Fix tls_do_recv bug and update SSL clients

tools/tlcp_client.c

@@ -50,7 +50,6 @@
 #include <errno.h>
 #include <string.h>
 #include <stdlib.h>
-
 #include <unistd.h>
 #include <netdb.h>
 #include <sys/types.h>
@@ -85,7 +84,7 @@ int tlcp_client_main(int argc, char *argv[])
 	int sock;
 	TLS_CTX ctx;
 	TLS_CONNECT conn;
-	char buf[1000] = {0};
+	char buf[10] = {0};
 	size_t len = sizeof(buf);
 	char send_buf[1024] = {0};
 	size_t send_len;
@@ -180,16 +179,15 @@ bad:
 		goto end;
 	}
 
-	fd_set fds;
 
 
 	for (;;) {
+		fd_set fds;
 		size_t sentlen;
 
-
 		FD_ZERO(&fds);
 		FD_SET(conn.sock, &fds);
-		FD_SET(0, &fds);
+		FD_SET(STDIN_FILENO, &fds);
 
 		if (select(conn.sock + 1, &fds, NULL, NULL, NULL) < 0) {
 			fprintf(stderr, "%s: select failed\n", prog);
@@ -197,18 +195,17 @@ bad:
 		}
 
 		if (FD_ISSET(conn.sock, &fds)) {
-			memset(buf, 0, sizeof(buf));
-			len = sizeof(buf);
-
-			if (tls_recv(&conn, (uint8_t *)buf, sizeof(buf), &len) != 1) {
-				goto end;
+			for (;;) {
+				memset(buf, 0, sizeof(buf));
+				if (tls_recv(&conn, (uint8_t *)buf, sizeof(buf), &len) != 1) {
+					goto end;
+				}
+				fwrite(buf, 1, len, stdout);
+				fflush(stdout);
 			}
 
-			buf[len] = 0;
-			printf("%s\n", buf);
-
 		}
-		if (FD_ISSET(0, &fds)) {
+		if (FD_ISSET(STDIN_FILENO, &fds)) {
 			memset(send_buf, 0, sizeof(send_buf));
 
 			if (!fgets(send_buf, sizeof(send_buf), stdin)) {

tools/tls12_client.c

@@ -87,7 +87,7 @@ int tls12_client_main(int argc, char *argv[])
 	int sock;
 	TLS_CTX ctx;
 	TLS_CONNECT conn;
-	char buf[100] = {0};
+	char buf[1024] = {0};
 	size_t len = sizeof(buf);
 	char send_buf[1024] = {0};
 	size_t send_len;
@@ -158,12 +158,23 @@ bad:
 	}
 
 	if (tls_ctx_init(&ctx, TLS_protocol_tls12, TLS_client_mode) != 1
-		|| tls_ctx_set_cipher_suites(&ctx, client_ciphers, sizeof(client_ciphers)/sizeof(client_ciphers[0])) != 1
-		|| tls_ctx_set_ca_certificates(&ctx, cacertfile, TLS_DEFAULT_VERIFY_DEPTH) != 1
-		|| tls_ctx_set_certificate_and_key(&ctx, certfile, keyfile, pass) != 1) {
+		|| tls_ctx_set_cipher_suites(&ctx, client_ciphers, sizeof(client_ciphers)/sizeof(client_ciphers[0])) != 1) {
 		fprintf(stderr, "%s: context init error\n", prog);
 		goto end;
 	}
+	if (cacertfile) {
+		if (tls_ctx_set_ca_certificates(&ctx, cacertfile, TLS_DEFAULT_VERIFY_DEPTH) != 1) {
+			fprintf(stderr, "%s: context init error\n", prog);
+			goto end;
+		}
+	}
+	if (certfile) {
+		if (tls_ctx_set_certificate_and_key(&ctx, certfile, keyfile, pass) != 1) {
+			fprintf(stderr, "%s: context init error\n", prog);
+			goto end;
+		}
+	}
+
 	if (tls_init(&conn, &ctx) != 1
 		|| tls_set_socket(&conn, sock) != 1
 		|| tls_do_handshake(&conn) != 1) {
@@ -172,30 +183,44 @@ bad:
 	}
 
 	for (;;) {
+		fd_set fds;
 		size_t sentlen;
 
-		memset(send_buf, 0, sizeof(send_buf));
-		if (!fgets(send_buf, sizeof(send_buf), stdin)) {
-			if (feof(stdin)) {
-				tls_shutdown(&conn);
-				goto end;
-			} else {
-				continue;
-			}
-		}
-		if (tls_send(&conn, (uint8_t *)send_buf, strlen(send_buf), &sentlen) != 1) {
-			fprintf(stderr, "%s: send error\n", prog);
+		FD_ZERO(&fds);
+		FD_SET(conn.sock, &fds);
+		FD_SET(STDIN_FILENO, &fds);
+
+		if (select(conn.sock + 1, &fds, NULL, NULL, NULL) < 0) {
+			fprintf(stderr, "%s: select failed\n", prog);
 			goto end;
 		}
 
-		{
-			memset(buf, 0, sizeof(buf));
-			len = sizeof(buf);
-			if (tls_recv(&conn, (uint8_t *)buf, sizeof(len), &len) != 1) {
+		if (FD_ISSET(conn.sock, &fds)) {
+			for (;;) {
+				memset(buf, 0, sizeof(buf));
+				if (tls_recv(&conn, (uint8_t *)buf, sizeof(buf), &len) != 1) {
+					goto end;
+				}
+				fwrite(buf, 1, len, stdout);
+				fflush(stdout);
+			}
+
+		}
+		if (FD_ISSET(STDIN_FILENO, &fds)) {
+			memset(send_buf, 0, sizeof(send_buf));
+
+			if (!fgets(send_buf, sizeof(send_buf), stdin)) {
+				if (feof(stdin)) {
+					tls_shutdown(&conn);
+					goto end;
+				} else {
+					continue;
+				}
+			}
+			if (tls_send(&conn, (uint8_t *)send_buf, strlen(send_buf), &sentlen) != 1) {
+				fprintf(stderr, "%s: send error\n", prog);
 				goto end;
 			}
-			buf[len] = 0;
-			printf("%s\n", buf);
 		}
 	}
 

tools/tls13_client.c

@@ -87,7 +87,7 @@ int tls13_client_main(int argc, char *argv[])
 	int sock;
 	TLS_CTX ctx;
 	TLS_CONNECT conn;
-	char buf[100] = {0};
+	char buf[1024] = {0};
 	size_t len = sizeof(buf);
 	char send_buf[1024] = {0};
 	size_t send_len;
@@ -158,12 +158,22 @@ bad:
 	}
 
 	if (tls_ctx_init(&ctx, TLS_protocol_tls13, TLS_client_mode) != 1
-		|| tls_ctx_set_cipher_suites(&ctx, client_ciphers, sizeof(client_ciphers)/sizeof(client_ciphers[0])) != 1
-		|| tls_ctx_set_ca_certificates(&ctx, cacertfile, TLS_DEFAULT_VERIFY_DEPTH) != 1
-		|| tls_ctx_set_certificate_and_key(&ctx, certfile, keyfile, pass) != 1) {
+		|| tls_ctx_set_cipher_suites(&ctx, client_ciphers, sizeof(client_ciphers)/sizeof(client_ciphers[0])) != 1) {
 		fprintf(stderr, "%s: context init error\n", prog);
 		goto end;
 	}
+	if (cacertfile) {
+		if (tls_ctx_set_ca_certificates(&ctx, cacertfile, TLS_DEFAULT_VERIFY_DEPTH) != 1) {
+			fprintf(stderr, "%s: context init error\n", prog);
+			goto end;
+		}
+	}
+	if (certfile) {
+		if (tls_ctx_set_certificate_and_key(&ctx, certfile, keyfile, pass) != 1) {
+			fprintf(stderr, "%s: context init error\n", prog);
+			goto end;
+		}
+	}
 	if (tls_init(&conn, &ctx) != 1
 		|| tls_set_socket(&conn, sock) != 1
 		|| tls_do_handshake(&conn) != 1) {
@@ -172,34 +182,47 @@ bad:
 	}
 
 	for (;;) {
+		fd_set fds;
 		size_t sentlen;
 
-		memset(send_buf, 0, sizeof(send_buf));
-		if (!fgets(send_buf, sizeof(send_buf), stdin)) {
-			if (feof(stdin)) {
-				tls_shutdown(&conn);
-				goto end;
-			} else {
-				continue;
-			}
-		}
-		if (tls13_send(&conn, (uint8_t *)send_buf, strlen(send_buf), 0 /*&sentlen*/) != 1) {
-			fprintf(stderr, "%s: send error\n", prog);
+		FD_ZERO(&fds);
+		FD_SET(conn.sock, &fds);
+		FD_SET(STDIN_FILENO, &fds);
+
+		if (select(conn.sock + 1, &fds, NULL, NULL, NULL) < 0) {
+			fprintf(stderr, "%s: select failed\n", prog);
 			goto end;
 		}
 
-		{
-			memset(buf, 0, sizeof(buf));
-			len = sizeof(buf);
-			if (tls13_recv(&conn, (uint8_t *)buf, /*sizeof(len),*/ &len) != 1) {
+		if (FD_ISSET(conn.sock, &fds)) {
+			for (;;) {
+				memset(buf, 0, sizeof(buf));
+				if (tls13_recv(&conn, (uint8_t *)buf, sizeof(buf), &len) != 1) {
+					goto end;
+				}
+				fwrite(buf, 1, len, stdout);
+				fflush(stdout);
+			}
+
+		}
+		if (FD_ISSET(STDIN_FILENO, &fds)) {
+			memset(send_buf, 0, sizeof(send_buf));
+
+			if (!fgets(send_buf, sizeof(send_buf), stdin)) {
+				if (feof(stdin)) {
+					tls_shutdown(&conn);
+					goto end;
+				} else {
+					continue;
+				}
+			}
+			if (tls13_send(&conn, (uint8_t *)send_buf, strlen(send_buf), &sentlen) != 1) {
+				fprintf(stderr, "%s: send error\n", prog);
 				goto end;
 			}
-			buf[len] = 0;
-			printf("%s\n", buf);
 		}
 	}
 
-
 end:
 	close(sock);
 	tls_ctx_cleanup(&ctx);

tools/tls13_server.c

@@ -199,7 +199,7 @@ restart:
 
 		do {
 			len = sizeof(buf);
-			if ((rv = tls13_recv(&conn, (uint8_t *)buf, /*sizeof(buf),*/ &len)) != 1) {
+			if ((rv = tls13_recv(&conn, (uint8_t *)buf, sizeof(buf), &len)) != 1) {
 				if (rv < 0) fprintf(stderr, "%s: recv failure\n", prog);
 				else fprintf(stderr, "%s: Disconnected by remote\n", prog);