From f6da34c8b5c6a72845845d7b082e55d2b79263cd Mon Sep 17 00:00:00 2001 From: Eric Molitor Date: Thu, 28 Oct 2021 15:50:11 +0100 Subject: [PATCH 2/2] wget: Add OpenSSL Support --- scripts/make.sh | 2 +- toys/pending/wget.c | 44 ++++++++++++++++++++++++++++++++++++++++---- 2 files changed, 41 insertions(+), 5 deletions(-) diff --git a/scripts/make.sh b/scripts/make.sh index 76ec03b1..60b5bcbf 100755 --- a/scripts/make.sh +++ b/scripts/make.sh @@ -108,7 +108,7 @@ then # and skip nonexistent libraries for it. > generated/optlibs.dat - for i in util crypt m resolv rt selinux smack attr crypto z log iconv tls + for i in util crypt m resolv rt selinux smack attr crypto z log iconv tls ssl do echo "int main(int argc, char *argv[]) {return 0;}" | \ ${CROSS_COMPILE}${CC} $CFLAGS $LDFLAGS -xc - -o generated/libprobe $LDASNEEDED -l$i > /dev/null 2>/dev/null && diff --git a/toys/pending/wget.c b/toys/pending/wget.c index bb979850..c0e70387 100644 --- a/toys/pending/wget.c +++ b/toys/pending/wget.c @@ -45,6 +45,13 @@ config WGET_LIBTLS help Enable HTTPS support for wget by linking to libtls. Supports using libtls, libretls or libtls-bearssl. + +config WGET_OPENSSL + bool "Enable HTTPS support for wget via OpenSSL" + default n + depends on WGET + help + Enable HTTPS support for wget by linking to openssl. */ // todo: Add support for configurable TLS versions @@ -56,7 +63,15 @@ config WGET_LIBTLS #include "toys.h" #if CFG_WGET_LIBTLS +#define WGET_SSL 1 #include +#elif CFG_WGET_OPENSSL +#define WGET_SSL 1 +#include +#include +#include +#else +#define WGET_SSL 0 #endif #define WGET_FILENAME "Content-Disposition: attachment; filename=" @@ -65,7 +80,7 @@ config WGET_LIBTLS #define WGET_TLS_PROTOCOLS "tlsv1.2" #define WGET_IS_HTTP (strncmp(TT.url, "http://", 7) == 0) -#define WGET_IS_HTTPS (CFG_WGET_LIBTLS && (strncmp(TT.url, "https://", 8) == 0)) +#define WGET_IS_HTTPS (WGET_SSL && (strncmp(TT.url, "https://", 8) == 0)) GLOBALS( char *filename; @@ -77,6 +92,10 @@ GLOBALS( #if CFG_WGET_LIBTLS struct tls *tls; +#elif CFG_WGET_OPENSSL +SSL_CTX *ctx; +BIO *bio; +SSL *ssl; #endif static char *wget_strncaseafter(char *haystack, char *needle) @@ -138,6 +157,15 @@ static void wget_connect(char *host, char *port) if (tls_connect(tls, host, port) != 0) error_exit("tls_connect: %s", tls_error(tls)); + #elif CFG_WGET_OPENSSL + ctx = SSL_CTX_new(TLS_client_method()); + if (!ctx) error_exit("SSL_CTX_new"); + bio = BIO_new_ssl_connect(ctx); + BIO_get_ssl(bio, &ssl); + SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); + BIO_set_conn_hostname(bio, host); + BIO_set_conn_port(bio, port); + if (BIO_do_connect(bio) <= 0) error_exit("BIO_do_connect"); #endif } else error_exit("unsupported protocol"); } @@ -147,9 +175,13 @@ static size_t wget_read(void *buf, size_t len) if (WGET_IS_HTTP) return xread(TT.sock, buf, len); else if (WGET_IS_HTTPS) { #if CFG_WGET_LIBTLS - ssize_t ret = tls_read(tls, buf, len); - if (ret < 0) error_exit("tls_read: %s", tls_error(tls)); - return ret; + ssize_t ret = tls_read(tls, buf, len); \ + if (ret < 0) error_exit("tls_read: %s", tls_error(tls)); \ + return ret; + #elif CFG_WGET_OPENSSL + int ret = BIO_read(bio, buf, len); + if (ret < 0) error_exit("BIO_read"); + return ret; #endif } else error_exit("unsupported protocol"); } @@ -161,6 +193,8 @@ static void wget_write(void *buf, size_t len) } else if (WGET_IS_HTTPS) { #if CFG_WGET_LIBTLS if (len != tls_write(tls, buf, len)) error_exit("tls_write: %s", tls_error(tls)); + #elif CFG_WGET_OPENSSL + if (len != BIO_write(bio, buf, len)) error_exit("BIO_write"); #endif } else error_exit("unsupported protocol"); } @@ -177,6 +211,8 @@ static void wget_close() tls_close(tls); tls_free(tls); } + #elif CFG_WGET_OPENSSL + BIO_free_all(bio); #endif } -- 2.25.1