2014-12-11 00:09:52 +00:00
|
|
|
/* Copyright (c) 2014, Google Inc.
|
|
|
|
*
|
|
|
|
* Permission to use, copy, modify, and/or distribute this software for any
|
|
|
|
* purpose with or without fee is hereby granted, provided that the above
|
|
|
|
* copyright notice and this permission notice appear in all copies.
|
|
|
|
*
|
|
|
|
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
|
|
|
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
|
|
|
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
|
|
|
|
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
|
|
|
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
|
|
|
|
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
|
|
|
|
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
|
|
|
|
|
|
|
|
#include <openssl/base.h>
|
|
|
|
|
|
|
|
#include <string>
|
|
|
|
#include <vector>
|
|
|
|
|
|
|
|
#include <errno.h>
|
2015-03-28 07:12:01 +00:00
|
|
|
#include <stddef.h>
|
2015-04-20 16:32:12 +01:00
|
|
|
#include <stdlib.h>
|
2015-01-31 01:08:37 +00:00
|
|
|
#include <string.h>
|
2014-12-11 00:09:52 +00:00
|
|
|
#include <sys/types.h>
|
|
|
|
|
|
|
|
#if !defined(OPENSSL_WINDOWS)
|
|
|
|
#include <arpa/inet.h>
|
|
|
|
#include <fcntl.h>
|
|
|
|
#include <netdb.h>
|
|
|
|
#include <netinet/in.h>
|
|
|
|
#include <sys/select.h>
|
2015-01-28 06:32:08 +00:00
|
|
|
#include <sys/socket.h>
|
2014-12-11 00:09:52 +00:00
|
|
|
#include <unistd.h>
|
|
|
|
#else
|
2015-01-28 06:32:08 +00:00
|
|
|
#include <io.h>
|
2015-01-29 00:20:02 +00:00
|
|
|
#pragma warning(push, 3)
|
2015-03-20 23:32:23 +00:00
|
|
|
#include <winsock2.h>
|
|
|
|
#include <ws2tcpip.h>
|
2015-01-29 00:20:02 +00:00
|
|
|
#pragma warning(pop)
|
|
|
|
|
2015-01-28 06:32:08 +00:00
|
|
|
typedef int ssize_t;
|
|
|
|
#pragma comment(lib, "Ws2_32.lib")
|
2014-12-11 00:09:52 +00:00
|
|
|
#endif
|
|
|
|
|
|
|
|
#include <openssl/err.h>
|
|
|
|
#include <openssl/ssl.h>
|
2016-04-06 20:47:28 +01:00
|
|
|
#include <openssl/x509.h>
|
2014-12-11 00:09:52 +00:00
|
|
|
|
|
|
|
#include "internal.h"
|
2016-03-19 00:28:36 +00:00
|
|
|
#include "transport_common.h"
|
2014-12-11 00:09:52 +00:00
|
|
|
|
|
|
|
|
2015-01-28 06:32:08 +00:00
|
|
|
#if !defined(OPENSSL_WINDOWS)
|
|
|
|
static int closesocket(int sock) {
|
|
|
|
return close(sock);
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
|
|
|
bool InitSocketLibrary() {
|
|
|
|
#if defined(OPENSSL_WINDOWS)
|
|
|
|
WSADATA wsaData;
|
|
|
|
int err = WSAStartup(MAKEWORD(2, 2), &wsaData);
|
|
|
|
if (err != 0) {
|
|
|
|
fprintf(stderr, "WSAStartup failed with error %d\n", err);
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
2014-12-11 00:09:52 +00:00
|
|
|
// Connect sets |*out_sock| to be a socket connected to the destination given
|
|
|
|
// in |hostname_and_port|, which should be of the form "www.example.com:123".
|
|
|
|
// It returns true on success and false otherwise.
|
|
|
|
bool Connect(int *out_sock, const std::string &hostname_and_port) {
|
|
|
|
const size_t colon_offset = hostname_and_port.find_last_of(':');
|
|
|
|
std::string hostname, port;
|
|
|
|
|
|
|
|
if (colon_offset == std::string::npos) {
|
|
|
|
hostname = hostname_and_port;
|
|
|
|
port = "443";
|
|
|
|
} else {
|
|
|
|
hostname = hostname_and_port.substr(0, colon_offset);
|
|
|
|
port = hostname_and_port.substr(colon_offset + 1);
|
|
|
|
}
|
|
|
|
|
|
|
|
struct addrinfo hint, *result;
|
|
|
|
memset(&hint, 0, sizeof(hint));
|
|
|
|
hint.ai_family = AF_UNSPEC;
|
|
|
|
hint.ai_socktype = SOCK_STREAM;
|
|
|
|
|
|
|
|
int ret = getaddrinfo(hostname.c_str(), port.c_str(), &hint, &result);
|
|
|
|
if (ret != 0) {
|
|
|
|
fprintf(stderr, "getaddrinfo returned: %s\n", gai_strerror(ret));
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
bool ok = false;
|
|
|
|
char buf[256];
|
|
|
|
|
|
|
|
*out_sock =
|
|
|
|
socket(result->ai_family, result->ai_socktype, result->ai_protocol);
|
|
|
|
if (*out_sock < 0) {
|
|
|
|
perror("socket");
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
|
|
|
switch (result->ai_family) {
|
|
|
|
case AF_INET: {
|
|
|
|
struct sockaddr_in *sin =
|
|
|
|
reinterpret_cast<struct sockaddr_in *>(result->ai_addr);
|
|
|
|
fprintf(stderr, "Connecting to %s:%d\n",
|
|
|
|
inet_ntop(result->ai_family, &sin->sin_addr, buf, sizeof(buf)),
|
|
|
|
ntohs(sin->sin_port));
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
case AF_INET6: {
|
|
|
|
struct sockaddr_in6 *sin6 =
|
|
|
|
reinterpret_cast<struct sockaddr_in6 *>(result->ai_addr);
|
|
|
|
fprintf(stderr, "Connecting to [%s]:%d\n",
|
|
|
|
inet_ntop(result->ai_family, &sin6->sin6_addr, buf, sizeof(buf)),
|
|
|
|
ntohs(sin6->sin6_port));
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (connect(*out_sock, result->ai_addr, result->ai_addrlen) != 0) {
|
|
|
|
perror("connect");
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
ok = true;
|
|
|
|
|
|
|
|
out:
|
|
|
|
freeaddrinfo(result);
|
|
|
|
return ok;
|
|
|
|
}
|
|
|
|
|
|
|
|
bool Accept(int *out_sock, const std::string &port) {
|
2015-09-29 03:45:54 +01:00
|
|
|
struct sockaddr_in6 addr, cli_addr;
|
2014-12-11 00:09:52 +00:00
|
|
|
socklen_t cli_addr_len = sizeof(cli_addr);
|
|
|
|
memset(&addr, 0, sizeof(addr));
|
|
|
|
|
2015-09-29 03:45:54 +01:00
|
|
|
addr.sin6_family = AF_INET6;
|
|
|
|
addr.sin6_addr = in6addr_any;
|
|
|
|
addr.sin6_port = htons(atoi(port.c_str()));
|
2014-12-11 00:09:52 +00:00
|
|
|
|
|
|
|
bool ok = false;
|
|
|
|
int server_sock = -1;
|
|
|
|
|
|
|
|
server_sock =
|
2015-09-29 03:45:54 +01:00
|
|
|
socket(addr.sin6_family, SOCK_STREAM, 0);
|
2014-12-11 00:09:52 +00:00
|
|
|
if (server_sock < 0) {
|
|
|
|
perror("socket");
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (bind(server_sock, (struct sockaddr*)&addr, sizeof(addr)) != 0) {
|
|
|
|
perror("connect");
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
listen(server_sock, 1);
|
|
|
|
*out_sock = accept(server_sock, (struct sockaddr*)&cli_addr, &cli_addr_len);
|
|
|
|
|
|
|
|
ok = true;
|
|
|
|
|
|
|
|
out:
|
2015-01-28 06:32:08 +00:00
|
|
|
closesocket(server_sock);
|
2014-12-11 00:09:52 +00:00
|
|
|
return ok;
|
|
|
|
}
|
|
|
|
|
|
|
|
void PrintConnectionInfo(const SSL *ssl) {
|
|
|
|
const SSL_CIPHER *cipher = SSL_get_current_cipher(ssl);
|
|
|
|
|
|
|
|
fprintf(stderr, " Version: %s\n", SSL_get_version(ssl));
|
2015-08-28 20:08:34 +01:00
|
|
|
fprintf(stderr, " Resumed session: %s\n",
|
|
|
|
SSL_session_reused(ssl) ? "yes" : "no");
|
2014-12-11 00:09:52 +00:00
|
|
|
fprintf(stderr, " Cipher: %s\n", SSL_CIPHER_get_name(cipher));
|
2015-12-19 19:23:26 +00:00
|
|
|
if (SSL_CIPHER_is_ECDHE(cipher)) {
|
|
|
|
fprintf(stderr, " ECDHE curve: %s\n",
|
|
|
|
SSL_get_curve_name(
|
|
|
|
SSL_SESSION_get_key_exchange_info(SSL_get_session(ssl))));
|
|
|
|
}
|
2014-12-11 00:09:52 +00:00
|
|
|
fprintf(stderr, " Secure renegotiation: %s\n",
|
|
|
|
SSL_get_secure_renegotiation_support(ssl) ? "yes" : "no");
|
2016-05-31 21:15:04 +01:00
|
|
|
fprintf(stderr, " Extended master secret: %s\n",
|
|
|
|
SSL_get_extms_support(ssl) ? "yes" : "no");
|
2015-03-23 23:01:33 +00:00
|
|
|
|
|
|
|
const uint8_t *next_proto;
|
|
|
|
unsigned next_proto_len;
|
|
|
|
SSL_get0_next_proto_negotiated(ssl, &next_proto, &next_proto_len);
|
|
|
|
fprintf(stderr, " Next protocol negotiated: %.*s\n", next_proto_len,
|
|
|
|
next_proto);
|
|
|
|
|
|
|
|
const uint8_t *alpn;
|
|
|
|
unsigned alpn_len;
|
|
|
|
SSL_get0_alpn_selected(ssl, &alpn, &alpn_len);
|
|
|
|
fprintf(stderr, " ALPN protocol: %.*s\n", alpn_len, alpn);
|
2016-04-06 20:47:28 +01:00
|
|
|
|
|
|
|
// Print the server cert subject and issuer names.
|
|
|
|
X509 *peer = SSL_get_peer_certificate(ssl);
|
|
|
|
if (peer != NULL) {
|
|
|
|
fprintf(stderr, " Cert subject: ");
|
|
|
|
X509_NAME_print_ex_fp(stderr, X509_get_subject_name(peer), 0,
|
|
|
|
XN_FLAG_ONELINE);
|
|
|
|
fprintf(stderr, "\n Cert issuer: ");
|
|
|
|
X509_NAME_print_ex_fp(stderr, X509_get_issuer_name(peer), 0,
|
|
|
|
XN_FLAG_ONELINE);
|
|
|
|
fprintf(stderr, "\n");
|
|
|
|
X509_free(peer);
|
|
|
|
}
|
2014-12-11 00:09:52 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
bool SocketSetNonBlocking(int sock, bool is_non_blocking) {
|
|
|
|
bool ok;
|
|
|
|
|
|
|
|
#if defined(OPENSSL_WINDOWS)
|
|
|
|
u_long arg = is_non_blocking;
|
2015-01-28 06:32:08 +00:00
|
|
|
ok = 0 == ioctlsocket(sock, FIONBIO, &arg);
|
2014-12-11 00:09:52 +00:00
|
|
|
#else
|
|
|
|
int flags = fcntl(sock, F_GETFL, 0);
|
|
|
|
if (flags < 0) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
if (is_non_blocking) {
|
|
|
|
flags |= O_NONBLOCK;
|
|
|
|
} else {
|
|
|
|
flags &= ~O_NONBLOCK;
|
|
|
|
}
|
|
|
|
ok = 0 == fcntl(sock, F_SETFL, flags);
|
|
|
|
#endif
|
|
|
|
if (!ok) {
|
|
|
|
fprintf(stderr, "Failed to set socket non-blocking.\n");
|
|
|
|
}
|
|
|
|
return ok;
|
|
|
|
}
|
|
|
|
|
|
|
|
// PrintErrorCallback is a callback function from OpenSSL's
|
|
|
|
// |ERR_print_errors_cb| that writes errors to a given |FILE*|.
|
|
|
|
int PrintErrorCallback(const char *str, size_t len, void *ctx) {
|
|
|
|
fwrite(str, len, 1, reinterpret_cast<FILE*>(ctx));
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
bool TransferData(SSL *ssl, int sock) {
|
|
|
|
bool stdin_open = true;
|
|
|
|
|
|
|
|
fd_set read_fds;
|
|
|
|
FD_ZERO(&read_fds);
|
|
|
|
|
|
|
|
if (!SocketSetNonBlocking(sock, true)) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
for (;;) {
|
|
|
|
if (stdin_open) {
|
|
|
|
FD_SET(0, &read_fds);
|
|
|
|
}
|
|
|
|
FD_SET(sock, &read_fds);
|
|
|
|
|
|
|
|
int ret = select(sock + 1, &read_fds, NULL, NULL, NULL);
|
|
|
|
if (ret <= 0) {
|
|
|
|
perror("select");
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (FD_ISSET(0, &read_fds)) {
|
|
|
|
uint8_t buffer[512];
|
|
|
|
ssize_t n;
|
|
|
|
|
|
|
|
do {
|
2016-05-19 16:49:59 +01:00
|
|
|
n = BORINGSSL_READ(0, buffer, sizeof(buffer));
|
2014-12-11 00:09:52 +00:00
|
|
|
} while (n == -1 && errno == EINTR);
|
|
|
|
|
|
|
|
if (n == 0) {
|
|
|
|
FD_CLR(0, &read_fds);
|
|
|
|
stdin_open = false;
|
2015-01-28 06:32:08 +00:00
|
|
|
#if !defined(OPENSSL_WINDOWS)
|
2014-12-11 00:09:52 +00:00
|
|
|
shutdown(sock, SHUT_WR);
|
2015-01-28 06:32:08 +00:00
|
|
|
#else
|
|
|
|
shutdown(sock, SD_SEND);
|
|
|
|
#endif
|
2014-12-11 00:09:52 +00:00
|
|
|
continue;
|
|
|
|
} else if (n < 0) {
|
|
|
|
perror("read from stdin");
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!SocketSetNonBlocking(sock, false)) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
int ssl_ret = SSL_write(ssl, buffer, n);
|
|
|
|
if (!SocketSetNonBlocking(sock, true)) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (ssl_ret <= 0) {
|
|
|
|
int ssl_err = SSL_get_error(ssl, ssl_ret);
|
|
|
|
fprintf(stderr, "Error while writing: %d\n", ssl_err);
|
|
|
|
ERR_print_errors_cb(PrintErrorCallback, stderr);
|
|
|
|
return false;
|
|
|
|
} else if (ssl_ret != n) {
|
|
|
|
fprintf(stderr, "Short write from SSL_write.\n");
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (FD_ISSET(sock, &read_fds)) {
|
|
|
|
uint8_t buffer[512];
|
|
|
|
int ssl_ret = SSL_read(ssl, buffer, sizeof(buffer));
|
|
|
|
|
|
|
|
if (ssl_ret < 0) {
|
|
|
|
int ssl_err = SSL_get_error(ssl, ssl_ret);
|
|
|
|
if (ssl_err == SSL_ERROR_WANT_READ) {
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
fprintf(stderr, "Error while reading: %d\n", ssl_err);
|
|
|
|
ERR_print_errors_cb(PrintErrorCallback, stderr);
|
|
|
|
return false;
|
|
|
|
} else if (ssl_ret == 0) {
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
ssize_t n;
|
|
|
|
do {
|
2016-05-19 16:49:59 +01:00
|
|
|
n = BORINGSSL_WRITE(1, buffer, ssl_ret);
|
2014-12-11 00:09:52 +00:00
|
|
|
} while (n == -1 && errno == EINTR);
|
|
|
|
|
|
|
|
if (n != ssl_ret) {
|
|
|
|
fprintf(stderr, "Short write to stderr.\n");
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|