1 files changed, 480 insertions, 0 deletions
diff --git a/networking/ssl_helper-wolfssl/ssl_helper.c b/networking/ssl_helper-wolfssl/ssl_helper.c
new file mode 100644
index 000000000..38b7b56c6
--- /dev/null
+++ b/networking/ssl_helper-wolfssl/ssl_helper.c
@@ -0,0 +1,480 @@
+/*
+ * Adapted from:
+ *
+ * client.c
+ *
+ * Copyright (C) 2006-2015 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL. (formerly known as CyaSSL)
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+#include <stdlib.h>
+#include <unistd.h>
+#include <stdarg.h>
+#include <string.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <time.h>
+#include <poll.h>
+#include <sys/socket.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <wolfssl/ssl.h>
+#if 0
+# define dbg(...) say(__VA_ARGS__)
+#else
+# define dbg(...) ((void)0)
+#endif
+static ssize_t safe_write(int fd, const void *buf, size_t count)
+{
+        ssize_t n;
+        do {
+                n = write(fd, buf, count);
+        } while (n < 0 && errno == EINTR);
+        return n;
+}
+static ssize_t full_write(int fd, const void *buf, size_t len)
+{
+        ssize_t cc;
+        ssize_t total;
+        total = 0;
+        while (len) {
+                cc = safe_write(fd, buf, len);
+                if (cc < 0) {
+                        if (total) {
+                                /* we already wrote some! */
+                                /* user can do another write to know the error code */
+                                return total;
+                        }
+                        return cc;  /* write() returns -1 on failure. */
+                }
+                total += cc;
+                buf = ((const char *)buf) + cc;
+                len -= cc;
+        }
+        return total;
+}
+static void say(const char *s, ...)
+{
+        char buf[256];
+        va_list p;
+        int sz;
+        va_start(p, s);
+        sz = vsnprintf(buf, sizeof(buf), s, p);
+        full_write(STDERR_FILENO, buf, sz >= 0 && sz < sizeof(buf) ? sz : strlen(buf));
+        va_end(p);
+}
+static void die(const char *s, ...)
+{
+        char buf[256];
+        va_list p;
+        int sz;
+        va_start(p, s);
+        sz = vsnprintf(buf, sizeof(buf), s, p);
+        full_write(STDERR_FILENO, buf, sz >= 0 && sz < sizeof(buf) ? sz : strlen(buf));
+        exit(1);
+        va_end(p);
+}
+static void err_sys(const char *msg)
+{
+        die("%s\n", msg);
+}
+/* ==== */
+#if 0
+static void showPeer(WOLFSSL* ssl)
+{
+        WOLFSSL_CIPHER* cipher;
+        WOLFSSL_X509* peer = wolfSSL_get_peer_certificate(ssl);
+        if (peer)
+                ShowX509(peer, "peer's cert info:");
+        else
+                say("peer has no cert!\n");
+        say("SSL version is %s\n", wolfSSL_get_version(ssl));
+        cipher = wolfSSL_get_current_cipher(ssl);
+        say("SSL cipher suite is %s\n", wolfSSL_CIPHER_get_name(cipher));
+        {
+                WOLFSSL_X509_CHAIN* chain = wolfSSL_get_peer_chain(ssl);
+                int count = wolfSSL_get_chain_count(chain);
+                int i;
+                for (i = 0; i < count; i++) {
+                        int length;
+                        unsigned char buffer[3072];
+                        WOLFSSL_X509* chainX509;
+                        wolfSSL_get_chain_cert_pem(chain, i, buffer, sizeof(buffer), &length);
+                        buffer[length] = 0;
+                        say("cert %d has length %d data = \n%s\n", i, length, buffer);
+                        chainX509 = wolfSSL_get_chain_X509(chain, i);
+                        if (chainX509)
+                                ShowX509(chainX509, "session cert info:");
+                        else
+                                say("get_chain_X509 failed\n");
+                        wolfSSL_FreeX509(chainX509);
+                }
+        }
+}
+#endif
+WOLFSSL *prepare(int sockfd)
+{
+        WOLFSSL_METHOD* method;
+        WOLFSSL_CTX* ctx;
+        WOLFSSL* ssl;
+        wolfSSL_Init();
+        method = wolfTLSv1_1_client_method();
+        if (method == NULL)
+                err_sys("out of memory");
+        ctx = wolfSSL_CTX_new(method);
+        if (ctx == NULL)
+                err_sys("out of memory");
+//      if (cipherList)
+//              if (wolfSSL_CTX_set_cipher_list(ctx, cipherList) != SSL_SUCCESS)
+//                      err_sys("client can't set cipher list 1");
+//      if (fewerPackets)
+//              wolfSSL_CTX_set_group_messages(ctx);
+//#ifndef NO_DH
+//      wolfSSL_CTX_SetMinDhKey_Sz(ctx, (word16)minDhKeyBits);
+//#endif
+//      if (usePsk) {
+//              wolfSSL_CTX_set_psk_client_callback(ctx, my_psk_client_cb);
+//              if (cipherList == NULL) {
+//                      const char *defaultCipherList;
+//#if defined(HAVE_AESGCM) && !defined(NO_DH)
+//                      defaultCipherList = "DHE-PSK-AES128-GCM-SHA256";
+//#elif defined(HAVE_NULL_CIPHER)
+//                      defaultCipherList = "PSK-NULL-SHA256";
+//#else
+//                      defaultCipherList = "PSK-AES128-CBC-SHA256";
+//#endif
+//                      if (wolfSSL_CTX_set_cipher_list(ctx,defaultCipherList) != SSL_SUCCESS)
+//                              err_sys("client can't set cipher list 2");
+//              }
+//              useClientCert = 0;
+//      }
+//      if (useAnon) {
+//              if (cipherList == NULL) {
+//                      wolfSSL_CTX_allow_anon_cipher(ctx);
+//                      if (wolfSSL_CTX_set_cipher_list(ctx,"ADH-AES128-SHA") != SSL_SUCCESS)
+//                              err_sys("client can't set cipher list 4");
+//              }
+//              useClientCert = 0;
+//      }
+//#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
+//      wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
+//#endif
+//      if (useOcsp) {
+//              if (ocspUrl != NULL) {
+//                      wolfSSL_CTX_SetOCSP_OverrideURL(ctx, ocspUrl);
+//                      wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_NO_NONCE
+//                                      | WOLFSSL_OCSP_URL_OVERRIDE);
+//              }
+//              else
+//                      wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_NO_NONCE);
+//      }
+//
+//#ifdef USER_CA_CB
+//      wolfSSL_CTX_SetCACb(ctx, CaCb);
+//#endif
+//
+//#ifdef VERIFY_CALLBACK
+//      wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myVerify);
+//#endif
+//#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
+//      if (useClientCert) {
+//              if (wolfSSL_CTX_use_certificate_chain_file(ctx, ourCert) != SSL_SUCCESS)
+//                      err_sys("can't load client cert file, check file and run from"
+//                              " wolfSSL home dir");
+//              if (wolfSSL_CTX_use_PrivateKey_file(ctx, ourKey, SSL_FILETYPE_PEM) != SSL_SUCCESS)
+//                      err_sys("can't load client private key file, check file and run "
+//                              "from wolfSSL home dir");
+//      }
+//
+//      if (!usePsk && !useAnon) {
+//              if (wolfSSL_CTX_load_verify_locations(ctx, verifyCert,0) != SSL_SUCCESS)
+//                      err_sys("can't load ca file, Please run from wolfSSL home dir");
+//#ifdef HAVE_ECC
+//              /* load ecc verify too, echoserver uses it by default w/ ecc */
+//              if (wolfSSL_CTX_load_verify_locations(ctx, eccCert, 0) != SSL_SUCCESS)
+//                      err_sys("can't load ecc ca file, Please run from wolfSSL home dir");
+//#endif
+//      }
+//#endif /* !NO_FILESYSTEM && !NO_CERTS */
+//#if !defined(NO_CERTS)
+//      if (!usePsk && !useAnon && doPeerCheck == 0)
+//              wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
+//      if (!usePsk && !useAnon && overrideDateErrors == 1)
+//              wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myDateCb);
+//#endif
+        wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
+//#ifdef HAVE_SNI
+//      if (sniHostName)
+//              if (wolfSSL_CTX_UseSNI(ctx, 0, sniHostName, XSTRLEN(sniHostName)) != SSL_SUCCESS)
+//                      err_sys("UseSNI failed");
+//#endif
+//#ifdef HAVE_MAX_FRAGMENT
+//      if (maxFragment)
+//              if (wolfSSL_CTX_UseMaxFragment(ctx, maxFragment) != SSL_SUCCESS)
+//                      err_sys("UseMaxFragment failed");
+//#endif
+//#ifdef HAVE_TRUNCATED_HMAC
+//      if (truncatedHMAC)
+//              if (wolfSSL_CTX_UseTruncatedHMAC(ctx) != SSL_SUCCESS)
+//                      err_sys("UseTruncatedHMAC failed");
+//#endif
+//#ifdef HAVE_SESSION_TICKET
+//      if (wolfSSL_CTX_UseSessionTicket(ctx) != SSL_SUCCESS)
+//              err_sys("UseSessionTicket failed");
+//#endif
+//#if defined(WOLFSSL_MDK_ARM)
+//      wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
+//#endif
+        ssl = wolfSSL_new(ctx);
+        if (ssl == NULL)
+                err_sys("out of memory");
+//#ifdef HAVE_SESSION_TICKET
+//      wolfSSL_set_SessionTicket_cb(ssl, sessionTicketCB, (void*)"initial session");
+//#endif
+//      if (doDTLS) {
+//              SOCKADDR_IN_T addr;
+//              build_addr(&addr, host, port, 1);
+//              wolfSSL_dtls_set_peer(ssl, &addr, sizeof(addr));
+//              tcp_socket(&sockfd, 1);
+//      } wlse {
+//              tcp_connect(&sockfd, host, port, 0);
+//      }
+//#ifdef HAVE_POLY1305
+//      /* use old poly to connect with google server */
+//      if (!XSTRNCMP(domain, "www.google.com", 14)) {
+//              if (wolfSSL_use_old_poly(ssl, 1) != 0)
+//                      err_sys("unable to set to old poly");
+//      }
+//#endif
+        wolfSSL_set_fd(ssl, sockfd);
+//#ifdef HAVE_CRL
+//      if (disableCRL == 0) {
+//              if (wolfSSL_EnableCRL(ssl, WOLFSSL_CRL_CHECKALL) != SSL_SUCCESS)
+//                      err_sys("can't enable crl check");
+//              if (wolfSSL_LoadCRL(ssl, crlPemDir, SSL_FILETYPE_PEM, 0) != SSL_SUCCESS)
+//                      err_sys("can't load crl, check crlfile and date validity");
+//              if (wolfSSL_SetCRL_Cb(ssl, CRL_CallBack) != SSL_SUCCESS)
+//                      err_sys("can't set crl callback");
+//      }
+//#endif
+//#ifdef HAVE_SECURE_RENEGOTIATION
+//      if (scr) {
+//              if (wolfSSL_UseSecureRenegotiation(ssl) != SSL_SUCCESS)
+//                      err_sys("can't enable secure renegotiation");
+//      }
+//#endif
+//#ifdef ATOMIC_USER
+//      if (atomicUser)
+//              SetupAtomicUser(ctx, ssl);
+//#endif
+//#ifdef HAVE_PK_CALLBACKS
+//      if (pkCallbacks)
+//              SetupPkCallbacks(ctx, ssl);
+//#endif
+//      if (matchName && doPeerCheck)
+//              wolfSSL_check_domain_name(ssl, domain);
+        if (wolfSSL_connect(ssl) != SSL_SUCCESS) {
+//              /* see note at top of README */
+//              int  err = wolfSSL_get_error(ssl, 0);
+//              char buffer[WOLFSSL_MAX_ERROR_SZ];
+//              say("err = %d, %s\n", err,
+//                      wolfSSL_ERR_error_string(err, buffer));
+                err_sys("SSL_connect failed");
+        }
+//      showPeer(ssl);
+//#ifdef HAVE_SECURE_RENEGOTIATION
+//      if (scr && forceScr) {
+//              if (wolfSSL_Rehandshake(ssl) != SSL_SUCCESS) {
+//                      int err = wolfSSL_get_error(ssl, 0);
+//                      char buffer[WOLFSSL_MAX_ERROR_SZ];
+//                      say("err = %d, %s\n", err,
+//                              wolfSSL_ERR_error_string(err, buffer));
+//                      err_sys("wolfSSL_Rehandshake failed");
+//              }
+//      }
+//#endif
+        return ssl;
+}
+static struct pollfd pfd[2] = {
+        { -1, POLLIN|POLLERR|POLLHUP, 0 },
+        { -1, POLLIN|POLLERR|POLLHUP, 0 },
+};
+#define STDIN           pfd[0]
+#define NETWORK         pfd[1]
+#define STDIN_READY()   (pfd[0].revents & (POLLIN|POLLERR|POLLHUP))
+#define NETWORK_READY() (pfd[1].revents & (POLLIN|POLLERR|POLLHUP))
+static void wait_for_input(void)
+{
+        if (STDIN.fd == NETWORK.fd) /* means both are -1 */
+                exit(0);
+        dbg("polling\n");
+        STDIN.revents = NETWORK.revents = 0;
+        while (poll(pfd, 2, -1) < 0 && errno == EINTR)
+                continue;
+}
+static void do_io_until_eof_and_exit(WOLFSSL *ssl, int fd)
+{
+        int len;
+        char ibuf[4 * 1024];
+        NETWORK.fd = fd;
+        STDIN.fd = 0;
+        len = 0; /* only to suppress compiler warning */
+        for (;;) {
+                wait_for_input();
+                if (STDIN_READY()) {
+                        dbg("reading stdin\n");
+                        len = read(STDIN_FILENO, ibuf, sizeof(ibuf));
+                        if (len < 0)
+                                die("read error on stdin\n");
+                        if (len == 0) {
+                                dbg("read len = 0, stdin not polled anymore\n");
+                                STDIN.fd = -1;
+                        } else {
+                                int n = wolfSSL_write(ssl, ibuf, len);
+                                if (n != len)
+                                        die("SSL_write(%d) failed (returned %d)\n", len, n);
+                        }
+                }
+                if (NETWORK_READY()) {
+                        dbg("%s%s%s\n",
+                                (pfd[1].revents & POLLIN)  ? "POLLIN"  : "",
+                                (pfd[1].revents & POLLERR) ? "|POLLERR" : "",
+                                (pfd[1].revents & POLLHUP) ? "|POLLHUP" : ""
+                        );
+/* We are using blocking socket here.
+ * (Nonblocking socket would complicate writing to it).
+ * Therefore, SSL_read _can block_ here.
+ * This is not what wget expects (it wants to see short reads).
+ * Therefore, we use smallish buffer here, to approximate that.
+ */
+                        len = wolfSSL_read(ssl, ibuf,
+                                sizeof(ibuf) < 1024 ? sizeof(ibuf) : 1024
+                        );
+                        if (len < 0)
+                                die("SSL_read error on network (%d)\n", len);
+                        if (len > 0) {
+                                int n;
+                                n = full_write(STDOUT_FILENO, ibuf, len);
+                                if (n != len)
+                                        die("write(%d) to stdout returned %d\n", len, n);
+                                continue;
+                        }
+/* Blocking reads are easier wtr EOF detection (no EAGAIN error to check for) */
+                        dbg("read len = 0, network not polled anymore\n");
+                        NETWORK.fd = -1;
+                        /* saw EOF on network, and we processed
+                         * and wrote out all ssl data. Signal it:
+                         */
+                        close(STDOUT_FILENO);
+                }
+        }
+}
+int main(int argc, char **argv)
+{
+        WOLFSSL *ssl;
+        int fd;
+        char *fd_str;
+        if (!argv[1])
+                die("Syntax error\n");
+        if (argv[1][0] != '-')
+                die("Syntax error\n");
+        if (argv[1][1] != 'd')
+                die("Syntax error\n");
+        fd_str = argv[1] + 2;
+        if (!fd_str[0])
+                fd_str = argv[2];
+        if (!fd_str || fd_str[0] < '0' || fd_str[0] > '9')
+                die("Syntax error\n");
+        fd = atoi(fd_str);
+        if (fd < 3)
+                die("Syntax error\n");
+        ssl = prepare(fd);
+        do_io_until_eof_and_exit(ssl, fd);
+        /* does not return */
+//      if (doDTLS == 0) { /* don't send alert after "break" command */
+//              ret = wolfSSL_shutdown(ssl);
+//              if (wc_shutdown && ret == SSL_SHUTDOWN_NOT_DONE)
+//                      wolfSSL_shutdown(ssl); /* bidirectional shutdown */
+//      }
+//#ifdef ATOMIC_USER
+//      if (atomicUser)
+//              FreeAtomicUser(ssl);
+//#endif
+//      wolfSSL_free(ssl);
+//      CloseSocket(sockfd);
+//      wolfSSL_CTX_free(ctx);
+        return 0;
+}

diff --git a/networking/ssl_helper-wolfssl/ssl_helper.c b/networking/ssl_helper-wolfssl/ssl_helper.c new file mode 100644 index 000000000..38b7b56c6 --- /dev/null +++ b/networking/ssl_helper-wolfssl/ssl_helper.c
@@ -0,0 +1,480 @@
	1	/*
	2	* Adapted from:
	3	*
	4	* client.c
	5	*
	6	* Copyright (C) 2006-2015 wolfSSL Inc.
	7	*
	8	* This file is part of wolfSSL. (formerly known as CyaSSL)
	9	*
	10	* wolfSSL is free software; you can redistribute it and/or modify
	11	* it under the terms of the GNU General Public License as published by
	12	* the Free Software Foundation; either version 2 of the License, or
	13	* (at your option) any later version.
	14	*
	15	* wolfSSL is distributed in the hope that it will be useful,
	16	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	17	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	18	* GNU General Public License for more details.
	19	*
	20	* You should have received a copy of the GNU General Public License
	21	* along with this program; if not, write to the Free Software
	22	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
	23	*/
	24	#include <stdlib.h>
	25	#include <unistd.h>
	26	#include <stdarg.h>
	27	#include <string.h>
	28	#include <errno.h>
	29	#include <fcntl.h>
	30	#include <stdio.h>
	31	#include <time.h>
	32	#include <poll.h>
	33	#include <sys/socket.h>
	34
	35	#include <wolfssl/wolfcrypt/types.h>
	36	#include <wolfssl/ssl.h>
	37
	38	#if 0
	39	# define dbg(...) say(__VA_ARGS__)
	40	#else
	41	# define dbg(...) ((void)0)
	42	#endif
	43
	44	static ssize_t safe_write(int fd, const void *buf, size_t count)
	45	{
	46	ssize_t n;
	47
	48	do {
	49	n = write(fd, buf, count);
	50	} while (n < 0 && errno == EINTR);
	51
	52	return n;
	53	}
	54
	55	static ssize_t full_write(int fd, const void *buf, size_t len)
	56	{
	57	ssize_t cc;
	58	ssize_t total;
	59
	60	total = 0;
	61
	62	while (len) {
	63	cc = safe_write(fd, buf, len);
	64
	65	if (cc < 0) {
	66	if (total) {
	67	/* we already wrote some! */
	68	/* user can do another write to know the error code */
	69	return total;
	70	}
	71	return cc; /* write() returns -1 on failure. */
	72	}
	73
	74	total += cc;
	75	buf = ((const char *)buf) + cc;
	76	len -= cc;
	77	}
	78
	79	return total;
	80	}
	81
	82	static void say(const char *s, ...)
	83	{
	84	char buf[256];
	85	va_list p;
	86	int sz;
	87
	88	va_start(p, s);
	89	sz = vsnprintf(buf, sizeof(buf), s, p);
	90	full_write(STDERR_FILENO, buf, sz >= 0 && sz < sizeof(buf) ? sz : strlen(buf));
	91	va_end(p);
	92	}
	93
	94	static void die(const char *s, ...)
	95	{
	96	char buf[256];
	97	va_list p;
	98	int sz;
	99
	100	va_start(p, s);
	101	sz = vsnprintf(buf, sizeof(buf), s, p);
	102	full_write(STDERR_FILENO, buf, sz >= 0 && sz < sizeof(buf) ? sz : strlen(buf));
	103	exit(1);
	104	va_end(p);
	105	}
	106
	107	static void err_sys(const char *msg)
	108	{
	109	die("%s\n", msg);
	110	}
	111
	112	/* ==== */
	113
	114	#if 0
	115	static void showPeer(WOLFSSL* ssl)
	116	{
	117	WOLFSSL_CIPHER* cipher;
	118	WOLFSSL_X509* peer = wolfSSL_get_peer_certificate(ssl);
	119	if (peer)
	120	ShowX509(peer, "peer's cert info:");
	121	else
	122	say("peer has no cert!\n");
	123	say("SSL version is %s\n", wolfSSL_get_version(ssl));
	124
	125	cipher = wolfSSL_get_current_cipher(ssl);
	126	say("SSL cipher suite is %s\n", wolfSSL_CIPHER_get_name(cipher));
	127
	128	{
	129	WOLFSSL_X509_CHAIN* chain = wolfSSL_get_peer_chain(ssl);
	130	int count = wolfSSL_get_chain_count(chain);
	131	int i;
	132
	133	for (i = 0; i < count; i++) {
	134	int length;
	135	unsigned char buffer[3072];
	136	WOLFSSL_X509* chainX509;
	137
	138	wolfSSL_get_chain_cert_pem(chain, i, buffer, sizeof(buffer), &length);
	139	buffer[length] = 0;
	140	say("cert %d has length %d data = \n%s\n", i, length, buffer);
	141
	142	chainX509 = wolfSSL_get_chain_X509(chain, i);
	143	if (chainX509)
	144	ShowX509(chainX509, "session cert info:");
	145	else
	146	say("get_chain_X509 failed\n");
	147	wolfSSL_FreeX509(chainX509);
	148	}
	149	}
	150	}
	151	#endif
	152
	153	WOLFSSL *prepare(int sockfd)
	154	{
	155	WOLFSSL_METHOD* method;
	156	WOLFSSL_CTX* ctx;
	157	WOLFSSL* ssl;
	158
	159	wolfSSL_Init();
	160
	161	method = wolfTLSv1_1_client_method();
	162	if (method == NULL)
	163	err_sys("out of memory");
	164	ctx = wolfSSL_CTX_new(method);
	165	if (ctx == NULL)
	166	err_sys("out of memory");
	167	// if (cipherList)
	168	// if (wolfSSL_CTX_set_cipher_list(ctx, cipherList) != SSL_SUCCESS)
	169	// err_sys("client can't set cipher list 1");
	170
	171	// if (fewerPackets)
	172	// wolfSSL_CTX_set_group_messages(ctx);
	173
	174	//#ifndef NO_DH
	175	// wolfSSL_CTX_SetMinDhKey_Sz(ctx, (word16)minDhKeyBits);
	176	//#endif
	177
	178	// if (usePsk) {
	179	// wolfSSL_CTX_set_psk_client_callback(ctx, my_psk_client_cb);
	180	// if (cipherList == NULL) {
	181	// const char *defaultCipherList;
	182	//#if defined(HAVE_AESGCM) && !defined(NO_DH)
	183	// defaultCipherList = "DHE-PSK-AES128-GCM-SHA256";
	184	//#elif defined(HAVE_NULL_CIPHER)
	185	// defaultCipherList = "PSK-NULL-SHA256";
	186	//#else
	187	// defaultCipherList = "PSK-AES128-CBC-SHA256";
	188	//#endif
	189	// if (wolfSSL_CTX_set_cipher_list(ctx,defaultCipherList) != SSL_SUCCESS)
	190	// err_sys("client can't set cipher list 2");
	191	// }
	192	// useClientCert = 0;
	193	// }
	194
	195	// if (useAnon) {
	196	// if (cipherList == NULL) {
	197	// wolfSSL_CTX_allow_anon_cipher(ctx);
	198	// if (wolfSSL_CTX_set_cipher_list(ctx,"ADH-AES128-SHA") != SSL_SUCCESS)
	199	// err_sys("client can't set cipher list 4");
	200	// }
	201	// useClientCert = 0;
	202	// }
	203
	204	//#if defined(OPENSSL_EXTRA) \|\| defined(HAVE_WEBSERVER)
	205	// wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
	206	//#endif
	207
	208	// if (useOcsp) {
	209	// if (ocspUrl != NULL) {
	210	// wolfSSL_CTX_SetOCSP_OverrideURL(ctx, ocspUrl);
	211	// wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_NO_NONCE
	212	// \| WOLFSSL_OCSP_URL_OVERRIDE);
	213	// }
	214	// else
	215	// wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_NO_NONCE);
	216	// }
	217	//
	218	//#ifdef USER_CA_CB
	219	// wolfSSL_CTX_SetCACb(ctx, CaCb);
	220	//#endif
	221	//
	222	//#ifdef VERIFY_CALLBACK
	223	// wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myVerify);
	224	//#endif
	225	//#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
	226	// if (useClientCert) {
	227	// if (wolfSSL_CTX_use_certificate_chain_file(ctx, ourCert) != SSL_SUCCESS)
	228	// err_sys("can't load client cert file, check file and run from"
	229	// " wolfSSL home dir");
	230	// if (wolfSSL_CTX_use_PrivateKey_file(ctx, ourKey, SSL_FILETYPE_PEM) != SSL_SUCCESS)
	231	// err_sys("can't load client private key file, check file and run "
	232	// "from wolfSSL home dir");
	233	// }
	234	//
	235	// if (!usePsk && !useAnon) {
	236	// if (wolfSSL_CTX_load_verify_locations(ctx, verifyCert,0) != SSL_SUCCESS)
	237	// err_sys("can't load ca file, Please run from wolfSSL home dir");
	238	//#ifdef HAVE_ECC
	239	// /* load ecc verify too, echoserver uses it by default w/ ecc */
	240	// if (wolfSSL_CTX_load_verify_locations(ctx, eccCert, 0) != SSL_SUCCESS)
	241	// err_sys("can't load ecc ca file, Please run from wolfSSL home dir");
	242	//#endif
	243	// }
	244	//#endif /* !NO_FILESYSTEM && !NO_CERTS */
	245
	246	//#if !defined(NO_CERTS)
	247	// if (!usePsk && !useAnon && doPeerCheck == 0)
	248	// wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
	249	// if (!usePsk && !useAnon && overrideDateErrors == 1)
	250	// wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myDateCb);
	251	//#endif
	252
	253	wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
	254
	255	//#ifdef HAVE_SNI
	256	// if (sniHostName)
	257	// if (wolfSSL_CTX_UseSNI(ctx, 0, sniHostName, XSTRLEN(sniHostName)) != SSL_SUCCESS)
	258	// err_sys("UseSNI failed");
	259	//#endif
	260
	261	//#ifdef HAVE_MAX_FRAGMENT
	262	// if (maxFragment)
	263	// if (wolfSSL_CTX_UseMaxFragment(ctx, maxFragment) != SSL_SUCCESS)
	264	// err_sys("UseMaxFragment failed");
	265	//#endif
	266	//#ifdef HAVE_TRUNCATED_HMAC
	267	// if (truncatedHMAC)
	268	// if (wolfSSL_CTX_UseTruncatedHMAC(ctx) != SSL_SUCCESS)
	269	// err_sys("UseTruncatedHMAC failed");
	270	//#endif
	271	//#ifdef HAVE_SESSION_TICKET
	272	// if (wolfSSL_CTX_UseSessionTicket(ctx) != SSL_SUCCESS)
	273	// err_sys("UseSessionTicket failed");
	274	//#endif
	275
	276	//#if defined(WOLFSSL_MDK_ARM)
	277	// wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
	278	//#endif
	279
	280	ssl = wolfSSL_new(ctx);
	281	if (ssl == NULL)
	282	err_sys("out of memory");
	283
	284	//#ifdef HAVE_SESSION_TICKET
	285	// wolfSSL_set_SessionTicket_cb(ssl, sessionTicketCB, (void*)"initial session");
	286	//#endif
	287
	288	// if (doDTLS) {
	289	// SOCKADDR_IN_T addr;
	290	// build_addr(&addr, host, port, 1);
	291	// wolfSSL_dtls_set_peer(ssl, &addr, sizeof(addr));
	292	// tcp_socket(&sockfd, 1);
	293	// } wlse {
	294	// tcp_connect(&sockfd, host, port, 0);
	295	// }
	296
	297	//#ifdef HAVE_POLY1305
	298	// /* use old poly to connect with google server */
	299	// if (!XSTRNCMP(domain, "www.google.com", 14)) {
	300	// if (wolfSSL_use_old_poly(ssl, 1) != 0)
	301	// err_sys("unable to set to old poly");
	302	// }
	303	//#endif
	304
	305	wolfSSL_set_fd(ssl, sockfd);
	306
	307	//#ifdef HAVE_CRL
	308	// if (disableCRL == 0) {
	309	// if (wolfSSL_EnableCRL(ssl, WOLFSSL_CRL_CHECKALL) != SSL_SUCCESS)
	310	// err_sys("can't enable crl check");
	311	// if (wolfSSL_LoadCRL(ssl, crlPemDir, SSL_FILETYPE_PEM, 0) != SSL_SUCCESS)
	312	// err_sys("can't load crl, check crlfile and date validity");
	313	// if (wolfSSL_SetCRL_Cb(ssl, CRL_CallBack) != SSL_SUCCESS)
	314	// err_sys("can't set crl callback");
	315	// }
	316	//#endif
	317	//#ifdef HAVE_SECURE_RENEGOTIATION
	318	// if (scr) {
	319	// if (wolfSSL_UseSecureRenegotiation(ssl) != SSL_SUCCESS)
	320	// err_sys("can't enable secure renegotiation");
	321	// }
	322	//#endif
	323	//#ifdef ATOMIC_USER
	324	// if (atomicUser)
	325	// SetupAtomicUser(ctx, ssl);
	326	//#endif
	327	//#ifdef HAVE_PK_CALLBACKS
	328	// if (pkCallbacks)
	329	// SetupPkCallbacks(ctx, ssl);
	330	//#endif
	331	// if (matchName && doPeerCheck)
	332	// wolfSSL_check_domain_name(ssl, domain);
	333
	334	if (wolfSSL_connect(ssl) != SSL_SUCCESS) {
	335	// /* see note at top of README */
	336	// int err = wolfSSL_get_error(ssl, 0);
	337	// char buffer[WOLFSSL_MAX_ERROR_SZ];
	338	// say("err = %d, %s\n", err,
	339	// wolfSSL_ERR_error_string(err, buffer));
	340	err_sys("SSL_connect failed");
	341	}
	342	// showPeer(ssl);
	343
	344	//#ifdef HAVE_SECURE_RENEGOTIATION
	345	// if (scr && forceScr) {
	346	// if (wolfSSL_Rehandshake(ssl) != SSL_SUCCESS) {
	347	// int err = wolfSSL_get_error(ssl, 0);
	348	// char buffer[WOLFSSL_MAX_ERROR_SZ];
	349	// say("err = %d, %s\n", err,
	350	// wolfSSL_ERR_error_string(err, buffer));
	351	// err_sys("wolfSSL_Rehandshake failed");
	352	// }
	353	// }
	354	//#endif
	355
	356	return ssl;
	357	}
	358
	359	static struct pollfd pfd[2] = {
	360	{ -1, POLLIN\|POLLERR\|POLLHUP, 0 },
	361	{ -1, POLLIN\|POLLERR\|POLLHUP, 0 },
	362	};
	363	#define STDIN pfd[0]
	364	#define NETWORK pfd[1]
	365	#define STDIN_READY() (pfd[0].revents & (POLLIN\|POLLERR\|POLLHUP))
	366	#define NETWORK_READY() (pfd[1].revents & (POLLIN\|POLLERR\|POLLHUP))
	367
	368	static void wait_for_input(void)
	369	{
	370	if (STDIN.fd == NETWORK.fd) /* means both are -1 */
	371	exit(0);
	372	dbg("polling\n");
	373	STDIN.revents = NETWORK.revents = 0;
	374	while (poll(pfd, 2, -1) < 0 && errno == EINTR)
	375	continue;
	376	}
	377
	378	static void do_io_until_eof_and_exit(WOLFSSL *ssl, int fd)
	379	{
	380	int len;
	381	char ibuf[4 * 1024];
	382
	383	NETWORK.fd = fd;
	384	STDIN.fd = 0;
	385
	386	len = 0; /* only to suppress compiler warning */
	387	for (;;) {
	388	wait_for_input();
	389
	390	if (STDIN_READY()) {
	391	dbg("reading stdin\n");
	392	len = read(STDIN_FILENO, ibuf, sizeof(ibuf));
	393	if (len < 0)
	394	die("read error on stdin\n");
	395	if (len == 0) {
	396	dbg("read len = 0, stdin not polled anymore\n");
	397	STDIN.fd = -1;
	398	} else {
	399	int n = wolfSSL_write(ssl, ibuf, len);
	400	if (n != len)
	401	die("SSL_write(%d) failed (returned %d)\n", len, n);
	402	}
	403	}
	404
	405	if (NETWORK_READY()) {
	406	dbg("%s%s%s\n",
	407	(pfd[1].revents & POLLIN) ? "POLLIN" : "",
	408	(pfd[1].revents & POLLERR) ? "\|POLLERR" : "",
	409	(pfd[1].revents & POLLHUP) ? "\|POLLHUP" : ""
	410	);
	411	/* We are using blocking socket here.
	412	* (Nonblocking socket would complicate writing to it).
	413	* Therefore, SSL_read _can block_ here.
	414	* This is not what wget expects (it wants to see short reads).
	415	* Therefore, we use smallish buffer here, to approximate that.
	416	*/
	417	len = wolfSSL_read(ssl, ibuf,
	418	sizeof(ibuf) < 1024 ? sizeof(ibuf) : 1024
	419	);
	420	if (len < 0)
	421	die("SSL_read error on network (%d)\n", len);
	422	if (len > 0) {
	423	int n;
	424	n = full_write(STDOUT_FILENO, ibuf, len);
	425	if (n != len)
	426	die("write(%d) to stdout returned %d\n", len, n);
	427	continue;
	428	}
	429	/* Blocking reads are easier wtr EOF detection (no EAGAIN error to check for) */
	430	dbg("read len = 0, network not polled anymore\n");
	431	NETWORK.fd = -1;
	432	/* saw EOF on network, and we processed
	433	* and wrote out all ssl data. Signal it:
	434	*/
	435	close(STDOUT_FILENO);
	436	}
	437	}
	438	}
	439
	440	int main(int argc, char **argv)
	441	{
	442	WOLFSSL *ssl;
	443	int fd;
	444	char *fd_str;
	445
	446	if (!argv[1])
	447	die("Syntax error\n");
	448	if (argv[1][0] != '-')
	449	die("Syntax error\n");
	450	if (argv[1][1] != 'd')
	451	die("Syntax error\n");
	452	fd_str = argv[1] + 2;
	453	if (!fd_str[0])
	454	fd_str = argv[2];
	455	if (!fd_str \|\| fd_str[0] < '0' \|\| fd_str[0] > '9')
	456	die("Syntax error\n");
	457
	458	fd = atoi(fd_str);
	459	if (fd < 3)
	460	die("Syntax error\n");
	461
	462	ssl = prepare(fd);
	463	do_io_until_eof_and_exit(ssl, fd);
	464	/* does not return */
	465
	466	// if (doDTLS == 0) { /* don't send alert after "break" command */
	467	// ret = wolfSSL_shutdown(ssl);
	468	// if (wc_shutdown && ret == SSL_SHUTDOWN_NOT_DONE)
	469	// wolfSSL_shutdown(ssl); /* bidirectional shutdown */
	470	// }
	471	//#ifdef ATOMIC_USER
	472	// if (atomicUser)
	473	// FreeAtomicUser(ssl);
	474	//#endif
	475	// wolfSSL_free(ssl);
	476	// CloseSocket(sockfd);
	477	// wolfSSL_CTX_free(ctx);
	478
	479	return 0;
	480	}