tls: add the i/o loop - largish rework of i/o buffering

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>

1 files changed, 166 insertions, 108 deletions

diff --git a/networking/tls.c b/networking/tls.c
index 092735884..71be2def8 100644
--- a/networking/tls.c
+++ b/networking/tls.c
@@ -23,9 +23,10 @@
 //usage:#define tls_full_usage "\n\n"
 
 #include "tls.h"
+#include "common_bufsiz.h"
 
 #define TLS_DEBUG      1
-#define TLS_DEBUG_HASH 0
+#define TLS_DEBUG_HASH 1
 #define TLS_DEBUG_DER  0
 
 #if TLS_DEBUG
@@ -150,9 +151,8 @@
 // works against "openssl s_server -cipher NULL"
 // and against wolfssl-3.9.10-stable/examples/server/server.c:
 //#define CIPHER_ID TLS_RSA_WITH_NULL_SHA256 // for testing (does everything except encrypting)
-// "works", meaning
-// "can send encrypted FINISHED to  wolfssl-3.9.10-stable/examples/server/server.c",
-// don't yet read its encrypted answers:
+// works against wolfssl-3.9.10-stable/examples/server/server.c
+// (getting back and decrypt ok first application data message)
 #define CIPHER_ID TLS_RSA_WITH_AES_256_CBC_SHA256 // ok, no SERVER_KEY_EXCHANGE
 
 enum {
@@ -162,6 +162,11 @@ enum {
 	AES_BLOCKSIZE = 16,
 	AES128_KEYSIZE = 16,
 	AES256_KEYSIZE = 32,
+
+	MAX_TLS_RECORD = (1 << 14),
+	OUTBUF_PFX = 8 + AES_BLOCKSIZE, /* header + IV */
+	OUTBUF_SFX = SHA256_OUTSIZE + AES_BLOCKSIZE, /* MAC + padding */
+	MAX_OTBUF = MAX_TLS_RECORD - OUTBUF_PFX - OUTBUF_SFX,
 };
 
 struct record_hdr {
@@ -195,6 +200,9 @@ typedef struct tls_state {
 // exceed 2^64-1.
 	uint64_t write_seq64_be;
 
+	int outbuf_size;
+	uint8_t *outbuf;
+
 	// RFC 5246
 	// |6.2.1. Fragmentation
 	// |  The record layer fragments information blocks into TLSPlaintext
@@ -225,7 +233,6 @@ typedef struct tls_state {
 //needed?
 	uint64_t align____;
 	uint8_t inbuf[20*1024];
-	uint8_t outbuf[20*1024];
 } tls_state_t;
 
 
@@ -462,6 +469,17 @@ static void tls_error_die(tls_state_t *tls)
 	xfunc_die();
 }
 
+static void *tls_get_outbuf(tls_state_t *tls, int len)
+{
+	if (len > MAX_OTBUF)
+		xfunc_die();
+	if (tls->outbuf_size < len + OUTBUF_PFX + OUTBUF_SFX) {
+		tls->outbuf_size = len + OUTBUF_PFX + OUTBUF_SFX;
+		tls->outbuf = xrealloc(tls->outbuf, tls->outbuf_size);
+	}
+	return tls->outbuf + OUTBUF_PFX;
+}
+
 // RFC 5246
 // 6.2.3.1.  Null or Standard Stream Cipher
 //
@@ -501,39 +519,41 @@ static void tls_error_die(tls_state_t *tls)
 // --------  -----------  ----------  --------------
 // SHA       HMAC-SHA1       20            20
 // SHA256    HMAC-SHA256     32            32
-static void xwrite_and_hash(tls_state_t *tls, /*const*/ void *buf, unsigned size)
+static void xwrite_encrypted(tls_state_t *tls, unsigned size, unsigned type)
 {
-	uint8_t mac_hash[SHA256_OUTSIZE];
-	struct record_hdr *xhdr = buf;
+	uint8_t *buf = tls->outbuf + OUTBUF_PFX;
+	struct record_hdr *xhdr;
 
-	if (!tls->encrypt_on_write) {
-		xwrite(tls->fd, buf, size);
-		dbg("wrote %u bytes\n", size);
-		/* Handshake hash does not include record headers */
-		if (size > 5 && xhdr->type == RECORD_TYPE_HANDSHAKE) {
-			sha256_hash_dbg(">> sha256:%s", &tls->handshake_sha256_ctx, (uint8_t*)buf + 5, size - 5);
-		}
-		return;
-	}
+	xhdr = (void*)(buf - sizeof(*xhdr));
+	if (CIPHER_ID != TLS_RSA_WITH_NULL_SHA256)
+		xhdr = (void*)(buf - sizeof(*xhdr) - AES_BLOCKSIZE); /* place for IV */
+
+	xhdr->type = type;
+	xhdr->proto_maj = TLS_MAJ;
+	xhdr->proto_min = TLS_MIN;
+	/* fake unencrypted record header len for MAC calculation */
+	xhdr->len16_hi = size >> 8;
+	xhdr->len16_lo = size & 0xff;
 
+	/* Calculate MAC signature */
 //TODO: convert hmac_sha256 to precomputed
-	hmac_sha256(mac_hash,
+	hmac_sha256(buf + size,
 			tls->client_write_MAC_key, sizeof(tls->client_write_MAC_key),
 			&tls->write_seq64_be, sizeof(tls->write_seq64_be),
+			xhdr, sizeof(*xhdr),
 			buf, size,
 			NULL);
 	tls->write_seq64_be = SWAP_BE64(1 + SWAP_BE64(tls->write_seq64_be));
 
+	size += SHA256_OUTSIZE;
+
 	if (CIPHER_ID == TLS_RSA_WITH_NULL_SHA256) {
 		/* No encryption, only signing */
-		xhdr->len16_lo += SHA256_OUTSIZE;
-//FIXME: overflow into len16_hi?
-		xwrite(tls->fd, buf, size);
-		xhdr->len16_lo -= SHA256_OUTSIZE;
-		dbg("wrote %u bytes\n", size);
-
-		xwrite(tls->fd, mac_hash, sizeof(mac_hash));
-		dbg("wrote %u bytes of hash\n", (int)sizeof(mac_hash));
+		xhdr->len16_hi = size >> 8;
+		xhdr->len16_lo = size & 0xff;
+		dump_hex(">> %s\n", xhdr, sizeof(*xhdr) + size);
+		xwrite(tls->fd, xhdr, sizeof(*xhdr) + size);
+		dbg("wrote %u bytes (NULL crypt, SHA256 hash)\n", size);
 		return;
 	}
 
@@ -579,13 +599,8 @@ static void xwrite_and_hash(tls_state_t *tls, /*const*/ void *buf, unsigned size
 	uint8_t padding_length;
 
 	/* Build IV+content+MAC+padding in outbuf */
-	tls_get_random(tls->outbuf, AES_BLOCKSIZE); /* IV */
-	p = tls->outbuf + AES_BLOCKSIZE;
-	size -= sizeof(*xhdr);
-	dbg("before crypt: 5 hdr + %u data + %u hash bytes\n", size, (int)sizeof(mac_hash));
-	p = mempcpy(p, buf + sizeof(*xhdr), size);  /* content */
-	p = mempcpy(p, mac_hash, sizeof(mac_hash)); /* MAC */
-	size += sizeof(mac_hash);
+	tls_get_random(buf - AES_BLOCKSIZE, AES_BLOCKSIZE); /* IV */
+	dbg("before crypt: 5 hdr + %u data + %u hash bytes\n", size, SHA256_OUTSIZE);
 	// RFC is talking nonsense:
 	//    Padding that is added to force the length of the plaintext to be
 	//    an integral multiple of the block cipher's block length.
@@ -601,6 +616,7 @@ static void xwrite_and_hash(tls_state_t *tls, /*const*/ void *buf, unsigned size
 	// If you need no bytes to reach BLOCKSIZE, you have to pad a full
 	// BLOCKSIZE with bytes of value (BLOCKSIZE-1).
 	// It's ok to have more than minimum padding, but we do minimum.
+	p = buf + size;
 	padding_length = (~size) & (AES_BLOCKSIZE - 1);
 	do {
 		*p++ = padding_length;              /* padding */
@@ -608,12 +624,12 @@ static void xwrite_and_hash(tls_state_t *tls, /*const*/ void *buf, unsigned size
 	} while ((size & (AES_BLOCKSIZE - 1)) != 0);
 
 	/* Encrypt content+MAC+padding in place */
-	psAesInit(&ctx, tls->outbuf, /* IV */
+	psAesInit(&ctx, buf - AES_BLOCKSIZE, /* IV */
 			tls->client_write_key, sizeof(tls->client_write_key)
 	);
 	psAesEncrypt(&ctx,
-			tls->outbuf + AES_BLOCKSIZE, /* plaintext */
-			tls->outbuf + AES_BLOCKSIZE, /* ciphertext */
+			buf, /* plaintext */
+			buf, /* ciphertext */
 			size
 	);
 
@@ -623,14 +639,33 @@ static void xwrite_and_hash(tls_state_t *tls, /*const*/ void *buf, unsigned size
 	size += AES_BLOCKSIZE;     /* + IV */
 	xhdr->len16_hi = size >> 8;
 	xhdr->len16_lo = size & 0xff;
-	xwrite(tls->fd, xhdr, sizeof(*xhdr));
-	xwrite(tls->fd, tls->outbuf, size);
+	dump_hex(">> %s\n", xhdr, sizeof(*xhdr) + size);
+	xwrite(tls->fd, xhdr, sizeof(*xhdr) + size);
 	dbg("wrote %u bytes\n", (int)sizeof(*xhdr) + size);
-//restore xhdr->len16_hi = ;
-//restore xhdr->len16_lo = ;
     }
 }
 
+static void xwrite_and_update_handshake_hash(tls_state_t *tls, unsigned size)
+{
+	if (!tls->encrypt_on_write) {
+		uint8_t *buf = tls->outbuf + OUTBUF_PFX;
+		struct record_hdr *xhdr = (void*)(buf - sizeof(*xhdr));
+
+		xhdr->type = RECORD_TYPE_HANDSHAKE;
+		xhdr->proto_maj = TLS_MAJ;
+		xhdr->proto_min = TLS_MIN;
+		xhdr->len16_hi = size >> 8;
+		xhdr->len16_lo = size & 0xff;
+		dump_hex(">> %s\n", xhdr, sizeof(*xhdr) + size);
+		xwrite(tls->fd, xhdr, sizeof(*xhdr) + size);
+		dbg("wrote %u bytes\n", (int)sizeof(*xhdr) + size);
+		/* Handshake hash does not include record headers */
+		sha256_hash_dbg(">> sha256:%s", &tls->handshake_sha256_ctx, buf, size);
+		return;
+	}
+	xwrite_encrypted(tls, size, RECORD_TYPE_HANDSHAKE);
+}
+
 static int xread_tls_block(tls_state_t *tls)
 {
 	struct record_hdr *xhdr;
@@ -668,7 +703,7 @@ static int xread_tls_block(tls_state_t *tls)
 	sz = target - sizeof(*xhdr);
 
 	/* Needs to be decrypted? */
-	if (tls->min_encrypted_len_on_read) {
+	if (tls->min_encrypted_len_on_read > SHA256_OUTSIZE) {
 		psCipherContext_t ctx;
 		uint8_t *p = tls->inbuf + sizeof(*xhdr);
 		int padding_len;
@@ -698,6 +733,10 @@ static int xread_tls_block(tls_state_t *tls)
 			/* Skip IV */
 			memmove(tls->inbuf + 5, tls->inbuf + 5 + AES_BLOCKSIZE, sz);
 		}
+	} else {
+		/* if nonzero, then it's TLS_RSA_WITH_NULL_SHA256: drop MAC */
+		/* else: no encryption yet on input, subtract zero = NOP */
+		sz -= tls->min_encrypted_len_on_read;
 	}
 
 	/* RFC 5246 is not saying it explicitly, but sha256 hash
@@ -943,39 +982,24 @@ static int xread_tls_handshake_block(tls_state_t *tls, int min_len)
 	return len;
 }
 
-static void fill_handshake_record_hdr(struct record_hdr *xhdr, unsigned len)
+static ALWAYS_INLINE void fill_handshake_record_hdr(void *buf, unsigned type, unsigned len)
 {
 	struct handshake_hdr {
-		struct record_hdr xhdr;
 		uint8_t type;
 		uint8_t len24_hi, len24_mid, len24_lo;
-	} *h = (void*)xhdr;
-
-	h->xhdr.type = RECORD_TYPE_HANDSHAKE;
-	h->xhdr.proto_maj = TLS_MAJ;
-	h->xhdr.proto_min = TLS_MIN;
-	len -= 5;
-	h->xhdr.len16_hi = len >> 8;
-	// can be optimized to do one store instead of four:
-	// uint32_t v = htonl(0x100*(RECORD_TYPE_HANDSHAKE + 0x100*(TLS_MAJ + 0x100*(TLS_MIN))))
-	//            | ((len >> 8) << 24); // little-endian specific, don't use in this form
-	// *(uint32_t *)xhdr = v;
-
-	h->xhdr.len16_lo = len & 0xff;
+	} *h = buf;
 
 	len -= 4;
+	h->type = type;
 	h->len24_hi  = len >> 16;
 	h->len24_mid = len >> 8;
 	h->len24_lo  = len & 0xff;
-
-	memset(h + 1, 0, len);
 }
 
 //TODO: implement RFC 5746 (Renegotiation Indication Extension) - some servers will refuse to work with us otherwise
 static void send_client_hello(tls_state_t *tls)
 {
 	struct client_hello {
-		struct record_hdr xhdr;
 		uint8_t type;
 		uint8_t len24_hi, len24_mid, len24_lo;
 		uint8_t proto_maj, proto_min;
@@ -987,25 +1011,25 @@ static void send_client_hello(tls_state_t *tls)
 		uint8_t comprtypes_len;
 		uint8_t comprtypes[1]; /* actually variable */
 	};
-	struct client_hello record;
-
-	fill_handshake_record_hdr(&record.xhdr, sizeof(record));
-	record.type = HANDSHAKE_CLIENT_HELLO;
-	record.proto_maj = TLS_MAJ;	/* the "requested" version of the protocol, */
-	record.proto_min = TLS_MIN;	/* can be higher than one in record headers */
-	tls_get_random(record.rand32, sizeof(record.rand32));
-	/* record.session_id_len = 0; - already is */
-	/* record.cipherid_len16_hi = 0; */
-	record.cipherid_len16_lo = 2 * 1;
-	record.cipherid[0] = CIPHER_ID >> 8;
-	record.cipherid[1] = CIPHER_ID & 0xff;
-	record.comprtypes_len = 1;
-	/* record.comprtypes[0] = 0; */
+	struct client_hello *record = tls_get_outbuf(tls, sizeof(*record));
+
+	fill_handshake_record_hdr(record, HANDSHAKE_CLIENT_HELLO, sizeof(*record));
+	record->proto_maj = TLS_MAJ;	/* the "requested" version of the protocol, */
+	record->proto_min = TLS_MIN;	/* can be higher than one in record headers */
+	tls_get_random(record->rand32, sizeof(record->rand32));
+memset(record->rand32, 0x11, sizeof(record->rand32));
+	memcpy(tls->client_and_server_rand32, record->rand32, sizeof(record->rand32));
+	record->session_id_len = 0;
+	record->cipherid_len16_hi = 0;
+	record->cipherid_len16_lo = 2 * 1;
+	record->cipherid[0] = CIPHER_ID >> 8;
+	record->cipherid[1] = CIPHER_ID & 0xff;
+	record->comprtypes_len = 1;
+	record->comprtypes[0] = 0;
 
 	//dbg (make it repeatable): memset(record.rand32, 0x11, sizeof(record.rand32));
 	dbg(">> CLIENT_HELLO\n");
-	xwrite_and_hash(tls, &record, sizeof(record));
-	memcpy(tls->client_and_server_rand32, record.rand32, sizeof(record.rand32));
+	xwrite_and_update_handshake_hash(tls, sizeof(*record));
 }
 
 static void get_server_hello(tls_state_t *tls)
@@ -1099,21 +1123,19 @@ static void get_server_cert(tls_state_t *tls)
 static void send_client_key_exchange(tls_state_t *tls)
 {
 	struct client_key_exchange {
-		struct record_hdr xhdr;
 		uint8_t type;
 		uint8_t len24_hi, len24_mid, len24_lo;
 		/* keylen16 exists for RSA (in TLS, not in SSL), but not for some other key types */
 		uint8_t keylen16_hi, keylen16_lo;
 		uint8_t key[4 * 1024]; // size??
 	};
-	struct client_key_exchange record;
+//FIXME: better size estimate
+	struct client_key_exchange *record = tls_get_outbuf(tls, sizeof(*record));
 	uint8_t rsa_premaster[SSL_HS_RSA_PREMASTER_SIZE];
 	int len;
 
-	fill_handshake_record_hdr(&record.xhdr, sizeof(record) - sizeof(record.key));
-	record.type = HANDSHAKE_CLIENT_KEY_EXCHANGE;
-
 	tls_get_random(rsa_premaster, sizeof(rsa_premaster));
+memset(rsa_premaster, 0x44, sizeof(rsa_premaster));
 	// RFC 5246
 	// "Note: The version number in the PreMasterSecret is the version
 	// offered by the client in the ClientHello.client_version, not the
@@ -1123,22 +1145,20 @@ static void send_client_key_exchange(tls_state_t *tls)
 	len = psRsaEncryptPub(/*pool:*/ NULL,
 		/* psRsaKey_t* */ &tls->server_rsa_pub_key,
 		rsa_premaster, /*inlen:*/ sizeof(rsa_premaster),
-		record.key, sizeof(record.key),
+		record->key, sizeof(record->key),
 		data_param_ignored
 	);
-	/* length fields need fixing */
-	record.keylen16_hi = len >> 8;
-	record.keylen16_lo = len & 0xff;
+	record->keylen16_hi = len >> 8;
+	record->keylen16_lo = len & 0xff;
 	len += 2;
-	/* record.len24_hi  = 0; - already is */
-	record.len24_mid = len >> 8;
-	record.len24_lo  = len & 0xff;
+	record->type = HANDSHAKE_CLIENT_KEY_EXCHANGE;
+	record->len24_hi  = 0;
+	record->len24_mid = len >> 8;
+	record->len24_lo  = len & 0xff;
 	len += 4;
-	record.xhdr.len16_hi = len >> 8;
-	record.xhdr.len16_lo = len & 0xff;
 
 	dbg(">> CLIENT_KEY_EXCHANGE\n");
-	xwrite_and_hash(tls, &record, sizeof(record.xhdr) + len);
+	xwrite_and_update_handshake_hash(tls, len);
 
 	// RFC 5246
 	// For all key exchange methods, the same algorithm is used to convert
@@ -1224,7 +1244,6 @@ static const uint8_t rec_CHANGE_CIPHER_SPEC[] = {
 
 static void send_change_cipher_spec(tls_state_t *tls)
 {
-	/* Not "xwrite_and_hash": this is not a handshake message */
 	dbg(">> CHANGE_CIPHER_SPEC\n");
 	xwrite(tls->fd, rec_CHANGE_CIPHER_SPEC, sizeof(rec_CHANGE_CIPHER_SPEC));
 }
@@ -1269,19 +1288,17 @@ static void send_change_cipher_spec(tls_state_t *tls)
 static void send_client_finished(tls_state_t *tls)
 {
 	struct finished {
-		struct record_hdr xhdr;
 		uint8_t type;
 		uint8_t len24_hi, len24_mid, len24_lo;
 		uint8_t prf_result[12];
 	};
-	struct finished record;
+	struct finished *record = tls_get_outbuf(tls, sizeof(*record));
 	uint8_t handshake_hash[SHA256_OUTSIZE];
 
-	fill_handshake_record_hdr(&record.xhdr, sizeof(record));
-	record.type = HANDSHAKE_FINISHED;
+	fill_handshake_record_hdr(record, HANDSHAKE_FINISHED, sizeof(*record));
 
 	sha256_peek(&tls->handshake_sha256_ctx, handshake_hash);
-	prf_hmac_sha256(record.prf_result, sizeof(record.prf_result),
+	prf_hmac_sha256(record->prf_result, sizeof(record->prf_result),
 			tls->master_secret, sizeof(tls->master_secret),
 			"client finished",
 			handshake_hash, sizeof(handshake_hash)
@@ -1289,13 +1306,10 @@ static void send_client_finished(tls_state_t *tls)
 	dump_hex("from secret: %s\n", tls->master_secret, sizeof(tls->master_secret));
 	dump_hex("from labelSeed: %s", "client finished", sizeof("client finished")-1);
 	dump_hex("%s\n", handshake_hash, sizeof(handshake_hash));
-	dump_hex("=> digest: %s\n", record.prf_result, sizeof(record.prf_result));
-
-//(1) TODO: well, this should be encrypted on send, really.
-//(2) do we really need to also hash it?
+	dump_hex("=> digest: %s\n", record->prf_result, sizeof(record->prf_result));
 
 	dbg(">> FINISHED\n");
-	xwrite_and_hash(tls, &record, sizeof(record));
+	xwrite_encrypted(tls, sizeof(*record), RECORD_TYPE_HANDSHAKE);
 }
 
 static void tls_handshake(tls_state_t *tls)
@@ -1376,8 +1390,11 @@ static void tls_handshake(tls_state_t *tls)
 	if (len != 1 || memcmp(tls->inbuf, rec_CHANGE_CIPHER_SPEC, 6) != 0)
 		tls_error_die(tls);
 	dbg("<< CHANGE_CIPHER_SPEC\n");
-	/* all incoming packets now should be encrypted and have IV + MAC + padding */
-	tls->min_encrypted_len_on_read = AES_BLOCKSIZE + SHA256_OUTSIZE + AES_BLOCKSIZE;
+	if (CIPHER_ID == TLS_RSA_WITH_NULL_SHA256)
+		tls->min_encrypted_len_on_read = SHA256_OUTSIZE;
+	else
+		/* all incoming packets now should be encrypted and have IV + MAC + padding */
+		tls->min_encrypted_len_on_read = AES_BLOCKSIZE + SHA256_OUTSIZE + AES_BLOCKSIZE;
 
 	/* Get (encrypted) FINISHED from the server */
 	len = xread_tls_block(tls);
@@ -1387,6 +1404,12 @@ static void tls_handshake(tls_state_t *tls)
 	/* application data can be sent/received */
 }
 
+static void tls_xwrite(tls_state_t *tls, int len)
+{
+	dbg(">> DATA\n");
+	xwrite_encrypted(tls, len, RECORD_TYPE_APPLICATION_DATA);
+}
+
 // To run a test server using openssl:
 // openssl req -x509 -newkey rsa:$((4096/4*3)) -keyout key.pem -out server.pem -nodes -days 99999 -subj '/CN=localhost'
 // openssl s_server -key key.pem -cert server.pem -debug -tls1_2 -no_tls1 -no_tls1_1
@@ -1400,8 +1423,8 @@ int tls_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
 int tls_main(int argc UNUSED_PARAM, char **argv)
 {
 	tls_state_t *tls;
-	len_and_sockaddr *lsa;
-	int fd;
+	fd_set readfds, testfds;
+	int cfd;
 
 	// INIT_G();
 	// getopt32(argv, "myopts")
@@ -1409,13 +1432,48 @@ int tls_main(int argc UNUSED_PARAM, char **argv)
 	if (!argv[1])
 		bb_show_usage();
 
-	lsa = xhost2sockaddr(argv[1], 443);
-	fd = xconnect_stream(lsa);
+	cfd = create_and_connect_stream_or_die(argv[1], 443);
 
 	tls = new_tls_state();
-	tls->fd = fd;
+	tls->fd = cfd;
 	tls_handshake(tls);
 
+	/* Select loop copying stdin to cfd, and cfd to stdout */
+	FD_ZERO(&readfds);
+	FD_SET(cfd, &readfds);
+	FD_SET(STDIN_FILENO, &readfds);
+
+#define iobuf bb_common_bufsiz1
+	setup_common_bufsiz();
+	for (;;) {
+		int nread;
+
+		testfds = readfds;
+
+		if (select(cfd + 1, &testfds, NULL, NULL, NULL) < 0)
+			bb_perror_msg_and_die("select");
+
+		if (FD_ISSET(STDIN_FILENO, &testfds)) {
+			void *buf = tls_get_outbuf(tls, COMMON_BUFSIZE);
+			nread = safe_read(STDIN_FILENO, buf, COMMON_BUFSIZE);
+			if (nread < 1) {
+//&& errno != EAGAIN
+				/* Close outgoing half-connection so they get EOF,
+				 * but leave incoming alone so we can see response */
+//				shutdown(cfd, SHUT_WR);
+				FD_CLR(STDIN_FILENO, &readfds);
+			}
+			tls_xwrite(tls, nread);
+		}
+		if (FD_ISSET(cfd, &testfds)) {
+			nread = xread_tls_block(tls);
+			if (nread < 1)
+//if eof, just close stdout, but not exit!
+				return EXIT_SUCCESS;
+			xwrite(STDOUT_FILENO, tls->inbuf + 5, nread);
+		}
+	}
+
 	return EXIT_SUCCESS;
 }
 /* Unencryped SHA256 example: