projects
/
BearSSL
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Fix: make static ECDH selectable with the br_ssl_client_set_single_ec() helper function.
[BearSSL]
/
tools
/
server.c
diff --git
a/tools/server.c
b/tools/server.c
index
a62302f
..
a97de35
100644
(file)
--- a/
tools/server.c
+++ b/
tools/server.c
@@
-29,6
+29,10
@@
#include <errno.h>
#include <signal.h>
#include <errno.h>
#include <signal.h>
+#ifdef _WIN32
+#include <winsock2.h>
+#include <ws2tcpip.h>
+#else
#include <sys/types.h>
#include <sys/socket.h>
#include <netdb.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netdb.h>
@@
-37,14
+41,18
@@
#include <unistd.h>
#include <fcntl.h>
#include <unistd.h>
#include <fcntl.h>
+#define SOCKET int
+#define INVALID_SOCKET (-1)
+#define SOCKADDR_STORAGE struct sockaddr_storage
+#endif
+
#include "brssl.h"
#include "brssl.h"
-#include "bearssl.h"
-static
int
+static
SOCKET
host_bind(const char *host, const char *port, int verbose)
{
struct addrinfo hints, *si, *p;
host_bind(const char *host, const char *port, int verbose)
{
struct addrinfo hints, *si, *p;
-
int
fd;
+
SOCKET
fd;
int err;
memset(&hints, 0, sizeof hints);
int err;
memset(&hints, 0, sizeof hints);
@@
-54,9
+62,9
@@
host_bind(const char *host, const char *port, int verbose)
if (err != 0) {
fprintf(stderr, "ERROR: getaddrinfo(): %s\n",
gai_strerror(err));
if (err != 0) {
fprintf(stderr, "ERROR: getaddrinfo(): %s\n",
gai_strerror(err));
- return
-1
;
+ return
INVALID_SOCKET
;
}
}
- fd =
-1
;
+ fd =
INVALID_SOCKET
;
for (p = si; p != NULL; p = p->ai_next) {
struct sockaddr *sa;
struct sockaddr_in sa4;
for (p = si; p != NULL; p = p->ai_next) {
struct sockaddr *sa;
struct sockaddr_in sa4;
@@
-67,7
+75,7
@@
host_bind(const char *host, const char *port, int verbose)
sa = (struct sockaddr *)p->ai_addr;
if (sa->sa_family == AF_INET) {
sa = (struct sockaddr *)p->ai_addr;
if (sa->sa_family == AF_INET) {
-
sa4 = *(struct sockaddr_in *)sa
;
+
memcpy(&sa4, sa, sizeof sa4)
;
sa = (struct sockaddr *)&sa4;
sa_len = sizeof sa4;
addr = &sa4.sin_addr;
sa = (struct sockaddr *)&sa4;
sa_len = sizeof sa4;
addr = &sa4.sin_addr;
@@
-75,7
+83,7
@@
host_bind(const char *host, const char *port, int verbose)
sa4.sin_addr.s_addr = INADDR_ANY;
}
} else if (sa->sa_family == AF_INET6) {
sa4.sin_addr.s_addr = INADDR_ANY;
}
} else if (sa->sa_family == AF_INET6) {
-
sa6 = *(struct sockaddr_in6 *)sa
;
+
memcpy(&sa6, sa, sizeof sa6)
;
sa = (struct sockaddr *)&sa6;
sa_len = sizeof sa6;
addr = &sa6.sin6_addr;
sa = (struct sockaddr *)&sa6;
sa_len = sizeof sa6;
addr = &sa6.sin6_addr;
@@
-102,21
+110,34
@@
host_bind(const char *host, const char *port, int verbose)
fprintf(stderr, "binding to: %s\n", tmp);
}
fd = socket(p->ai_family, p->ai_socktype, p->ai_protocol);
fprintf(stderr, "binding to: %s\n", tmp);
}
fd = socket(p->ai_family, p->ai_socktype, p->ai_protocol);
- if (fd
< 0
) {
+ if (fd
== INVALID_SOCKET
) {
if (verbose) {
perror("socket()");
}
continue;
}
opt = 1;
if (verbose) {
perror("socket()");
}
continue;
}
opt = 1;
- setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof opt);
+ setsockopt(fd, SOL_SOCKET, SO_REUSEADDR,
+ (void *)&opt, sizeof opt);
+#ifdef IPV6_V6ONLY
+ /*
+ * We want to make sure that the server socket works for
+ * both IPv4 and IPv6. But IPV6_V6ONLY is not defined on
+ * some very old systems.
+ */
opt = 0;
opt = 0;
- setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, &opt, sizeof opt);
+ setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY,
+ (void *)&opt, sizeof opt);
+#endif
if (bind(fd, sa, sa_len) < 0) {
if (verbose) {
perror("bind()");
}
if (bind(fd, sa, sa_len) < 0) {
if (verbose) {
perror("bind()");
}
+#ifdef _WIN32
+ closesocket(fd);
+#else
close(fd);
close(fd);
+#endif
continue;
}
break;
continue;
}
break;
@@
-124,15
+145,19
@@
host_bind(const char *host, const char *port, int verbose)
if (p == NULL) {
freeaddrinfo(si);
fprintf(stderr, "ERROR: failed to bind\n");
if (p == NULL) {
freeaddrinfo(si);
fprintf(stderr, "ERROR: failed to bind\n");
- return
-1
;
+ return
INVALID_SOCKET
;
}
freeaddrinfo(si);
if (listen(fd, 5) < 0) {
if (verbose) {
perror("listen()");
}
}
freeaddrinfo(si);
if (listen(fd, 5) < 0) {
if (verbose) {
perror("listen()");
}
+#ifdef _WIN32
+ closesocket(fd);
+#else
close(fd);
close(fd);
- return -1;
+#endif
+ return INVALID_SOCKET;
}
if (verbose) {
fprintf(stderr, "bound.\n");
}
if (verbose) {
fprintf(stderr, "bound.\n");
@@
-140,27
+165,27
@@
host_bind(const char *host, const char *port, int verbose)
return fd;
}
return fd;
}
-static
int
-accept_client(
int server_fd, int verbose
)
+static
SOCKET
+accept_client(
SOCKET server_fd, int verbose, int nonblock
)
{
int fd;
{
int fd;
-
struct sockaddr
sa;
+
SOCKADDR_STORAGE
sa;
socklen_t sa_len;
sa_len = sizeof sa;
socklen_t sa_len;
sa_len = sizeof sa;
- fd = accept(server_fd, &sa, &sa_len);
- if (fd
< 0
) {
+ fd = accept(server_fd,
(struct sockaddr *)
&sa, &sa_len);
+ if (fd
== INVALID_SOCKET
) {
if (verbose) {
perror("accept()");
}
if (verbose) {
perror("accept()");
}
- return
-1
;
+ return
INVALID_SOCKET
;
}
if (verbose) {
char tmp[INET6_ADDRSTRLEN + 50];
const char *name;
name = NULL;
}
if (verbose) {
char tmp[INET6_ADDRSTRLEN + 50];
const char *name;
name = NULL;
- switch (
sa.
sa_family) {
+ switch (
((struct sockaddr *)&sa)->
sa_family) {
case AF_INET:
name = inet_ntop(AF_INET,
&((struct sockaddr_in *)&sa)->sin_addr,
case AF_INET:
name = inet_ntop(AF_INET,
&((struct sockaddr_in *)&sa)->sin_addr,
@@
-173,8
+198,8
@@
accept_client(int server_fd, int verbose)
break;
}
if (name == NULL) {
break;
}
if (name == NULL) {
- sprintf(tmp, "<unknown: %lu>",
- (
unsigned long)sa.
sa_family);
+ sprintf(tmp, "<unknown: %lu>",
(unsigned long)
+ (
(struct sockaddr *)&sa)->
sa_family);
name = tmp;
}
fprintf(stderr, "accepting connection from: %s\n", name);
name = tmp;
}
fprintf(stderr, "accepting connection from: %s\n", name);
@@
-182,9
+207,18
@@
accept_client(int server_fd, int verbose)
/*
* We make the socket non-blocking, since we are going to use
/*
* We make the socket non-blocking, since we are going to use
- * poll() to organise I/O.
+ * poll()
or select()
to organise I/O.
*/
*/
- fcntl(fd, F_SETFL, O_NONBLOCK);
+ if (nonblock) {
+#ifdef _WIN32
+ u_long arg;
+
+ arg = 1;
+ ioctlsocket(fd, FIONBIO, &arg);
+#else
+ fcntl(fd, F_SETFL, O_NONBLOCK);
+#endif
+ }
return fd;
}
return fd;
}
@@
-448,14
+482,17
@@
sp_do_keyx(const br_ssl_server_policy_class **pctx,
pc = (policy_context *)pctx;
switch (pc->sk->key_type) {
pc = (policy_context *)pctx;
switch (pc->sk->key_type) {
+ const br_ec_impl *iec;
+
case BR_KEYTYPE_RSA:
return br_rsa_ssl_decrypt(
case BR_KEYTYPE_RSA:
return br_rsa_ssl_decrypt(
-
&br_rsa_i31_private, &pc->sk->key.rsa
,
- data, *len);
+
br_rsa_private_get_default()
,
+
&pc->sk->key.rsa,
data, *len);
case BR_KEYTYPE_EC:
case BR_KEYTYPE_EC:
- r = br_ec_all_m15.mul(data, *len, pc->sk->key.ec.x,
+ iec = br_ec_get_default();
+ r = iec->mul(data, *len, pc->sk->key.ec.x,
pc->sk->key.ec.xlen, pc->sk->key.ec.curve);
pc->sk->key.ec.xlen, pc->sk->key.ec.curve);
- xoff =
br_ec_all_m15.
xoff(pc->sk->key.ec.curve, &xlen);
+ xoff =
iec->
xoff(pc->sk->key.ec.curve, &xlen);
memmove(data, data + xoff, xlen);
*len = xlen;
return r;
memmove(data, data + xoff, xlen);
*len = xlen;
return r;
@@
-529,8
+566,8
@@
sp_do_sign(const br_ssl_server_policy_class **pctx,
}
return 0;
}
}
return 0;
}
- x = br_rsa_
i31_pkcs1_sign(hash_oid, hv, hv_len,
- &pc->sk->key.rsa, data);
+ x = br_rsa_
pkcs1_sign_get_default()(
+
hash_oid, hv, hv_len,
&pc->sk->key.rsa, data);
if (!x) {
if (pc->verbose) {
fprintf(stderr, "ERROR: RSA-sign failure\n");
if (!x) {
if (pc->verbose) {
fprintf(stderr, "ERROR: RSA-sign failure\n");
@@
-557,8
+594,8
@@
sp_do_sign(const br_ssl_server_policy_class **pctx,
}
return 0;
}
}
return 0;
}
- sig_len = br_ecdsa_
i31_sign_asn1(&br_ec_all_m15,
- hc, hv, &pc->sk->key.ec, data);
+ sig_len = br_ecdsa_
sign_asn1_get_default()(
+
br_ec_get_default(),
hc, hv, &pc->sk->key.ec, data);
if (sig_len == 0) {
if (pc->verbose) {
fprintf(stderr, "ERROR: ECDSA-sign failure\n");
if (sig_len == 0) {
if (pc->verbose) {
fprintf(stderr, "ERROR: ECDSA-sign failure\n");
@@
-606,7
+643,7
@@
do_server(int argc, char *argv[])
int cert_signer_algo;
private_key *sk;
anchor_list anchors = VEC_INIT;
int cert_signer_algo;
private_key *sk;
anchor_list anchors = VEC_INIT;
- VECTOR(c
onst c
har *) alpn_names = VEC_INIT;
+ VECTOR(char *) alpn_names = VEC_INIT;
br_x509_minimal_context xc;
const br_hash_class *dnhash;
size_t u;
br_x509_minimal_context xc;
const br_hash_class *dnhash;
size_t u;
@@
-616,7
+653,7
@@
do_server(int argc, char *argv[])
unsigned char *iobuf, *cache;
size_t iobuf_len, cache_len;
uint32_t flags;
unsigned char *iobuf, *cache;
size_t iobuf_len, cache_len;
uint32_t flags;
-
int
server_fd, fd;
+
SOCKET
server_fd, fd;
retcode = 0;
verbose = 1;
retcode = 0;
verbose = 1;
@@
-639,8
+676,8
@@
do_server(int argc, char *argv[])
cache = NULL;
cache_len = (size_t)-1;
flags = 0;
cache = NULL;
cache_len = (size_t)-1;
flags = 0;
- server_fd =
-1
;
- fd =
-1
;
+ server_fd =
INVALID_SOCKET
;
+ fd =
INVALID_SOCKET
;
for (i = 0; i < argc; i ++) {
const char *arg;
for (i = 0; i < argc; i ++) {
const char *arg;
@@
-929,7
+966,7
@@
do_server(int argc, char *argv[])
break;
case BR_KEYTYPE_EC:
curve = sk->key.ec.curve;
break;
case BR_KEYTYPE_EC:
curve = sk->key.ec.curve;
- supp = br_ec_
all_m15.
supported_curves;
+ supp = br_ec_
get_default()->
supported_curves;
if (curve > 31 || !((supp >> curve) & 1)) {
fprintf(stderr, "ERROR: private key curve (%d)"
" is not supported\n", curve);
if (curve > 31 || !((supp >> curve) & 1)) {
fprintf(stderr, "ERROR: private key curve (%d)"
" is not supported\n", curve);
@@
-1019,41
+1056,22
@@
do_server(int argc, char *argv[])
}
/* TODO: algorithm implementation selection */
if ((req & REQ_AESCBC) != 0) {
}
/* TODO: algorithm implementation selection */
if ((req & REQ_AESCBC) != 0) {
- br_ssl_engine_set_aes_cbc(&cc.eng,
- &br_aes_ct_cbcenc_vtable,
- &br_aes_ct_cbcdec_vtable);
- br_ssl_engine_set_cbc(&cc.eng,
- &br_sslrec_in_cbc_vtable,
- &br_sslrec_out_cbc_vtable);
+ br_ssl_engine_set_default_aes_cbc(&cc.eng);
+ }
+ if ((req & REQ_AESCCM) != 0) {
+ br_ssl_engine_set_default_aes_ccm(&cc.eng);
}
if ((req & REQ_AESGCM) != 0) {
}
if ((req & REQ_AESGCM) != 0) {
- br_ssl_engine_set_aes_ctr(&cc.eng,
- &br_aes_ct_ctr_vtable);
- br_ssl_engine_set_ghash(&cc.eng,
- &br_ghash_ctmul);
- br_ssl_engine_set_gcm(&cc.eng,
- &br_sslrec_in_gcm_vtable,
- &br_sslrec_out_gcm_vtable);
+ br_ssl_engine_set_default_aes_gcm(&cc.eng);
}
if ((req & REQ_CHAPOL) != 0) {
}
if ((req & REQ_CHAPOL) != 0) {
- br_ssl_engine_set_chacha20(&cc.eng,
- &br_chacha20_ct_run);
- br_ssl_engine_set_poly1305(&cc.eng,
- &br_poly1305_ctmul_run);
- br_ssl_engine_set_chapol(&cc.eng,
- &br_sslrec_in_chapol_vtable,
- &br_sslrec_out_chapol_vtable);
+ br_ssl_engine_set_default_chapol(&cc.eng);
}
if ((req & REQ_3DESCBC) != 0) {
}
if ((req & REQ_3DESCBC) != 0) {
- br_ssl_engine_set_des_cbc(&cc.eng,
- &br_des_ct_cbcenc_vtable,
- &br_des_ct_cbcdec_vtable);
- br_ssl_engine_set_cbc(&cc.eng,
- &br_sslrec_in_cbc_vtable,
- &br_sslrec_out_cbc_vtable);
+ br_ssl_engine_set_default_des_cbc(&cc.eng);
}
if ((req & (REQ_ECDHE_RSA | REQ_ECDHE_ECDSA)) != 0) {
}
if ((req & (REQ_ECDHE_RSA | REQ_ECDHE_ECDSA)) != 0) {
- br_ssl_engine_set_
ec(&cc.eng, &br_ec_all_m15
);
+ br_ssl_engine_set_
default_ec(&cc.eng
);
}
}
br_ssl_engine_set_suites(&cc.eng, suite_ids, num_suites);
}
}
br_ssl_engine_set_suites(&cc.eng, suite_ids, num_suites);
@@
-1089,7
+1107,8
@@
do_server(int argc, char *argv[])
if (VEC_LEN(alpn_names) != 0) {
br_ssl_engine_set_protocol_names(&cc.eng,
if (VEC_LEN(alpn_names) != 0) {
br_ssl_engine_set_protocol_names(&cc.eng,
- &VEC_ELT(alpn_names, 0), VEC_LEN(alpn_names));
+ (const char **)&VEC_ELT(alpn_names, 0),
+ VEC_LEN(alpn_names));
}
/*
}
/*
@@
-1125,12
+1144,11
@@
do_server(int argc, char *argv[])
br_x509_minimal_set_hash(&xc, id, hc);
}
}
br_x509_minimal_set_hash(&xc, id, hc);
}
}
- br_ssl_engine_set_rsavrfy(&cc.eng, &br_rsa_i31_pkcs1_vrfy);
- br_ssl_engine_set_ec(&cc.eng, &br_ec_all_m15);
- br_ssl_engine_set_ecdsa(&cc.eng, &br_ecdsa_i31_vrfy_asn1);
- br_x509_minimal_set_rsa(&xc, &br_rsa_i31_pkcs1_vrfy);
+ br_ssl_engine_set_default_rsavrfy(&cc.eng);
+ br_ssl_engine_set_default_ecdsa(&cc.eng);
+ br_x509_minimal_set_rsa(&xc, br_rsa_pkcs1_vrfy_get_default());
br_x509_minimal_set_ecdsa(&xc,
br_x509_minimal_set_ecdsa(&xc,
-
&br_ec_all_m15, &br_ecdsa_i31_vrfy_asn1
);
+
br_ec_get_default(), br_ecdsa_vrfy_asn1_get_default()
);
br_ssl_engine_set_x509(&cc.eng, &xc.vtable);
br_ssl_server_set_trust_anchor_names_alt(&cc,
&VEC_ELT(anchors, 0), VEC_LEN(anchors));
br_ssl_engine_set_x509(&cc.eng, &xc.vtable);
br_ssl_server_set_trust_anchor_names_alt(&cc,
&VEC_ELT(anchors, 0), VEC_LEN(anchors));
@@
-1139,15
+1157,17
@@
do_server(int argc, char *argv[])
br_ssl_engine_set_buffer(&cc.eng, iobuf, iobuf_len, bidi);
/*
br_ssl_engine_set_buffer(&cc.eng, iobuf, iobuf_len, bidi);
/*
- *
W
e need to ignore SIGPIPE.
+ *
On Unix systems, w
e need to ignore SIGPIPE.
*/
*/
+#ifndef _WIN32
signal(SIGPIPE, SIG_IGN);
signal(SIGPIPE, SIG_IGN);
+#endif
/*
* Open the server socket.
*/
server_fd = host_bind(bind_name, port, verbose);
/*
* Open the server socket.
*/
server_fd = host_bind(bind_name, port, verbose);
- if (server_fd
< 0
) {
+ if (server_fd
== INVALID_SOCKET
) {
goto server_exit_error;
}
goto server_exit_error;
}
@@
-1160,17
+1180,22
@@
do_server(int argc, char *argv[])
*/
for (;;) {
int x;
*/
for (;;) {
int x;
+ unsigned run_flags;
- fd = accept_client(server_fd, verbose);
- if (fd
< 0
) {
+ fd = accept_client(server_fd, verbose
, 1
);
+ if (fd
== INVALID_SOCKET
) {
goto server_exit_error;
}
br_ssl_server_reset(&cc);
goto server_exit_error;
}
br_ssl_server_reset(&cc);
- x = run_ssl_engine(&cc.eng, fd,
- (verbose ? RUN_ENGINE_VERBOSE : 0)
- | (trace ? RUN_ENGINE_TRACE : 0));
+ run_flags = (verbose ? RUN_ENGINE_VERBOSE : 0)
+ | (trace ? RUN_ENGINE_TRACE : 0);
+ x = run_ssl_engine(&cc.eng, fd, run_flags);
+#ifdef _WIN32
+ closesocket(fd);
+#else
close(fd);
close(fd);
- fd = -1;
+#endif
+ fd = INVALID_SOCKET;
if (x < -1) {
goto server_exit_error;
}
if (x < -1) {
goto server_exit_error;
}
@@
-1188,8
+1213,19
@@
server_exit:
VEC_CLEAREXT(alpn_names, &free_alpn);
xfree(iobuf);
xfree(cache);
VEC_CLEAREXT(alpn_names, &free_alpn);
xfree(iobuf);
xfree(cache);
- if (fd >= 0) {
+ if (fd != INVALID_SOCKET) {
+#ifdef _WIN32
+ closesocket(fd);
+#else
close(fd);
close(fd);
+#endif
+ }
+ if (server_fd != INVALID_SOCKET) {
+#ifdef _WIN32
+ closesocket(server_fd);
+#else
+ close(server_fd);
+#endif
}
return retcode;
}
return retcode;