blob: 38b7b56c6388f1cf7002ffd1605f8a4ca979ac22
1 | /* |
2 | * Adapted from: |
3 | * |
4 | * client.c |
5 | * |
6 | * Copyright (C) 2006-2015 wolfSSL Inc. |
7 | * |
8 | * This file is part of wolfSSL. (formerly known as CyaSSL) |
9 | * |
10 | * wolfSSL is free software; you can redistribute it and/or modify |
11 | * it under the terms of the GNU General Public License as published by |
12 | * the Free Software Foundation; either version 2 of the License, or |
13 | * (at your option) any later version. |
14 | * |
15 | * wolfSSL is distributed in the hope that it will be useful, |
16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
18 | * GNU General Public License for more details. |
19 | * |
20 | * You should have received a copy of the GNU General Public License |
21 | * along with this program; if not, write to the Free Software |
22 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA |
23 | */ |
24 | #include <stdlib.h> |
25 | #include <unistd.h> |
26 | #include <stdarg.h> |
27 | #include <string.h> |
28 | #include <errno.h> |
29 | #include <fcntl.h> |
30 | #include <stdio.h> |
31 | #include <time.h> |
32 | #include <poll.h> |
33 | #include <sys/socket.h> |
34 | |
35 | #include <wolfssl/wolfcrypt/types.h> |
36 | #include <wolfssl/ssl.h> |
37 | |
38 | #if 0 |
39 | # define dbg(...) say(__VA_ARGS__) |
40 | #else |
41 | # define dbg(...) ((void)0) |
42 | #endif |
43 | |
44 | static ssize_t safe_write(int fd, const void *buf, size_t count) |
45 | { |
46 | ssize_t n; |
47 | |
48 | do { |
49 | n = write(fd, buf, count); |
50 | } while (n < 0 && errno == EINTR); |
51 | |
52 | return n; |
53 | } |
54 | |
55 | static ssize_t full_write(int fd, const void *buf, size_t len) |
56 | { |
57 | ssize_t cc; |
58 | ssize_t total; |
59 | |
60 | total = 0; |
61 | |
62 | while (len) { |
63 | cc = safe_write(fd, buf, len); |
64 | |
65 | if (cc < 0) { |
66 | if (total) { |
67 | /* we already wrote some! */ |
68 | /* user can do another write to know the error code */ |
69 | return total; |
70 | } |
71 | return cc; /* write() returns -1 on failure. */ |
72 | } |
73 | |
74 | total += cc; |
75 | buf = ((const char *)buf) + cc; |
76 | len -= cc; |
77 | } |
78 | |
79 | return total; |
80 | } |
81 | |
82 | static void say(const char *s, ...) |
83 | { |
84 | char buf[256]; |
85 | va_list p; |
86 | int sz; |
87 | |
88 | va_start(p, s); |
89 | sz = vsnprintf(buf, sizeof(buf), s, p); |
90 | full_write(STDERR_FILENO, buf, sz >= 0 && sz < sizeof(buf) ? sz : strlen(buf)); |
91 | va_end(p); |
92 | } |
93 | |
94 | static void die(const char *s, ...) |
95 | { |
96 | char buf[256]; |
97 | va_list p; |
98 | int sz; |
99 | |
100 | va_start(p, s); |
101 | sz = vsnprintf(buf, sizeof(buf), s, p); |
102 | full_write(STDERR_FILENO, buf, sz >= 0 && sz < sizeof(buf) ? sz : strlen(buf)); |
103 | exit(1); |
104 | va_end(p); |
105 | } |
106 | |
107 | static void err_sys(const char *msg) |
108 | { |
109 | die("%s\n", msg); |
110 | } |
111 | |
112 | /* ==== */ |
113 | |
114 | #if 0 |
115 | static void showPeer(WOLFSSL* ssl) |
116 | { |
117 | WOLFSSL_CIPHER* cipher; |
118 | WOLFSSL_X509* peer = wolfSSL_get_peer_certificate(ssl); |
119 | if (peer) |
120 | ShowX509(peer, "peer's cert info:"); |
121 | else |
122 | say("peer has no cert!\n"); |
123 | say("SSL version is %s\n", wolfSSL_get_version(ssl)); |
124 | |
125 | cipher = wolfSSL_get_current_cipher(ssl); |
126 | say("SSL cipher suite is %s\n", wolfSSL_CIPHER_get_name(cipher)); |
127 | |
128 | { |
129 | WOLFSSL_X509_CHAIN* chain = wolfSSL_get_peer_chain(ssl); |
130 | int count = wolfSSL_get_chain_count(chain); |
131 | int i; |
132 | |
133 | for (i = 0; i < count; i++) { |
134 | int length; |
135 | unsigned char buffer[3072]; |
136 | WOLFSSL_X509* chainX509; |
137 | |
138 | wolfSSL_get_chain_cert_pem(chain, i, buffer, sizeof(buffer), &length); |
139 | buffer[length] = 0; |
140 | say("cert %d has length %d data = \n%s\n", i, length, buffer); |
141 | |
142 | chainX509 = wolfSSL_get_chain_X509(chain, i); |
143 | if (chainX509) |
144 | ShowX509(chainX509, "session cert info:"); |
145 | else |
146 | say("get_chain_X509 failed\n"); |
147 | wolfSSL_FreeX509(chainX509); |
148 | } |
149 | } |
150 | } |
151 | #endif |
152 | |
153 | WOLFSSL *prepare(int sockfd) |
154 | { |
155 | WOLFSSL_METHOD* method; |
156 | WOLFSSL_CTX* ctx; |
157 | WOLFSSL* ssl; |
158 | |
159 | wolfSSL_Init(); |
160 | |
161 | method = wolfTLSv1_1_client_method(); |
162 | if (method == NULL) |
163 | err_sys("out of memory"); |
164 | ctx = wolfSSL_CTX_new(method); |
165 | if (ctx == NULL) |
166 | err_sys("out of memory"); |
167 | // if (cipherList) |
168 | // if (wolfSSL_CTX_set_cipher_list(ctx, cipherList) != SSL_SUCCESS) |
169 | // err_sys("client can't set cipher list 1"); |
170 | |
171 | // if (fewerPackets) |
172 | // wolfSSL_CTX_set_group_messages(ctx); |
173 | |
174 | //#ifndef NO_DH |
175 | // wolfSSL_CTX_SetMinDhKey_Sz(ctx, (word16)minDhKeyBits); |
176 | //#endif |
177 | |
178 | // if (usePsk) { |
179 | // wolfSSL_CTX_set_psk_client_callback(ctx, my_psk_client_cb); |
180 | // if (cipherList == NULL) { |
181 | // const char *defaultCipherList; |
182 | //#if defined(HAVE_AESGCM) && !defined(NO_DH) |
183 | // defaultCipherList = "DHE-PSK-AES128-GCM-SHA256"; |
184 | //#elif defined(HAVE_NULL_CIPHER) |
185 | // defaultCipherList = "PSK-NULL-SHA256"; |
186 | //#else |
187 | // defaultCipherList = "PSK-AES128-CBC-SHA256"; |
188 | //#endif |
189 | // if (wolfSSL_CTX_set_cipher_list(ctx,defaultCipherList) != SSL_SUCCESS) |
190 | // err_sys("client can't set cipher list 2"); |
191 | // } |
192 | // useClientCert = 0; |
193 | // } |
194 | |
195 | // if (useAnon) { |
196 | // if (cipherList == NULL) { |
197 | // wolfSSL_CTX_allow_anon_cipher(ctx); |
198 | // if (wolfSSL_CTX_set_cipher_list(ctx,"ADH-AES128-SHA") != SSL_SUCCESS) |
199 | // err_sys("client can't set cipher list 4"); |
200 | // } |
201 | // useClientCert = 0; |
202 | // } |
203 | |
204 | //#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) |
205 | // wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); |
206 | //#endif |
207 | |
208 | // if (useOcsp) { |
209 | // if (ocspUrl != NULL) { |
210 | // wolfSSL_CTX_SetOCSP_OverrideURL(ctx, ocspUrl); |
211 | // wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_NO_NONCE |
212 | // | WOLFSSL_OCSP_URL_OVERRIDE); |
213 | // } |
214 | // else |
215 | // wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_NO_NONCE); |
216 | // } |
217 | // |
218 | //#ifdef USER_CA_CB |
219 | // wolfSSL_CTX_SetCACb(ctx, CaCb); |
220 | //#endif |
221 | // |
222 | //#ifdef VERIFY_CALLBACK |
223 | // wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myVerify); |
224 | //#endif |
225 | //#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) |
226 | // if (useClientCert) { |
227 | // if (wolfSSL_CTX_use_certificate_chain_file(ctx, ourCert) != SSL_SUCCESS) |
228 | // err_sys("can't load client cert file, check file and run from" |
229 | // " wolfSSL home dir"); |
230 | // if (wolfSSL_CTX_use_PrivateKey_file(ctx, ourKey, SSL_FILETYPE_PEM) != SSL_SUCCESS) |
231 | // err_sys("can't load client private key file, check file and run " |
232 | // "from wolfSSL home dir"); |
233 | // } |
234 | // |
235 | // if (!usePsk && !useAnon) { |
236 | // if (wolfSSL_CTX_load_verify_locations(ctx, verifyCert,0) != SSL_SUCCESS) |
237 | // err_sys("can't load ca file, Please run from wolfSSL home dir"); |
238 | //#ifdef HAVE_ECC |
239 | // /* load ecc verify too, echoserver uses it by default w/ ecc */ |
240 | // if (wolfSSL_CTX_load_verify_locations(ctx, eccCert, 0) != SSL_SUCCESS) |
241 | // err_sys("can't load ecc ca file, Please run from wolfSSL home dir"); |
242 | //#endif |
243 | // } |
244 | //#endif /* !NO_FILESYSTEM && !NO_CERTS */ |
245 | |
246 | //#if !defined(NO_CERTS) |
247 | // if (!usePsk && !useAnon && doPeerCheck == 0) |
248 | // wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); |
249 | // if (!usePsk && !useAnon && overrideDateErrors == 1) |
250 | // wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myDateCb); |
251 | //#endif |
252 | |
253 | wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); |
254 | |
255 | //#ifdef HAVE_SNI |
256 | // if (sniHostName) |
257 | // if (wolfSSL_CTX_UseSNI(ctx, 0, sniHostName, XSTRLEN(sniHostName)) != SSL_SUCCESS) |
258 | // err_sys("UseSNI failed"); |
259 | //#endif |
260 | |
261 | //#ifdef HAVE_MAX_FRAGMENT |
262 | // if (maxFragment) |
263 | // if (wolfSSL_CTX_UseMaxFragment(ctx, maxFragment) != SSL_SUCCESS) |
264 | // err_sys("UseMaxFragment failed"); |
265 | //#endif |
266 | //#ifdef HAVE_TRUNCATED_HMAC |
267 | // if (truncatedHMAC) |
268 | // if (wolfSSL_CTX_UseTruncatedHMAC(ctx) != SSL_SUCCESS) |
269 | // err_sys("UseTruncatedHMAC failed"); |
270 | //#endif |
271 | //#ifdef HAVE_SESSION_TICKET |
272 | // if (wolfSSL_CTX_UseSessionTicket(ctx) != SSL_SUCCESS) |
273 | // err_sys("UseSessionTicket failed"); |
274 | //#endif |
275 | |
276 | //#if defined(WOLFSSL_MDK_ARM) |
277 | // wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); |
278 | //#endif |
279 | |
280 | ssl = wolfSSL_new(ctx); |
281 | if (ssl == NULL) |
282 | err_sys("out of memory"); |
283 | |
284 | //#ifdef HAVE_SESSION_TICKET |
285 | // wolfSSL_set_SessionTicket_cb(ssl, sessionTicketCB, (void*)"initial session"); |
286 | //#endif |
287 | |
288 | // if (doDTLS) { |
289 | // SOCKADDR_IN_T addr; |
290 | // build_addr(&addr, host, port, 1); |
291 | // wolfSSL_dtls_set_peer(ssl, &addr, sizeof(addr)); |
292 | // tcp_socket(&sockfd, 1); |
293 | // } wlse { |
294 | // tcp_connect(&sockfd, host, port, 0); |
295 | // } |
296 | |
297 | //#ifdef HAVE_POLY1305 |
298 | // /* use old poly to connect with google server */ |
299 | // if (!XSTRNCMP(domain, "www.google.com", 14)) { |
300 | // if (wolfSSL_use_old_poly(ssl, 1) != 0) |
301 | // err_sys("unable to set to old poly"); |
302 | // } |
303 | //#endif |
304 | |
305 | wolfSSL_set_fd(ssl, sockfd); |
306 | |
307 | //#ifdef HAVE_CRL |
308 | // if (disableCRL == 0) { |
309 | // if (wolfSSL_EnableCRL(ssl, WOLFSSL_CRL_CHECKALL) != SSL_SUCCESS) |
310 | // err_sys("can't enable crl check"); |
311 | // if (wolfSSL_LoadCRL(ssl, crlPemDir, SSL_FILETYPE_PEM, 0) != SSL_SUCCESS) |
312 | // err_sys("can't load crl, check crlfile and date validity"); |
313 | // if (wolfSSL_SetCRL_Cb(ssl, CRL_CallBack) != SSL_SUCCESS) |
314 | // err_sys("can't set crl callback"); |
315 | // } |
316 | //#endif |
317 | //#ifdef HAVE_SECURE_RENEGOTIATION |
318 | // if (scr) { |
319 | // if (wolfSSL_UseSecureRenegotiation(ssl) != SSL_SUCCESS) |
320 | // err_sys("can't enable secure renegotiation"); |
321 | // } |
322 | //#endif |
323 | //#ifdef ATOMIC_USER |
324 | // if (atomicUser) |
325 | // SetupAtomicUser(ctx, ssl); |
326 | //#endif |
327 | //#ifdef HAVE_PK_CALLBACKS |
328 | // if (pkCallbacks) |
329 | // SetupPkCallbacks(ctx, ssl); |
330 | //#endif |
331 | // if (matchName && doPeerCheck) |
332 | // wolfSSL_check_domain_name(ssl, domain); |
333 | |
334 | if (wolfSSL_connect(ssl) != SSL_SUCCESS) { |
335 | // /* see note at top of README */ |
336 | // int err = wolfSSL_get_error(ssl, 0); |
337 | // char buffer[WOLFSSL_MAX_ERROR_SZ]; |
338 | // say("err = %d, %s\n", err, |
339 | // wolfSSL_ERR_error_string(err, buffer)); |
340 | err_sys("SSL_connect failed"); |
341 | } |
342 | // showPeer(ssl); |
343 | |
344 | //#ifdef HAVE_SECURE_RENEGOTIATION |
345 | // if (scr && forceScr) { |
346 | // if (wolfSSL_Rehandshake(ssl) != SSL_SUCCESS) { |
347 | // int err = wolfSSL_get_error(ssl, 0); |
348 | // char buffer[WOLFSSL_MAX_ERROR_SZ]; |
349 | // say("err = %d, %s\n", err, |
350 | // wolfSSL_ERR_error_string(err, buffer)); |
351 | // err_sys("wolfSSL_Rehandshake failed"); |
352 | // } |
353 | // } |
354 | //#endif |
355 | |
356 | return ssl; |
357 | } |
358 | |
359 | static struct pollfd pfd[2] = { |
360 | { -1, POLLIN|POLLERR|POLLHUP, 0 }, |
361 | { -1, POLLIN|POLLERR|POLLHUP, 0 }, |
362 | }; |
363 | #define STDIN pfd[0] |
364 | #define NETWORK pfd[1] |
365 | #define STDIN_READY() (pfd[0].revents & (POLLIN|POLLERR|POLLHUP)) |
366 | #define NETWORK_READY() (pfd[1].revents & (POLLIN|POLLERR|POLLHUP)) |
367 | |
368 | static void wait_for_input(void) |
369 | { |
370 | if (STDIN.fd == NETWORK.fd) /* means both are -1 */ |
371 | exit(0); |
372 | dbg("polling\n"); |
373 | STDIN.revents = NETWORK.revents = 0; |
374 | while (poll(pfd, 2, -1) < 0 && errno == EINTR) |
375 | continue; |
376 | } |
377 | |
378 | static void do_io_until_eof_and_exit(WOLFSSL *ssl, int fd) |
379 | { |
380 | int len; |
381 | char ibuf[4 * 1024]; |
382 | |
383 | NETWORK.fd = fd; |
384 | STDIN.fd = 0; |
385 | |
386 | len = 0; /* only to suppress compiler warning */ |
387 | for (;;) { |
388 | wait_for_input(); |
389 | |
390 | if (STDIN_READY()) { |
391 | dbg("reading stdin\n"); |
392 | len = read(STDIN_FILENO, ibuf, sizeof(ibuf)); |
393 | if (len < 0) |
394 | die("read error on stdin\n"); |
395 | if (len == 0) { |
396 | dbg("read len = 0, stdin not polled anymore\n"); |
397 | STDIN.fd = -1; |
398 | } else { |
399 | int n = wolfSSL_write(ssl, ibuf, len); |
400 | if (n != len) |
401 | die("SSL_write(%d) failed (returned %d)\n", len, n); |
402 | } |
403 | } |
404 | |
405 | if (NETWORK_READY()) { |
406 | dbg("%s%s%s\n", |
407 | (pfd[1].revents & POLLIN) ? "POLLIN" : "", |
408 | (pfd[1].revents & POLLERR) ? "|POLLERR" : "", |
409 | (pfd[1].revents & POLLHUP) ? "|POLLHUP" : "" |
410 | ); |
411 | /* We are using blocking socket here. |
412 | * (Nonblocking socket would complicate writing to it). |
413 | * Therefore, SSL_read _can block_ here. |
414 | * This is not what wget expects (it wants to see short reads). |
415 | * Therefore, we use smallish buffer here, to approximate that. |
416 | */ |
417 | len = wolfSSL_read(ssl, ibuf, |
418 | sizeof(ibuf) < 1024 ? sizeof(ibuf) : 1024 |
419 | ); |
420 | if (len < 0) |
421 | die("SSL_read error on network (%d)\n", len); |
422 | if (len > 0) { |
423 | int n; |
424 | n = full_write(STDOUT_FILENO, ibuf, len); |
425 | if (n != len) |
426 | die("write(%d) to stdout returned %d\n", len, n); |
427 | continue; |
428 | } |
429 | /* Blocking reads are easier wtr EOF detection (no EAGAIN error to check for) */ |
430 | dbg("read len = 0, network not polled anymore\n"); |
431 | NETWORK.fd = -1; |
432 | /* saw EOF on network, and we processed |
433 | * and wrote out all ssl data. Signal it: |
434 | */ |
435 | close(STDOUT_FILENO); |
436 | } |
437 | } |
438 | } |
439 | |
440 | int main(int argc, char **argv) |
441 | { |
442 | WOLFSSL *ssl; |
443 | int fd; |
444 | char *fd_str; |
445 | |
446 | if (!argv[1]) |
447 | die("Syntax error\n"); |
448 | if (argv[1][0] != '-') |
449 | die("Syntax error\n"); |
450 | if (argv[1][1] != 'd') |
451 | die("Syntax error\n"); |
452 | fd_str = argv[1] + 2; |
453 | if (!fd_str[0]) |
454 | fd_str = argv[2]; |
455 | if (!fd_str || fd_str[0] < '0' || fd_str[0] > '9') |
456 | die("Syntax error\n"); |
457 | |
458 | fd = atoi(fd_str); |
459 | if (fd < 3) |
460 | die("Syntax error\n"); |
461 | |
462 | ssl = prepare(fd); |
463 | do_io_until_eof_and_exit(ssl, fd); |
464 | /* does not return */ |
465 | |
466 | // if (doDTLS == 0) { /* don't send alert after "break" command */ |
467 | // ret = wolfSSL_shutdown(ssl); |
468 | // if (wc_shutdown && ret == SSL_SHUTDOWN_NOT_DONE) |
469 | // wolfSSL_shutdown(ssl); /* bidirectional shutdown */ |
470 | // } |
471 | //#ifdef ATOMIC_USER |
472 | // if (atomicUser) |
473 | // FreeAtomicUser(ssl); |
474 | //#endif |
475 | // wolfSSL_free(ssl); |
476 | // CloseSocket(sockfd); |
477 | // wolfSSL_CTX_free(ctx); |
478 | |
479 | return 0; |
480 | } |
481 |