kris
/
boringssl
1
0
Форкнуть 0
Код Задачи 0 Pull Request'ы 0 Релизы 0 Вики Активность
Вы не можете выбрать более 25 тем Темы должны начинаться с буквы или цифры, могут содержать дефисы(-) и должны содержать не более 35 символов.
3240 коммитов
12 Ветки
38 MiB
Дерево: e63d9d7625
Ветки Теги
${ item.name }
Создать ветку ${ searchTerm }
из 'e63d9d7625'
${ noResults }
boringssl/tool/transport_common.cc

transport_common.cc 16 KiB
Исходник Обычный вид История

Add the ability to run a server from the command line tool. Change-Id: Ia8588aeaad8b44a6a306d7d5bfecc895adde1910
10 лет назад
Support “-starttls smtp” in `bssl client` This change adds support for doing an SMTP STARTTLS dance before a TLS handshake when using the tool. This is useful for poking at SMTP servers. Change-Id: I04cd60d02d3377cce83e412d62e3257235a19116 Reviewed-on: https://boringssl-review.googlesource.com/8662 Reviewed-by: David Benjamin <davidben@google.com>
8 лет назад
Eliminate unnecessary includes from low-level crypto modules. Beyond generally eliminating unnecessary includes, eliminate as many includes of headers that declare/define particularly error-prone functionality like strlen, malloc, and free. crypto/err/internal.h was added to remove the dependency on openssl/thread.h from the public openssl/err.h header. The include of <stdlib.h> in openssl/mem.h was retained since it defines OPENSSL_malloc and friends as macros around the stdlib.h functions. The public x509.h, x509v3.h, and ssl.h headers were not changed in order to minimize breakage of source compatibility with external code. Change-Id: I0d264b73ad0a720587774430b2ab8f8275960329 Reviewed-on: https://boringssl-review.googlesource.com/4220 Reviewed-by: Adam Langley <agl@google.com>
9 лет назад
Fix standalone build on Mac. CRYPTO_MUTEX was the wrong size. Fortunately, Apple was kind enough to define pthread_rwlock_t unconditionally, so we can be spared fighting with feature macros. Some of the stdlib.h removals were wrong and clang is pick about multiply-defined typedefs. Apparently that's a C11 thing? BUG=478598 Change-Id: Ibdcb8de9e5d83ca28e4c55b2979177d1ef0f9721 Reviewed-on: https://boringssl-review.googlesource.com/4404 Reviewed-by: Adam Langley <agl@google.com>
9 лет назад
Remove string.h from base.h. Including string.h in base.h causes any file that includes a BoringSSL header to include string.h. Generally this wouldn't be a problem, although string.h might slow down the compile if it wasn't otherwise needed. However, it also causes problems for ipsec-tools in Android because OpenSSL didn't have this behaviour. This change removes string.h from base.h and, instead, adds it to each .c file that requires it. Change-Id: I5968e50b0e230fd3adf9b72dd2836e6f52d6fb37 Reviewed-on: https://boringssl-review.googlesource.com/3200 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
9 лет назад
Add the ability to run a server from the command line tool. Change-Id: Ia8588aeaad8b44a6a306d7d5bfecc895adde1910
10 лет назад
Enable bssl client/s_client and server/s_server on Windows. Change-Id: Iea9bd25176724b56ebb21bded6925f5d30176548 Reviewed-on: https://boringssl-review.googlesource.com/3071 Reviewed-by: Adam Langley <agl@google.com>
9 лет назад
Add the ability to run a server from the command line tool. Change-Id: Ia8588aeaad8b44a6a306d7d5bfecc895adde1910
10 лет назад
Enable bssl client/s_client and server/s_server on Windows. Change-Id: Iea9bd25176724b56ebb21bded6925f5d30176548 Reviewed-on: https://boringssl-review.googlesource.com/3071 Reviewed-by: Adam Langley <agl@google.com>
9 лет назад
Wrap MSVC-only warning pragmas in a macro. There's a __pragma expression which allows this. Android builds us Windows with MinGW for some reason, so we actually do have to tolerate non-MSVC-compatible Windows compilers. (Clang for Windows is much more sensible than MinGW and intentionally mimicks MSVC.) MinGW doesn't understand MSVC's pragmas and warns a lot. #pragma warning is safe to suppress, so wrap those to shush them. This also lets us do away with a few ifdefs. Change-Id: I1f5a8bec4940d4b2d947c4c1cc9341bc15ec4972 Reviewed-on: https://boringssl-review.googlesource.com/8236 Reviewed-by: Adam Langley <agl@google.com>
8 лет назад
Lowercase some Windows headers. MinGW on Linux needs lowercase include files. On Windows this doesn't matter since the filesystems are case-insensitive, but building BoringSSL on Linux with MinGW has case-sensitive filesystems. Change-Id: Id9c120d819071b041341fbb978352812d6d073bc Reviewed-on: https://boringssl-review.googlesource.com/4090 Reviewed-by: Adam Langley <agl@google.com>
9 лет назад
Wrap MSVC-only warning pragmas in a macro. There's a __pragma expression which allows this. Android builds us Windows with MinGW for some reason, so we actually do have to tolerate non-MSVC-compatible Windows compilers. (Clang for Windows is much more sensible than MinGW and intentionally mimicks MSVC.) MinGW doesn't understand MSVC's pragmas and warns a lot. #pragma warning is safe to suppress, so wrap those to shush them. This also lets us do away with a few ifdefs. Change-Id: I1f5a8bec4940d4b2d947c4c1cc9341bc15ec4972 Reviewed-on: https://boringssl-review.googlesource.com/8236 Reviewed-by: Adam Langley <agl@google.com>
8 лет назад
Enable more warnings & treat warnings as errors on Windows. Change-Id: I2bf0144aaa8b670ff00b8e8dfe36bd4d237b9a8a Reviewed-on: https://boringssl-review.googlesource.com/3140 Reviewed-by: Adam Langley <agl@google.com>
9 лет назад
Enable bssl client/s_client and server/s_server on Windows. Change-Id: Iea9bd25176724b56ebb21bded6925f5d30176548 Reviewed-on: https://boringssl-review.googlesource.com/3071 Reviewed-by: Adam Langley <agl@google.com>
9 лет назад
Add the ability to run a server from the command line tool. Change-Id: Ia8588aeaad8b44a6a306d7d5bfecc895adde1910
10 лет назад
Modify 'bssl client' to print the cert subject and issuer This is the one piece of functionality I miss from the openssl tool - the ability to see some basic information about the server cert. Sample output: ========== $ bssl client -connect www.google.com Connecting to [2607:f8b0:4006:80d::1010]:443 Connected. Version: TLSv1.2 Resumed session: no Cipher: ECDHE-RSA-AES128-GCM-SHA256 ECDHE curve: P-256 Secure renegotiation: yes Next protocol negotiated: ALPN protocol: Cert subject: /C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com Cert issuer: /C=US/O=Google Inc/CN=Google Internet Authority G2 ========== Change-Id: I758682784752a616628138e420f52586d5a1bb31 Reviewed-on: https://boringssl-review.googlesource.com/7620 Reviewed-by: David Benjamin <davidben@google.com>
8 лет назад
Add the ability to run a server from the command line tool. Change-Id: Ia8588aeaad8b44a6a306d7d5bfecc895adde1910
10 лет назад
Add missing internal includes. Partially fixes build with -Wmissing-prototypes -Wmissing-declarations. Change-Id: I51209c30f532899f57cfdd9a50cff0a8ee3da5b5 Signed-off-by: Piotr Sikora <piotrsikora@google.com> Reviewed-on: https://boringssl-review.googlesource.com/7512 Reviewed-by: David Benjamin <davidben@google.com>
8 лет назад
Add the ability to run a server from the command line tool. Change-Id: Ia8588aeaad8b44a6a306d7d5bfecc895adde1910
10 лет назад
Enable bssl client/s_client and server/s_server on Windows. Change-Id: Iea9bd25176724b56ebb21bded6925f5d30176548 Reviewed-on: https://boringssl-review.googlesource.com/3071 Reviewed-by: Adam Langley <agl@google.com>
9 лет назад
Add the ability to run a server from the command line tool. Change-Id: Ia8588aeaad8b44a6a306d7d5bfecc895adde1910
10 лет назад
Handle IPv6 literals in bssl client. With IPv6, splitting a colon-separated host/port becomes more complicated. Change-Id: I5073a5cbaa0714f2f8b9c837bb0809dd20304a3c Reviewed-on: https://boringssl-review.googlesource.com/8441 Reviewed-by: Adam Langley <agl@google.com>
8 лет назад
Add the ability to run a server from the command line tool. Change-Id: Ia8588aeaad8b44a6a306d7d5bfecc895adde1910
10 лет назад
Handle IPv6 literals in bssl client. With IPv6, splitting a colon-separated host/port becomes more complicated. Change-Id: I5073a5cbaa0714f2f8b9c837bb0809dd20304a3c Reviewed-on: https://boringssl-review.googlesource.com/8441 Reviewed-by: Adam Langley <agl@google.com>
8 лет назад
Add the ability to run a server from the command line tool. Change-Id: Ia8588aeaad8b44a6a306d7d5bfecc895adde1910
10 лет назад
Handle IPv6 literals in bssl client. With IPv6, splitting a colon-separated host/port becomes more complicated. Change-Id: I5073a5cbaa0714f2f8b9c837bb0809dd20304a3c Reviewed-on: https://boringssl-review.googlesource.com/8441 Reviewed-by: Adam Langley <agl@google.com>
8 лет назад
Add the ability to run a server from the command line tool. Change-Id: Ia8588aeaad8b44a6a306d7d5bfecc895adde1910
10 лет назад
Better handle IPv6. ∙ host:port parsing, where unavoidable, is now IPv6-friendly. ∙ |BIO_C_GET_CONNECT| is simply removed. ∙ bssl -accept now listens on both IPv6 and IPv4. Change-Id: I1cbd8a79c0199bab3ced4c4fd79d2cc5240f250c Reviewed-on: https://boringssl-review.googlesource.com/6214 Reviewed-by: Adam Langley <alangley@gmail.com>
9 лет назад
Add the ability to run a server from the command line tool. Change-Id: Ia8588aeaad8b44a6a306d7d5bfecc895adde1910
10 лет назад
Better handle IPv6. ∙ host:port parsing, where unavoidable, is now IPv6-friendly. ∙ |BIO_C_GET_CONNECT| is simply removed. ∙ bssl -accept now listens on both IPv6 and IPv4. Change-Id: I1cbd8a79c0199bab3ced4c4fd79d2cc5240f250c Reviewed-on: https://boringssl-review.googlesource.com/6214 Reviewed-by: Adam Langley <alangley@gmail.com>
9 лет назад
Add the ability to run a server from the command line tool. Change-Id: Ia8588aeaad8b44a6a306d7d5bfecc895adde1910
10 лет назад
Better handle IPv6. ∙ host:port parsing, where unavoidable, is now IPv6-friendly. ∙ |BIO_C_GET_CONNECT| is simply removed. ∙ bssl -accept now listens on both IPv6 and IPv4. Change-Id: I1cbd8a79c0199bab3ced4c4fd79d2cc5240f250c Reviewed-on: https://boringssl-review.googlesource.com/6214 Reviewed-by: Adam Langley <alangley@gmail.com>
9 лет назад
Add the ability to run a server from the command line tool. Change-Id: Ia8588aeaad8b44a6a306d7d5bfecc895adde1910
10 лет назад
Enable bssl client/s_client and server/s_server on Windows. Change-Id: Iea9bd25176724b56ebb21bded6925f5d30176548 Reviewed-on: https://boringssl-review.googlesource.com/3071 Reviewed-by: Adam Langley <agl@google.com>
9 лет назад
Add the ability to run a server from the command line tool. Change-Id: Ia8588aeaad8b44a6a306d7d5bfecc895adde1910
10 лет назад
Teach bssl server about -max-version and -min-version. Change-Id: Ifbfae883638b35bb274f2002bc53fbba77c7aa85 Reviewed-on: https://boringssl-review.googlesource.com/8821 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
8 лет назад
Print out the signature algorithm in bssl client. I keep wishing we had that available and patching this in. Change-Id: I4ef04fcc6be5b00a9fcbdc2771a7ee7e2313b5c5 Reviewed-on: https://boringssl-review.googlesource.com/10980 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
8 лет назад
Add the ability to run a server from the command line tool. Change-Id: Ia8588aeaad8b44a6a306d7d5bfecc895adde1910
10 лет назад
Add -session-in and -session-out to bssl client. This is analogous to openssl s_client's -sess_in and -sess_out. Use PEM to align with OpenSSL. This is useful for debugging session resumption and also generating things to test serialization against. Change-Id: Idc58e8fa3dd4c2385f6a2d647e66ef11427be60d Reviewed-on: https://boringssl-review.googlesource.com/5761 Reviewed-by: Adam Langley <agl@google.com>
9 лет назад
Add the ability to run a server from the command line tool. Change-Id: Ia8588aeaad8b44a6a306d7d5bfecc895adde1910
10 лет назад
Use new APIs in bssl tool for connection info. Change-Id: I308b493d930621ae8e241b54db0faad667f01754 Reviewed-on: https://boringssl-review.googlesource.com/8761 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
8 лет назад
Make it possible to tell what curve was used on the server. We don't actually have an API to let you know if the value is legal to interpret as a curve ID. (This was kind of a poor API. Oh well.) Also add tests for key_exchange_info. I've intentionally left server-side plain RSA missing for now because the SSL_PRIVATE_KEY_METHOD abstraction only gives you bytes and it's probably better to tweak this API instead. (key_exchange_info also wasn't populated on the server, though due to a rebasing error, that fix ended up in the parent CL. Oh well.) Change-Id: I74a322c8ad03f25b02059da7568c9e1a78419069 Reviewed-on: https://boringssl-review.googlesource.com/6783 Reviewed-by: Adam Langley <agl@google.com>
8 лет назад
Print out the signature algorithm in bssl client. I keep wishing we had that available and patching this in. Change-Id: I4ef04fcc6be5b00a9fcbdc2771a7ee7e2313b5c5 Reviewed-on: https://boringssl-review.googlesource.com/10980 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
8 лет назад
Add the ability to run a server from the command line tool. Change-Id: Ia8588aeaad8b44a6a306d7d5bfecc895adde1910
10 лет назад
Print out whether EMS was supported. Change-Id: I3c5aa418fe767bce883fcdd0a926f922f9f8bbd3 Reviewed-on: https://boringssl-review.googlesource.com/8082 Reviewed-by: Adam Langley <agl@google.com>
8 лет назад
Add additional features to bssl client. This exposes the features needed to mimic Chrome's ClientHello, which is useful in testing. Also use bssl_shim's scopers for SSL objects. Change-Id: Icb88bb00c0a05c27610134d618f466a24f7f757a Reviewed-on: https://boringssl-review.googlesource.com/4113 Reviewed-by: Adam Langley <agl@google.com>
9 лет назад
Modify 'bssl client' to print the cert subject and issuer This is the one piece of functionality I miss from the openssl tool - the ability to see some basic information about the server cert. Sample output: ========== $ bssl client -connect www.google.com Connecting to [2607:f8b0:4006:80d::1010]:443 Connected. Version: TLSv1.2 Resumed session: no Cipher: ECDHE-RSA-AES128-GCM-SHA256 ECDHE curve: P-256 Secure renegotiation: yes Next protocol negotiated: ALPN protocol: Cert subject: /C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com Cert issuer: /C=US/O=Google Inc/CN=Google Internet Authority G2 ========== Change-Id: I758682784752a616628138e420f52586d5a1bb31 Reviewed-on: https://boringssl-review.googlesource.com/7620 Reviewed-by: David Benjamin <davidben@google.com>
8 лет назад
Add the ability to run a server from the command line tool. Change-Id: Ia8588aeaad8b44a6a306d7d5bfecc895adde1910
10 лет назад
Enable bssl client/s_client and server/s_server on Windows. Change-Id: Iea9bd25176724b56ebb21bded6925f5d30176548 Reviewed-on: https://boringssl-review.googlesource.com/3071 Reviewed-by: Adam Langley <agl@google.com>
9 лет назад
Add the ability to run a server from the command line tool. Change-Id: Ia8588aeaad8b44a6a306d7d5bfecc895adde1910
10 лет назад
Use non-deprecated methods on windows. Use of strdup, close, lseek, read, and write prevent linking statically againt libcmt.lib. Change-Id: I04f7876ec0f03f29f000bbcc6b2ccdec844452d2 Reviewed-on: https://boringssl-review.googlesource.com/8010 Reviewed-by: David Benjamin <davidben@google.com>
8 лет назад
Add the ability to run a server from the command line tool. Change-Id: Ia8588aeaad8b44a6a306d7d5bfecc895adde1910
10 лет назад
Enable bssl client/s_client and server/s_server on Windows. Change-Id: Iea9bd25176724b56ebb21bded6925f5d30176548 Reviewed-on: https://boringssl-review.googlesource.com/3071 Reviewed-by: Adam Langley <agl@google.com>
9 лет назад
Add the ability to run a server from the command line tool. Change-Id: Ia8588aeaad8b44a6a306d7d5bfecc895adde1910
10 лет назад
Enable bssl client/s_client and server/s_server on Windows. Change-Id: Iea9bd25176724b56ebb21bded6925f5d30176548 Reviewed-on: https://boringssl-review.googlesource.com/3071 Reviewed-by: Adam Langley <agl@google.com>
9 лет назад
Add the ability to run a server from the command line tool. Change-Id: Ia8588aeaad8b44a6a306d7d5bfecc895adde1910
10 лет назад
Use non-deprecated methods on windows. Use of strdup, close, lseek, read, and write prevent linking statically againt libcmt.lib. Change-Id: I04f7876ec0f03f29f000bbcc6b2ccdec844452d2 Reviewed-on: https://boringssl-review.googlesource.com/8010 Reviewed-by: David Benjamin <davidben@google.com>
8 лет назад
Add the ability to run a server from the command line tool. Change-Id: Ia8588aeaad8b44a6a306d7d5bfecc895adde1910
10 лет назад
Support “-starttls smtp” in `bssl client` This change adds support for doing an SMTP STARTTLS dance before a TLS handshake when using the tool. This is useful for poking at SMTP servers. Change-Id: I04cd60d02d3377cce83e412d62e3257235a19116 Reviewed-on: https://boringssl-review.googlesource.com/8662 Reviewed-by: David Benjamin <davidben@google.com>
8 лет назад
Set variables to avoid false-positive compiler warnings. ../tool/transport_common.cc:429:14: error: ‘code_250’ may be used uninitialized in this function [-Werror=maybe-uninitialized] (I don't believe it can actually happen though.) Change-Id: I78d19ad42ed4c05404f1d8d3e8f254ede3244b8d
8 лет назад
Support “-starttls smtp” in `bssl client` This change adds support for doing an SMTP STARTTLS dance before a TLS handshake when using the tool. This is useful for poking at SMTP servers. Change-Id: I04cd60d02d3377cce83e412d62e3257235a19116 Reviewed-on: https://boringssl-review.googlesource.com/8662 Reviewed-by: David Benjamin <davidben@google.com>
8 лет назад
Set variables to avoid false-positive compiler warnings. ../tool/transport_common.cc:429:14: error: ‘code_250’ may be used uninitialized in this function [-Werror=maybe-uninitialized] (I don't believe it can actually happen though.) Change-Id: I78d19ad42ed4c05404f1d8d3e8f254ede3244b8d
8 лет назад
Support “-starttls smtp” in `bssl client` This change adds support for doing an SMTP STARTTLS dance before a TLS handshake when using the tool. This is useful for poking at SMTP servers. Change-Id: I04cd60d02d3377cce83e412d62e3257235a19116 Reviewed-on: https://boringssl-review.googlesource.com/8662 Reviewed-by: David Benjamin <davidben@google.com>
8 лет назад
Fix STARTTLS detection. The previous code was not an impressive demonstration of clear thinking and could reject cases where STARTTLS was actually supported. Change-Id: I27ce8b401447a49be93f58c9e4eb5c5d8e7b73d4 Reviewed-on: https://boringssl-review.googlesource.com/10241 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: Adam Langley <agl@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
8 лет назад
Support “-starttls smtp” in `bssl client` This change adds support for doing an SMTP STARTTLS dance before a TLS handshake when using the tool. This is useful for poking at SMTP servers. Change-Id: I04cd60d02d3377cce83e412d62e3257235a19116 Reviewed-on: https://boringssl-review.googlesource.com/8662 Reviewed-by: David Benjamin <davidben@google.com>
8 лет назад
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596 
  1. /* Copyright (c) 2014, Google Inc.

  2.  *

  3.  * Permission to use, copy, modify, and/or distribute this software for any

  4.  * purpose with or without fee is hereby granted, provided that the above

  5.  * copyright notice and this permission notice appear in all copies.

  6.  *

  7.  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES

  8.  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF

  9.  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY

  10.  * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES

  11.  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION

  12.  * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN

  13.  * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */

  14. 

  15. #include <openssl/base.h>

  16. 

  17. #include <string>

  18. #include <vector>

  19. 

  20. #include <errno.h>

  21. #include <limits.h>

  22. #include <stddef.h>

  23. #include <stdlib.h>

  24. #include <string.h>

  25. #include <sys/types.h>

  26. 

  27. #if !defined(OPENSSL_WINDOWS)

  28. #include <arpa/inet.h>

  29. #include <fcntl.h>

  30. #include <netdb.h>

  31. #include <netinet/in.h>

  32. #include <sys/select.h>

  33. #include <sys/socket.h>

  34. #include <unistd.h>

  35. #else

  36. #include <io.h>

  37. OPENSSL_MSVC_PRAGMA(warning(push, 3))

  38. #include <winsock2.h>

  39. #include <ws2tcpip.h>

  40. OPENSSL_MSVC_PRAGMA(warning(pop))

  41. 

  42. typedef int ssize_t;

  43. #pragma comment(lib, "Ws2_32.lib")

  44. #endif

  45. 

  46. #include <openssl/err.h>

  47. #include <openssl/ssl.h>

  48. #include <openssl/x509.h>

  49. 

  50. #include "internal.h"

  51. #include "transport_common.h"

  52. 

  53. 

  54. #if !defined(OPENSSL_WINDOWS)

  55. static int closesocket(int sock) {

  56.   return close(sock);

  57. }

  58. #endif

  59. 

  60. bool InitSocketLibrary() {

  61. #if defined(OPENSSL_WINDOWS)

  62.   WSADATA wsaData;

  63.   int err = WSAStartup(MAKEWORD(2, 2), &wsaData);

  64.   if (err != 0) {

  65.     fprintf(stderr, "WSAStartup failed with error %d\n", err);

  66.     return false;

  67.   }

  68. #endif

  69.   return true;

  70. }

  71. 

  72. // Connect sets |*out_sock| to be a socket connected to the destination given

  73. // in |hostname_and_port|, which should be of the form "www.example.com:123".

  74. // It returns true on success and false otherwise.

  75. bool Connect(int *out_sock, const std::string &hostname_and_port) {

  76.   size_t colon_offset = hostname_and_port.find_last_of(':');

  77.   const size_t bracket_offset = hostname_and_port.find_last_of(']');

  78.   std::string hostname, port;

  79. 

  80.   // An IPv6 literal may have colons internally, guarded by square brackets.

  81.   if (bracket_offset != std::string::npos &&

  82.       colon_offset != std::string::npos && bracket_offset > colon_offset) {

  83.     colon_offset = std::string::npos;

  84.   }

  85. 

  86.   if (colon_offset == std::string::npos) {

  87.     hostname = hostname_and_port;

  88.     port = "443";

  89.   } else {

  90.     hostname = hostname_and_port.substr(0, colon_offset);

  91.     port = hostname_and_port.substr(colon_offset + 1);

  92.   }

  93. 

  94.   // Handle IPv6 literals.

  95.   if (hostname.size() >= 2 && hostname[0] == '[' &&

  96.       hostname[hostname.size() - 1] == ']') {

  97.     hostname = hostname.substr(1, hostname.size() - 2);

  98.   }

  99. 

  100.   struct addrinfo hint, *result;

  101.   memset(&hint, 0, sizeof(hint));

  102.   hint.ai_family = AF_UNSPEC;

  103.   hint.ai_socktype = SOCK_STREAM;

  104. 

  105.   int ret = getaddrinfo(hostname.c_str(), port.c_str(), &hint, &result);

  106.   if (ret != 0) {

  107.     fprintf(stderr, "getaddrinfo returned: %s\n", gai_strerror(ret));

  108.     return false;

  109.   }

  110. 

  111.   bool ok = false;

  112.   char buf[256];

  113. 

  114.   *out_sock =

  115.       socket(result->ai_family, result->ai_socktype, result->ai_protocol);

  116.   if (*out_sock < 0) {

  117.     perror("socket");

  118.     goto out;

  119.   }

  120. 

  121.   switch (result->ai_family) {

  122.     case AF_INET: {

  123.       struct sockaddr_in *sin =

  124.           reinterpret_cast<struct sockaddr_in *>(result->ai_addr);

  125.       fprintf(stderr, "Connecting to %s:%d\n",

  126.               inet_ntop(result->ai_family, &sin->sin_addr, buf, sizeof(buf)),

  127.               ntohs(sin->sin_port));

  128.       break;

  129.     }

  130.     case AF_INET6: {

  131.       struct sockaddr_in6 *sin6 =

  132.           reinterpret_cast<struct sockaddr_in6 *>(result->ai_addr);

  133.       fprintf(stderr, "Connecting to [%s]:%d\n",

  134.               inet_ntop(result->ai_family, &sin6->sin6_addr, buf, sizeof(buf)),

  135.               ntohs(sin6->sin6_port));

  136.       break;

  137.     }

  138.   }

  139. 

  140.   if (connect(*out_sock, result->ai_addr, result->ai_addrlen) != 0) {

  141.     perror("connect");

  142.     goto out;

  143.   }

  144.   ok = true;

  145. 

  146. out:

  147.   freeaddrinfo(result);

  148.   return ok;

  149. }

  150. 

  151. bool Accept(int *out_sock, const std::string &port) {

  152.   struct sockaddr_in6 addr, cli_addr;

  153.   socklen_t cli_addr_len = sizeof(cli_addr);

  154.   memset(&addr, 0, sizeof(addr));

  155. 

  156.   addr.sin6_family = AF_INET6;

  157.   addr.sin6_addr = in6addr_any;

  158.   addr.sin6_port = htons(atoi(port.c_str()));

  159. 

  160.   bool ok = false;

  161.   int server_sock = -1;

  162. 

  163.   server_sock =

  164.       socket(addr.sin6_family, SOCK_STREAM, 0);

  165.   if (server_sock < 0) {

  166.     perror("socket");

  167.     goto out;

  168.   }

  169. 

  170.   if (bind(server_sock, (struct sockaddr*)&addr, sizeof(addr)) != 0) {

  171.     perror("connect");

  172.     goto out;

  173.   }

  174.   listen(server_sock, 1);

  175.   *out_sock = accept(server_sock, (struct sockaddr*)&cli_addr, &cli_addr_len);

  176. 

  177.   ok = true;

  178. 

  179. out:

  180.   closesocket(server_sock);

  181.   return ok;

  182. }

  183. 

  184. bool VersionFromString(uint16_t *out_version, const std::string &version) {

  185.   if (version == "ssl3") {

  186.     *out_version = SSL3_VERSION;

  187.     return true;

  188.   } else if (version == "tls1" || version == "tls1.0") {

  189.     *out_version = TLS1_VERSION;

  190.     return true;

  191.   } else if (version == "tls1.1") {

  192.     *out_version = TLS1_1_VERSION;

  193.     return true;

  194.   } else if (version == "tls1.2") {

  195.     *out_version = TLS1_2_VERSION;

  196.     return true;

  197.   } else if (version == "tls1.3") {

  198.     *out_version = TLS1_3_VERSION;

  199.     return true;

  200.   }

  201.   return false;

  202. }

  203. 

  204. static const char *SignatureAlgorithmToString(uint16_t version, uint16_t sigalg) {

  205.   const bool is_tls12 = version == TLS1_2_VERSION || version == DTLS1_2_VERSION;

  206.   switch (sigalg) {

  207.     case SSL_SIGN_RSA_PKCS1_SHA1:

  208.       return "rsa_pkcs1_sha1";

  209.     case SSL_SIGN_RSA_PKCS1_SHA256:

  210.       return "rsa_pkcs1_sha256";

  211.     case SSL_SIGN_RSA_PKCS1_SHA384:

  212.       return "rsa_pkcs1_sha384";

  213.     case SSL_SIGN_RSA_PKCS1_SHA512:

  214.       return "rsa_pkcs1_sha512";

  215.     case SSL_SIGN_ECDSA_SHA1:

  216.       return "ecdsa_sha1";

  217.     case SSL_SIGN_ECDSA_SECP256R1_SHA256:

  218.       return is_tls12 ? "ecdsa_sha256" : "ecdsa_secp256r1_sha256";

  219.     case SSL_SIGN_ECDSA_SECP384R1_SHA384:

  220.       return is_tls12 ? "ecdsa_sha384" : "ecdsa_secp384r1_sha384";

  221.     case SSL_SIGN_ECDSA_SECP521R1_SHA512:

  222.       return is_tls12 ? "ecdsa_sha512" : "ecdsa_secp521r1_sha512";

  223.     case SSL_SIGN_RSA_PSS_SHA256:

  224.       return "rsa_pss_sha256";

  225.     case SSL_SIGN_RSA_PSS_SHA384:

  226.       return "rsa_pss_sha384";

  227.     case SSL_SIGN_RSA_PSS_SHA512:

  228.       return "rsa_pss_sha512";

  229.     default:

  230.       return "(unknown)";

  231.   }

  232. }

  233. 

  234. void PrintConnectionInfo(const SSL *ssl) {

  235.   const SSL_CIPHER *cipher = SSL_get_current_cipher(ssl);

  236. 

  237.   fprintf(stderr, "  Version: %s\n", SSL_get_version(ssl));

  238.   fprintf(stderr, "  Resumed session: %s\n",

  239.           SSL_session_reused(ssl) ? "yes" : "no");

  240.   fprintf(stderr, "  Cipher: %s\n", SSL_CIPHER_get_name(cipher));

  241.   uint16_t curve = SSL_get_curve_id(ssl);

  242.   if (curve != 0) {

  243.     fprintf(stderr, "  ECDHE curve: %s\n", SSL_get_curve_name(curve));

  244.   }

  245.   unsigned dhe_bits = SSL_get_dhe_group_size(ssl);

  246.   if (dhe_bits != 0) {

  247.     fprintf(stderr, "  DHE group size: %u bits\n", dhe_bits);

  248.   }

  249.   uint16_t sigalg = SSL_get_peer_signature_algorithm(ssl);

  250.   if (sigalg != 0) {

  251.     fprintf(stderr, "  Signature algorithm: %s\n",

  252.             SignatureAlgorithmToString(SSL_version(ssl), sigalg));

  253.   }

  254.   fprintf(stderr, "  Secure renegotiation: %s\n",

  255.           SSL_get_secure_renegotiation_support(ssl) ? "yes" : "no");

  256.   fprintf(stderr, "  Extended master secret: %s\n",

  257.           SSL_get_extms_support(ssl) ? "yes" : "no");

  258. 

  259.   const uint8_t *next_proto;

  260.   unsigned next_proto_len;

  261.   SSL_get0_next_proto_negotiated(ssl, &next_proto, &next_proto_len);

  262.   fprintf(stderr, "  Next protocol negotiated: %.*s\n", next_proto_len,

  263.           next_proto);

  264. 

  265.   const uint8_t *alpn;

  266.   unsigned alpn_len;

  267.   SSL_get0_alpn_selected(ssl, &alpn, &alpn_len);

  268.   fprintf(stderr, "  ALPN protocol: %.*s\n", alpn_len, alpn);

  269. 

  270.   // Print the server cert subject and issuer names.

  271.   X509 *peer = SSL_get_peer_certificate(ssl);

  272.   if (peer != NULL) {

  273.     fprintf(stderr, "  Cert subject: ");

  274.     X509_NAME_print_ex_fp(stderr, X509_get_subject_name(peer), 0,

  275.                           XN_FLAG_ONELINE);

  276.     fprintf(stderr, "\n  Cert issuer: ");

  277.     X509_NAME_print_ex_fp(stderr, X509_get_issuer_name(peer), 0,

  278.                           XN_FLAG_ONELINE);

  279.     fprintf(stderr, "\n");

  280.     X509_free(peer);

  281.   }

  282. }

  283. 

  284. bool SocketSetNonBlocking(int sock, bool is_non_blocking) {

  285.   bool ok;

  286. 

  287. #if defined(OPENSSL_WINDOWS)

  288.   u_long arg = is_non_blocking;

  289.   ok = 0 == ioctlsocket(sock, FIONBIO, &arg);

  290. #else

  291.   int flags = fcntl(sock, F_GETFL, 0);

  292.   if (flags < 0) {

  293.     return false;

  294.   }

  295.   if (is_non_blocking) {

  296.     flags |= O_NONBLOCK;

  297.   } else {

  298.     flags &= ~O_NONBLOCK;

  299.   }

  300.   ok = 0 == fcntl(sock, F_SETFL, flags);

  301. #endif

  302.   if (!ok) {

  303.     fprintf(stderr, "Failed to set socket non-blocking.\n");

  304.   }

  305.   return ok;

  306. }

  307. 

  308. // PrintErrorCallback is a callback function from OpenSSL's

  309. // |ERR_print_errors_cb| that writes errors to a given |FILE*|.

  310. int PrintErrorCallback(const char *str, size_t len, void *ctx) {

  311.   fwrite(str, len, 1, reinterpret_cast<FILE*>(ctx));

  312.   return 1;

  313. }

  314. 

  315. bool TransferData(SSL *ssl, int sock) {

  316.   bool stdin_open = true;

  317. 

  318.   fd_set read_fds;

  319.   FD_ZERO(&read_fds);

  320. 

  321.   if (!SocketSetNonBlocking(sock, true)) {

  322.     return false;

  323.   }

  324. 

  325.   for (;;) {

  326.     if (stdin_open) {

  327.       FD_SET(0, &read_fds);

  328.     }

  329.     FD_SET(sock, &read_fds);

  330. 

  331.     int ret = select(sock + 1, &read_fds, NULL, NULL, NULL);

  332.     if (ret <= 0) {

  333.       perror("select");

  334.       return false;

  335.     }

  336. 

  337.     if (FD_ISSET(0, &read_fds)) {

  338.       uint8_t buffer[512];

  339.       ssize_t n;

  340. 

  341.       do {

  342.         n = BORINGSSL_READ(0, buffer, sizeof(buffer));

  343.       } while (n == -1 && errno == EINTR);

  344. 

  345.       if (n == 0) {

  346.         FD_CLR(0, &read_fds);

  347.         stdin_open = false;

  348. #if !defined(OPENSSL_WINDOWS)

  349.         shutdown(sock, SHUT_WR);

  350. #else

  351.         shutdown(sock, SD_SEND);

  352. #endif

  353.         continue;

  354.       } else if (n < 0) {

  355.         perror("read from stdin");

  356.         return false;

  357.       }

  358. 

  359.       if (!SocketSetNonBlocking(sock, false)) {

  360.         return false;

  361.       }

  362.       int ssl_ret = SSL_write(ssl, buffer, n);

  363.       if (!SocketSetNonBlocking(sock, true)) {

  364.         return false;

  365.       }

  366. 

  367.       if (ssl_ret <= 0) {

  368.         int ssl_err = SSL_get_error(ssl, ssl_ret);

  369.         fprintf(stderr, "Error while writing: %d\n", ssl_err);

  370.         ERR_print_errors_cb(PrintErrorCallback, stderr);

  371.         return false;

  372.       } else if (ssl_ret != n) {

  373.         fprintf(stderr, "Short write from SSL_write.\n");

  374.         return false;

  375.       }

  376.     }

  377. 

  378.     if (FD_ISSET(sock, &read_fds)) {

  379.       uint8_t buffer[512];

  380.       int ssl_ret = SSL_read(ssl, buffer, sizeof(buffer));

  381. 

  382.       if (ssl_ret < 0) {

  383.         int ssl_err = SSL_get_error(ssl, ssl_ret);

  384.         if (ssl_err == SSL_ERROR_WANT_READ) {

  385.           continue;

  386.         }

  387.         fprintf(stderr, "Error while reading: %d\n", ssl_err);

  388.         ERR_print_errors_cb(PrintErrorCallback, stderr);

  389.         return false;

  390.       } else if (ssl_ret == 0) {

  391.         return true;

  392.       }

  393. 

  394.       ssize_t n;

  395.       do {

  396.         n = BORINGSSL_WRITE(1, buffer, ssl_ret);

  397.       } while (n == -1 && errno == EINTR);

  398. 

  399.       if (n != ssl_ret) {

  400.         fprintf(stderr, "Short write to stderr.\n");

  401.         return false;

  402.       }

  403.     }

  404.   }

  405. }

  406. 

  407. // SocketLineReader wraps a small buffer around a socket for line-orientated

  408. // protocols.

  409. class SocketLineReader {

  410.  public:

  411.   explicit SocketLineReader(int sock) : sock_(sock) {}

  412. 

  413.   // Next reads a '\n'- or '\r\n'-terminated line from the socket and, on

  414.   // success, sets |*out_line| to it and returns true. Otherwise it returns

  415.   // false.

  416.   bool Next(std::string *out_line) {

  417.     for (;;) {

  418.       for (size_t i = 0; i < buf_len_; i++) {

  419.         if (buf_[i] != '\n') {

  420.           continue;

  421.         }

  422. 

  423.         size_t length = i;

  424.         if (i > 0 && buf_[i - 1] == '\r') {

  425.           length--;

  426.         }

  427. 

  428.         out_line->assign(buf_, length);

  429.         buf_len_ -= i + 1;

  430.         memmove(buf_, &buf_[i + 1], buf_len_);

  431. 

  432.         return true;

  433.       }

  434. 

  435.       if (buf_len_ == sizeof(buf_)) {

  436.         fprintf(stderr, "Received line too long!\n");

  437.         return false;

  438.       }

  439. 

  440.       ssize_t n;

  441.       do {

  442.         n = recv(sock_, &buf_[buf_len_], sizeof(buf_) - buf_len_, 0);

  443.       } while (n == -1 && errno == EINTR);

  444. 

  445.       if (n < 0) {

  446.         fprintf(stderr, "Read error from socket\n");

  447.         return false;

  448.       }

  449. 

  450.       buf_len_ += n;

  451.     }

  452.   }

  453. 

  454.   // ReadSMTPReply reads one or more lines that make up an SMTP reply. On

  455.   // success, it sets |*out_code| to the reply's code (e.g. 250) and

  456.   // |*out_content| to the body of the reply (e.g. "OK") and returns true.

  457.   // Otherwise it returns false.

  458.   //

  459.   // See https://tools.ietf.org/html/rfc821#page-48

  460.   bool ReadSMTPReply(unsigned *out_code, std::string *out_content) {

  461.     out_content->clear();

  462. 

  463.     // kMaxLines is the maximum number of lines that we'll accept in an SMTP

  464.     // reply.

  465.     static const unsigned kMaxLines = 512;

  466.     for (unsigned i = 0; i < kMaxLines; i++) {

  467.       std::string line;

  468.       if (!Next(&line)) {

  469.         return false;

  470.       }

  471. 

  472.       if (line.size() < 4) {

  473.         fprintf(stderr, "Short line from SMTP server: %s\n", line.c_str());

  474.         return false;

  475.       }

  476. 

  477.       const std::string code_str = line.substr(0, 3);

  478.       char *endptr;

  479.       const unsigned long code = strtoul(code_str.c_str(), &endptr, 10);

  480.       if (*endptr || code > UINT_MAX) {

  481.         fprintf(stderr, "Failed to parse code from line: %s\n", line.c_str());

  482.         return false;

  483.       }

  484. 

  485.       if (i == 0) {

  486.         *out_code = code;

  487.       } else if (code != *out_code) {

  488.         fprintf(stderr,

  489.                 "Reply code varied within a single reply: was %u, now %u\n",

  490.                 *out_code, static_cast<unsigned>(code));

  491.         return false;

  492.       }

  493. 

  494.       if (line[3] == ' ') {

  495.         // End of reply.

  496.         *out_content += line.substr(4, std::string::npos);

  497.         return true;

  498.       } else if (line[3] == '-') {

  499.         // Another line of reply will follow this one.

  500.         *out_content += line.substr(4, std::string::npos);

  501.         out_content->push_back('\n');

  502.       } else {

  503.         fprintf(stderr, "Bad character after code in SMTP reply: %s\n",

  504.                 line.c_str());

  505.         return false;

  506.       }

  507.     }

  508. 

  509.     fprintf(stderr, "Rejected SMTP reply of more then %u lines\n", kMaxLines);

  510.     return false;

  511.   }

  512. 

  513.  private:

  514.   const int sock_;

  515.   char buf_[512];

  516.   size_t buf_len_ = 0;

  517. };

  518. 

  519. // SendAll writes |data_len| bytes from |data| to |sock|. It returns true on

  520. // success and false otherwise.

  521. static bool SendAll(int sock, const char *data, size_t data_len) {

  522.   size_t done = 0;

  523. 

  524.   while (done < data_len) {

  525.     ssize_t n;

  526.     do {

  527.       n = send(sock, &data[done], data_len - done, 0);

  528.     } while (n == -1 && errno == EINTR);

  529. 

  530.     if (n < 0) {

  531.       fprintf(stderr, "Error while writing to socket\n");

  532.       return false;

  533.     }

  534. 

  535.     done += n;

  536.   }

  537. 

  538.   return true;

  539. }

  540. 

  541. bool DoSMTPStartTLS(int sock) {

  542.   SocketLineReader line_reader(sock);

  543. 

  544.   unsigned code_220 = 0;

  545.   std::string reply_220;

  546.   if (!line_reader.ReadSMTPReply(&code_220, &reply_220)) {

  547.     return false;

  548.   }

  549. 

  550.   if (code_220 != 220) {

  551.     fprintf(stderr, "Expected 220 line from SMTP server but got code %u\n",

  552.             code_220);

  553.     return false;

  554.   }

  555. 

  556.   static const char kHelloLine[] = "EHLO BoringSSL\r\n";

  557.   if (!SendAll(sock, kHelloLine, sizeof(kHelloLine) - 1)) {

  558.     return false;

  559.   }

  560. 

  561.   unsigned code_250 = 0;

  562.   std::string reply_250;

  563.   if (!line_reader.ReadSMTPReply(&code_250, &reply_250)) {

  564.     return false;

  565.   }

  566. 

  567.   if (code_250 != 250) {

  568.     fprintf(stderr, "Expected 250 line after EHLO but got code %u\n", code_250);

  569.     return false;

  570.   }

  571. 

  572.   // https://tools.ietf.org/html/rfc1869#section-4.3

  573.   if (("\n" + reply_250 + "\n").find("\nSTARTTLS\n") == std::string::npos) {

  574.     fprintf(stderr, "Server does not support STARTTLS\n");

  575.     return false;

  576.   }

  577. 

  578.   static const char kSTARTTLSLine[] = "STARTTLS\r\n";

  579.   if (!SendAll(sock, kSTARTTLSLine, sizeof(kSTARTTLSLine) - 1)) {

  580.     return false;

  581.   }

  582. 

  583.   if (!line_reader.ReadSMTPReply(&code_220, &reply_220)) {

  584.     return false;

  585.   }

  586. 

  587.   if (code_220 != 220) {

  588.     fprintf(

  589.         stderr,

  590.         "Expected 220 line from SMTP server after STARTTLS, but got code %u\n",

  591.         code_220);

  592.     return false;

  593.   }

  594. 

  595.   return true;

  596. }