0c35aa430fce4e50e8ec1f08fb712ce71c21aacf
2 * Copyright (c) 2016 Thomas Pornin <pornin@bolet.org>
4 * Permission is hereby granted, free of charge, to any person obtaining
5 * a copy of this software and associated documentation files (the
6 * "Software"), to deal in the Software without restriction, including
7 * without limitation the rights to use, copy, modify, merge, publish,
8 * distribute, sublicense, and/or sell copies of the Software, and to
9 * permit persons to whom the Software is furnished to do so, subject to
10 * the following conditions:
12 * The above copyright notice and this permission notice shall be
13 * included in all copies or substantial portions of the Software.
15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
19 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
20 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
21 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
31 #include <sys/types.h>
32 #include <sys/socket.h>
34 #include <netinet/in.h>
35 #include <arpa/inet.h>
44 dump_blob(const char *name
, const void *data
, size_t len
)
46 const unsigned char *buf
;
50 fprintf(stderr
, "%s (len = %lu)", name
, (unsigned long)len
);
51 for (u
= 0; u
< len
; u
++) {
53 fprintf(stderr
, "\n%08lX ", (unsigned long)u
);
54 } else if ((u
& 7) == 0) {
57 fprintf(stderr
, " %02x", buf
[u
]);
59 fprintf(stderr
, "\n");
63 * Inspect the provided data in case it is a "command" to trigger a
64 * special behaviour. If the command is recognised, then it is executed
65 * and this function returns 1. Otherwise, this function returns 0.
68 run_command(br_ssl_engine_context
*cc
, unsigned char *buf
, size_t len
)
70 if (len
< 2 || len
> 3) {
73 if (len
== 3 && (buf
[1] != '\r' || buf
[2] != '\n')) {
76 if (len
== 2 && buf
[1] != '\n') {
81 fprintf(stderr
, "closing...\n");
82 br_ssl_engine_close(cc
);
85 if (br_ssl_engine_renegotiate(cc
)) {
86 fprintf(stderr
, "renegotiating...\n");
88 fprintf(stderr
, "not renegotiating.\n");
93 * Session forget is nominally client-only. But the
94 * session parameters are in the engine structure, which
95 * is the first field of the client context, so the cast
96 * still works properly. On the server, this forgetting
99 fprintf(stderr
, "forgetting session...\n");
100 br_ssl_client_forget_session((br_ssl_client_context
*)cc
);
109 run_ssl_engine(br_ssl_engine_context
*cc
, int fd
, unsigned flags
)
118 verbose
= (flags
& RUN_ENGINE_VERBOSE
) != 0;
119 trace
= (flags
& RUN_ENGINE_TRACE
) != 0;
122 * Make sure that stdin and stdout are non-blocking.
124 fcntl(0, F_SETFL
, O_NONBLOCK
);
125 fcntl(1, F_SETFL
, O_NONBLOCK
);
132 int sendrec
, recvrec
, sendapp
, recvapp
;
133 struct pollfd pfd
[3];
135 size_t u
, k_fd
, k_in
, k_out
;
138 * Get current engine state.
140 st
= br_ssl_engine_current_state(cc
);
141 if (st
== BR_SSL_CLOSED
) {
144 err
= br_ssl_engine_last_error(cc
);
145 if (err
== BR_ERR_OK
) {
148 "SSL closed normally\n");
153 fprintf(stderr
, "ERROR: SSL error %d", err
);
155 if (err
>= BR_ERR_SEND_FATAL_ALERT
) {
156 err
-= BR_ERR_SEND_FATAL_ALERT
;
158 " (sent alert %d)\n", err
);
159 } else if (err
>= BR_ERR_RECV_FATAL_ALERT
) {
160 err
-= BR_ERR_RECV_FATAL_ALERT
;
162 " (received alert %d)\n", err
);
166 ename
= find_error_name(err
, NULL
);
170 fprintf(stderr
, " (%s)\n", ename
);
177 * Compute descriptors that must be polled, depending
180 sendrec
= ((st
& BR_SSL_SENDREC
) != 0);
181 recvrec
= ((st
& BR_SSL_RECVREC
) != 0);
182 sendapp
= ((st
& BR_SSL_SENDAPP
) != 0);
183 recvapp
= ((st
& BR_SSL_RECVAPP
) != 0);
184 if (verbose
&& sendapp
&& !hsdetails
) {
187 fprintf(stderr
, "Handshake completed\n");
188 fprintf(stderr
, " version: ");
189 switch (cc
->session
.version
) {
191 fprintf(stderr
, "SSL 3.0");
194 fprintf(stderr
, "TLS 1.0");
197 fprintf(stderr
, "TLS 1.1");
200 fprintf(stderr
, "TLS 1.2");
203 fprintf(stderr
, "unknown (0x%04X)",
204 (unsigned)cc
->session
.version
);
207 fprintf(stderr
, "\n");
209 cc
->session
.cipher_suite
, csn
, sizeof csn
);
210 fprintf(stderr
, " cipher suite: %s\n", csn
);
211 fprintf(stderr
, " secure renegotiation: %s\n",
212 cc
->reneg
== 1 ? "no" : "yes");
221 if (sendrec
|| recvrec
) {
226 pfd
[u
].events
|= POLLOUT
;
229 pfd
[u
].events
|= POLLIN
;
237 pfd
[u
].events
= POLLIN
;
244 pfd
[u
].events
= POLLOUT
;
248 n
= poll(pfd
, u
, -1);
250 if (errno
== EINTR
) {
253 perror("ERROR: poll()");
262 * We transform closures/errors into read+write accesses
263 * so as to force the read() or write() call that will
264 * detect the situation.
267 if (pfd
[u
].revents
& (POLLERR
| POLLHUP
)) {
268 pfd
[u
].revents
|= POLLIN
| POLLOUT
;
273 * We give preference to outgoing data, on stdout and on
277 if (pfd
[k_out
].revents
& POLLOUT
) {
282 buf
= br_ssl_engine_recvapp_buf(cc
, &len
);
283 wlen
= write(1, buf
, len
);
287 "stdout closed...\n");
292 br_ssl_engine_recvapp_ack(cc
, wlen
);
297 if (pfd
[k_fd
].revents
& POLLOUT
) {
302 buf
= br_ssl_engine_sendrec_buf(cc
, &len
);
303 wlen
= write(fd
, buf
, len
);
307 "socket closed...\n");
313 dump_blob("Outgoing bytes", buf
, wlen
);
315 br_ssl_engine_sendrec_ack(cc
, wlen
);
320 if (pfd
[k_fd
].revents
& POLLIN
) {
325 buf
= br_ssl_engine_recvrec_buf(cc
, &len
);
326 rlen
= read(fd
, buf
, len
);
330 "socket closed...\n");
336 dump_blob("Incoming bytes", buf
, rlen
);
338 br_ssl_engine_recvrec_ack(cc
, rlen
);
343 if (pfd
[k_in
].revents
& POLLIN
) {
348 buf
= br_ssl_engine_sendapp_buf(cc
, &len
);
349 rlen
= read(0, buf
, len
);
353 "stdin closed...\n");
355 br_ssl_engine_close(cc
);
356 } else if (!run_command(cc
, buf
, rlen
)) {
357 br_ssl_engine_sendapp_ack(cc
, rlen
);
359 br_ssl_engine_flush(cc
, 0);
364 /* We should never reach that point. */
365 fprintf(stderr
, "ERROR: poll() misbehaves\n");
371 * Release allocated structures.