diff options
author | Denys Vlasenko | 2017-01-20 14:27:58 +0100 |
---|---|---|
committer | Denys Vlasenko | 2017-01-20 14:27:58 +0100 |
commit | 19e695ebadda206d1e0fbefa59ed8fabee0d0f64 (patch) | |
tree | b1d2a94da61cc4bb41513bef067f738195938b1f /networking/tls.c | |
parent | a0aae9f71442366ec429657c437fd7dd815978fd (diff) | |
download | busybox-19e695ebadda206d1e0fbefa59ed8fabee0d0f64.zip busybox-19e695ebadda206d1e0fbefa59ed8fabee0d0f64.tar.gz |
tls: do not use common_bufsiz
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Diffstat (limited to 'networking/tls.c')
-rw-r--r-- | networking/tls.c | 23 |
1 files changed, 15 insertions, 8 deletions
diff --git a/networking/tls.c b/networking/tls.c index e037eba..2674997 100644 --- a/networking/tls.c +++ b/networking/tls.c @@ -23,7 +23,7 @@ //usage:#define tls_full_usage "\n\n" #include "tls.h" -#include "common_bufsiz.h" +//#include "common_bufsiz.h" #define TLS_DEBUG 1 #define TLS_DEBUG_HASH 1 @@ -677,7 +677,8 @@ static int xread_tls_block(tls_state_t *tls) again: dbg("insize:%u tail:%u\n", tls->insize, tls->tail); - memmove(tls->inbuf, tls->inbuf + tls->insize, tls->tail); + if (tls->tail != 0) + memmove(tls->inbuf, tls->inbuf + tls->insize, tls->tail); errno = 0; total = tls->tail; target = sizeof(tls->inbuf); @@ -702,7 +703,6 @@ static int xread_tls_block(tls_state_t *tls) /* "Abrupt" EOF, no TLS shutdown (seen from kernel.org) */ dbg("EOF (without TLS shutdown) from peer\n"); tls->tail = 0; - tls->insize = 0; goto end; } bb_perror_msg_and_die("short read, have only %d", total); @@ -1062,6 +1062,8 @@ static void send_client_hello(tls_state_t *tls) record->comprtypes_len = 1; record->comprtypes[0] = 0; +//TODO: send options, at least SNI. + dbg(">> CLIENT_HELLO\n"); xwrite_and_update_handshake_hash(tls, sizeof(*record)); } @@ -1453,6 +1455,9 @@ static void tls_xwrite(tls_state_t *tls, int len) // openssl req -x509 -newkey rsa:$((4096/4*3)) -keyout key.pem -out server.pem -nodes -days 99999 -subj '/CN=localhost' // openssl s_server -key key.pem -cert server.pem -debug -tls1_2 -no_tls1 -no_tls1_1 -cipher NULL // openssl s_client -connect 127.0.0.1:4433 -debug -tls1_2 -no_tls1 -no_tls1_1 -cipher NULL-SHA256 +// +// Talk to kernel.org: +// printf "GET / HTTP/1.1\r\nHost: kernel.org\r\n\r\n" | ./busybox tls kernel.org int tls_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE; int tls_main(int argc UNUSED_PARAM, char **argv) @@ -1478,8 +1483,8 @@ int tls_main(int argc UNUSED_PARAM, char **argv) FD_SET(cfd, &readfds); FD_SET(STDIN_FILENO, &readfds); -#define iobuf bb_common_bufsiz1 - setup_common_bufsiz(); +//#define iobuf bb_common_bufsiz1 +// setup_common_bufsiz(); for (;;) { int nread; @@ -1492,12 +1497,14 @@ int tls_main(int argc UNUSED_PARAM, char **argv) void *buf; dbg("STDIN HAS DATA\n"); - buf = tls_get_outbuf(tls, COMMON_BUFSIZE); - nread = safe_read(STDIN_FILENO, buf, COMMON_BUFSIZE); +//TODO: growable buffer + buf = tls_get_outbuf(tls, 4 * 1024); + nread = safe_read(STDIN_FILENO, buf, 4 * 1024); if (nread < 1) { //&& errno != EAGAIN /* Close outgoing half-connection so they get EOF, * but leave incoming alone so we can see response */ +//TLS has no way to encode this, doubt it's ok to do it "raw" // shutdown(cfd, SHUT_WR); FD_CLR(STDIN_FILENO, &readfds); } @@ -1507,7 +1514,7 @@ int tls_main(int argc UNUSED_PARAM, char **argv) dbg("NETWORK HAS DATA\n"); nread = xread_tls_block(tls); if (nread < 1) -//if eof, just close stdout, but not exit! +//TODO: if eof, just close stdout, but not exit! return EXIT_SUCCESS; xwrite(STDOUT_FILENO, tls->inbuf + RECHDR_LEN, nread); } |