeof(char), len, dfp); -+ if(wlen != len) -+ bb_error_msg_and_die("Failed to write to tempfile: (%zu) (%zd) %s", wlen, len, strerror(errno)); -+ } -+ } -+ if(len == -1) -+ bb_error_msg_and_die("tls read error: %s", tls_error(ctx)); -+ rewind(dfp); -+ sfp = dfp; -+ printf("wget download_one_url 15\n"); - /* - * Retrieve HTTP response line and check for "200" status code. - */ -@@ -1514,6 +1627,7 @@ However, in real world it was observed that some web servers - - free(lsa); - -+ printf("wget download_one_url 16\n"); - if (!(option_mask32 & WGET_OPT_SPIDER)) { - if (G.output_fd < 0) - G.output_fd = xopen(G.fname_out, G.o_flags); -diff --git a/scripts/trylink b/scripts/trylink -index 2456252a3..6186284f1 100755 ---- a/scripts/trylink -+++ b/scripts/trylink -@@ -84,7 +84,8 @@ A_FILES="$6" - # a real utmp library in LDLIBS, dropping it "works" but resulting binary - # does not work properly). - LDLIBS="$7" --CONFIG_EXTRA_LDLIBS="$8" -+shift 7 -+CONFIG_EXTRA_LDLIBS="$@" - - # The --sort-section option is not supported by older versions of ld - SORT_SECTION="-Wl,--sort-section,alignment" -diff --git a/win32/mingw.c b/win32/mingw.c -index 87e7ca602..7bad3e4fa 100644 ---- a/win32/mingw.c -+++ b/win32/mingw.c -@@ -1214,11 +1214,13 @@ elevation_state(void) - return elevated | (enabled << 1); - } - -+/* - int getuid(void) - { - return elevation_state() == (ELEVATED_PRIVILEGE | ADMIN_ENABLED) ? - 0 : DEFAULT_UID; - } -+*/ - - struct passwd *getpwnam(const char *name) - { -- cgit v1.2.3-55-g6feb