tls: do not use common_bufsiz

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>

1 files changed, 15 insertions, 8 deletions

diff --git a/networking/tls.c b/networking/tls.c
index e037eba69..2674997ff 100644
--- a/networking/tls.c
+++ b/networking/tls.c
@@ -23,7 +23,7 @@
 //usage:#define tls_full_usage "\n\n"
 
 #include "tls.h"
-#include "common_bufsiz.h"
+//#include "common_bufsiz.h"
 
 #define TLS_DEBUG      1
 #define TLS_DEBUG_HASH 1
@@ -677,7 +677,8 @@ static int xread_tls_block(tls_state_t *tls)
 
  again:
         dbg("insize:%u tail:%u\n", tls->insize, tls->tail);
-        memmove(tls->inbuf, tls->inbuf + tls->insize, tls->tail);
+        if (tls->tail != 0)
+                memmove(tls->inbuf, tls->inbuf + tls->insize, tls->tail);
         errno = 0;
         total = tls->tail;
         target = sizeof(tls->inbuf);
@@ -702,7 +703,6 @@ static int xread_tls_block(tls_state_t *tls)
                                 /* "Abrupt" EOF, no TLS shutdown (seen from kernel.org) */
                                 dbg("EOF (without TLS shutdown) from peer\n");
                                 tls->tail = 0;
-                                tls->insize = 0;
                                 goto end;
                         }
                         bb_perror_msg_and_die("short read, have only %d", total);
@@ -1062,6 +1062,8 @@ static void send_client_hello(tls_state_t *tls)
         record->comprtypes_len = 1;
         record->comprtypes[0] = 0;
 
+//TODO: send options, at least SNI.
+
         dbg(">> CLIENT_HELLO\n");
         xwrite_and_update_handshake_hash(tls, sizeof(*record));
 }
@@ -1453,6 +1455,9 @@ static void tls_xwrite(tls_state_t *tls, int len)
 // openssl req -x509 -newkey rsa:$((4096/4*3)) -keyout key.pem -out server.pem -nodes -days 99999 -subj '/CN=localhost'
 // openssl s_server -key key.pem -cert server.pem -debug -tls1_2 -no_tls1 -no_tls1_1 -cipher NULL
 // openssl s_client -connect 127.0.0.1:4433 -debug -tls1_2 -no_tls1 -no_tls1_1 -cipher NULL-SHA256
+//
+// Talk to kernel.org:
+// printf "GET / HTTP/1.1\r\nHost: kernel.org\r\n\r\n" | ./busybox tls kernel.org
 
 int tls_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
 int tls_main(int argc UNUSED_PARAM, char **argv)
@@ -1478,8 +1483,8 @@ int tls_main(int argc UNUSED_PARAM, char **argv)
         FD_SET(cfd, &readfds);
         FD_SET(STDIN_FILENO, &readfds);
 
-#define iobuf bb_common_bufsiz1
-        setup_common_bufsiz();
+//#define iobuf bb_common_bufsiz1
+//      setup_common_bufsiz();
         for (;;) {
                 int nread;
 
@@ -1492,12 +1497,14 @@ int tls_main(int argc UNUSED_PARAM, char **argv)
                         void *buf;
 
                         dbg("STDIN HAS DATA\n");
-                        buf = tls_get_outbuf(tls, COMMON_BUFSIZE);
-                        nread = safe_read(STDIN_FILENO, buf, COMMON_BUFSIZE);
+//TODO: growable buffer
+                        buf = tls_get_outbuf(tls, 4 * 1024);
+                        nread = safe_read(STDIN_FILENO, buf, 4 * 1024);
                         if (nread < 1) {
 //&& errno != EAGAIN
                                 /* Close outgoing half-connection so they get EOF,
                                  * but leave incoming alone so we can see response */
+//TLS has no way to encode this, doubt it's ok to do it "raw"
 //                              shutdown(cfd, SHUT_WR);
                                 FD_CLR(STDIN_FILENO, &readfds);
                         }
@@ -1507,7 +1514,7 @@ int tls_main(int argc UNUSED_PARAM, char **argv)
                         dbg("NETWORK HAS DATA\n");
                         nread = xread_tls_block(tls);
                         if (nread < 1)
-//if eof, just close stdout, but not exit!
+//TODO: if eof, just close stdout, but not exit!
                                 return EXIT_SUCCESS;
                         xwrite(STDOUT_FILENO, tls->inbuf + RECHDR_LEN, nread);
                 }