X-Git-Url: https://www.bearssl.org/gitweb//home/git/?p=BearSSL;a=blobdiff_plain;f=tools%2Fserver.c;h=8fcf2ebabbb691024fcc726bdd87575acc798ee0;hp=7d24d6b75f8bd392128ebabf06dedc4f8f4fe82b;hb=05520e8eae3d8c6039e8bcde58741cf4ffb18f1d;hpb=ef318ef83a3a58b0a9e036676b84d11261ed7bb4

diff --git a/tools/server.c b/tools/server.c
index 7d24d6b..8fcf2eb 100644
--- a/tools/server.c
+++ b/tools/server.c
@@ -29,6 +29,10 @@
 #include <errno.h>
 #include <signal.h>
 
+#ifdef _WIN32
+#include <winsock2.h>
+#include <ws2tcpip.h>
+#else
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <netdb.h>
@@ -37,14 +41,18 @@
 #include <unistd.h>
 #include <fcntl.h>
 
+#define SOCKET             int
+#define INVALID_SOCKET     (-1)
+#define SOCKADDR_STORAGE   struct sockaddr_storage
+#endif
+
 #include "brssl.h"
-#include "bearssl.h"
 
-static int
+static SOCKET
 host_bind(const char *host, const char *port, int verbose)
 {
 	struct addrinfo hints, *si, *p;
-	int fd;
+	SOCKET fd;
 	int err;
 
 	memset(&hints, 0, sizeof hints);
@@ -54,9 +62,9 @@ host_bind(const char *host, const char *port, int verbose)
 	if (err != 0) {
 		fprintf(stderr, "ERROR: getaddrinfo(): %s\n",
 			gai_strerror(err));
-		return -1;
+		return INVALID_SOCKET;
 	}
-	fd = -1;
+	fd = INVALID_SOCKET;
 	for (p = si; p != NULL; p = p->ai_next) {
 		struct sockaddr *sa;
 		struct sockaddr_in sa4;
@@ -67,7 +75,7 @@ host_bind(const char *host, const char *port, int verbose)
 
 		sa = (struct sockaddr *)p->ai_addr;
 		if (sa->sa_family == AF_INET) {
-			sa4 = *(struct sockaddr_in *)sa;
+			memcpy(&sa4, sa, sizeof sa4);
 			sa = (struct sockaddr *)&sa4;
 			sa_len = sizeof sa4;
 			addr = &sa4.sin_addr;
@@ -75,7 +83,7 @@ host_bind(const char *host, const char *port, int verbose)
 				sa4.sin_addr.s_addr = INADDR_ANY;
 			}
 		} else if (sa->sa_family == AF_INET6) {
-			sa6 = *(struct sockaddr_in6 *)sa;
+			memcpy(&sa6, sa, sizeof sa6);
 			sa = (struct sockaddr *)&sa6;
 			sa_len = sizeof sa6;
 			addr = &sa6.sin6_addr;
@@ -102,21 +110,34 @@ host_bind(const char *host, const char *port, int verbose)
 			fprintf(stderr, "binding to: %s\n", tmp);
 		}
 		fd = socket(p->ai_family, p->ai_socktype, p->ai_protocol);
-		if (fd < 0) {
+		if (fd == INVALID_SOCKET) {
 			if (verbose) {
 				perror("socket()");
 			}
 			continue;
 		}
 		opt = 1;
-		setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof opt);
+		setsockopt(fd, SOL_SOCKET, SO_REUSEADDR,
+			(void *)&opt, sizeof opt);
+#ifdef IPV6_V6ONLY
+		/*
+		 * We want to make sure that the server socket works for
+		 * both IPv4 and IPv6. But IPV6_V6ONLY is not defined on
+		 * some very old systems.
+		 */
 		opt = 0;
-		setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, &opt, sizeof opt);
+		setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY,
+			(void *)&opt, sizeof opt);
+#endif
 		if (bind(fd, sa, sa_len) < 0) {
 			if (verbose) {
 				perror("bind()");
 			}
+#ifdef _WIN32
+			closesocket(fd);
+#else
 			close(fd);
+#endif
 			continue;
 		}
 		break;
@@ -124,15 +145,19 @@ host_bind(const char *host, const char *port, int verbose)
 	if (p == NULL) {
 		freeaddrinfo(si);
 		fprintf(stderr, "ERROR: failed to bind\n");
-		return -1;
+		return INVALID_SOCKET;
 	}
 	freeaddrinfo(si);
 	if (listen(fd, 5) < 0) {
 		if (verbose) {
 			perror("listen()");
 		}
+#ifdef _WIN32
+		closesocket(fd);
+#else
 		close(fd);
-		return -1;
+#endif
+		return INVALID_SOCKET;
 	}
 	if (verbose) {
 		fprintf(stderr, "bound.\n");
@@ -140,27 +165,27 @@ host_bind(const char *host, const char *port, int verbose)
 	return fd;
 }
 
-static int
-accept_client(int server_fd, int verbose)
+static SOCKET
+accept_client(SOCKET server_fd, int verbose, int nonblock)
 {
 	int fd;
-	struct sockaddr sa;
+	SOCKADDR_STORAGE sa;
 	socklen_t sa_len;
 
 	sa_len = sizeof sa;
-	fd = accept(server_fd, &sa, &sa_len);
-	if (fd < 0) {
+	fd = accept(server_fd, (struct sockaddr *)&sa, &sa_len);
+	if (fd == INVALID_SOCKET) {
 		if (verbose) {
 			perror("accept()");
 		}
-		return -1;
+		return INVALID_SOCKET;
 	}
 	if (verbose) {
 		char tmp[INET6_ADDRSTRLEN + 50];
 		const char *name;
 
 		name = NULL;
-		switch (sa.sa_family) {
+		switch (((struct sockaddr *)&sa)->sa_family) {
 		case AF_INET:
 			name = inet_ntop(AF_INET,
 				&((struct sockaddr_in *)&sa)->sin_addr,
@@ -173,8 +198,8 @@ accept_client(int server_fd, int verbose)
 			break;
 		}
 		if (name == NULL) {
-			sprintf(tmp, "<unknown: %lu>",
-				(unsigned long)sa.sa_family);
+			sprintf(tmp, "<unknown: %lu>", (unsigned long)
+				((struct sockaddr *)&sa)->sa_family);
 			name = tmp;
 		}
 		fprintf(stderr, "accepting connection from: %s\n", name);
@@ -182,9 +207,18 @@ accept_client(int server_fd, int verbose)
 
 	/*
 	 * We make the socket non-blocking, since we are going to use
-	 * poll() to organise I/O.
+	 * poll() or select() to organise I/O.
 	 */
-	fcntl(fd, F_SETFL, O_NONBLOCK);
+	if (nonblock) {
+#ifdef _WIN32
+		u_long arg;
+
+		arg = 1;
+		ioctlsocket(fd, FIONBIO, &arg);
+#else
+		fcntl(fd, F_SETFL, O_NONBLOCK);
+#endif
+	}
 	return fd;
 }
 
@@ -440,19 +474,28 @@ choose_ok:
 
 static uint32_t
 sp_do_keyx(const br_ssl_server_policy_class **pctx,
-	unsigned char *data, size_t len)
+	unsigned char *data, size_t *len)
 {
 	policy_context *pc;
+	uint32_t r;
+	size_t xoff, xlen;
 
 	pc = (policy_context *)pctx;
 	switch (pc->sk->key_type) {
+		const br_ec_impl *iec;
+
 	case BR_KEYTYPE_RSA:
 		return br_rsa_ssl_decrypt(
-			&br_rsa_i31_private, &pc->sk->key.rsa,
-			data, len);
+			br_rsa_private_get_default(),
+			&pc->sk->key.rsa, data, *len);
 	case BR_KEYTYPE_EC:
-		return br_ec_prime_i31.mul(data, len, pc->sk->key.ec.x,
+		iec = br_ec_get_default();
+		r = iec->mul(data, *len, pc->sk->key.ec.x,
 			pc->sk->key.ec.xlen, pc->sk->key.ec.curve);
+		xoff = iec->xoff(pc->sk->key.ec.curve, &xlen);
+		memmove(data, data + xoff, xlen);
+		*len = xlen;
+		return r;
 	default:
 		fprintf(stderr, "ERROR: unknown private key type (%d)\n",
 			(int)pc->sk->key_type);
@@ -523,8 +566,8 @@ sp_do_sign(const br_ssl_server_policy_class **pctx,
 			}
 			return 0;
 		}
-		x = br_rsa_i31_pkcs1_sign(hash_oid, hv, hv_len,
-			&pc->sk->key.rsa, data);
+		x = br_rsa_pkcs1_sign_get_default()(
+			hash_oid, hv, hv_len, &pc->sk->key.rsa, data);
 		if (!x) {
 			if (pc->verbose) {
 				fprintf(stderr, "ERROR: RSA-sign failure\n");
@@ -551,8 +594,8 @@ sp_do_sign(const br_ssl_server_policy_class **pctx,
 			}
 			return 0;
 		}
-		sig_len = br_ecdsa_i31_sign_asn1(&br_ec_prime_i31, 
-			hc, hv, &pc->sk->key.ec, data);
+		sig_len = br_ecdsa_sign_asn1_get_default()(
+			br_ec_get_default(), hc, hv, &pc->sk->key.ec, data);
 		if (sig_len == 0) {
 			if (pc->verbose) {
 				fprintf(stderr, "ERROR: ECDSA-sign failure\n");
@@ -600,7 +643,7 @@ do_server(int argc, char *argv[])
 	int cert_signer_algo;
 	private_key *sk;
 	anchor_list anchors = VEC_INIT;
-	VECTOR(const char *) alpn_names = VEC_INIT;
+	VECTOR(char *) alpn_names = VEC_INIT;
 	br_x509_minimal_context xc;
 	const br_hash_class *dnhash;
 	size_t u;
@@ -610,7 +653,7 @@ do_server(int argc, char *argv[])
 	unsigned char *iobuf, *cache;
 	size_t iobuf_len, cache_len;
 	uint32_t flags;
-	int server_fd, fd;
+	SOCKET server_fd, fd;
 
 	retcode = 0;
 	verbose = 1;
@@ -633,8 +676,8 @@ do_server(int argc, char *argv[])
 	cache = NULL;
 	cache_len = (size_t)-1;
 	flags = 0;
-	server_fd = -1;
-	fd = -1;
+	server_fd = INVALID_SOCKET;
+	fd = INVALID_SOCKET;
 	for (i = 0; i < argc; i ++) {
 		const char *arg;
 
@@ -923,7 +966,7 @@ do_server(int argc, char *argv[])
 		break;
 	case BR_KEYTYPE_EC:
 		curve = sk->key.ec.curve;
-		supp = br_ec_prime_i31.supported_curves;
+		supp = br_ec_get_default()->supported_curves;
 		if (curve > 31 || !((supp >> curve) & 1)) {
 			fprintf(stderr, "ERROR: private key curve (%d)"
 				" is not supported\n", curve);
@@ -1013,41 +1056,19 @@ do_server(int argc, char *argv[])
 		}
 		/* TODO: algorithm implementation selection */
 		if ((req & REQ_AESCBC) != 0) {
-			br_ssl_engine_set_aes_cbc(&cc.eng,
-				&br_aes_ct_cbcenc_vtable,
-				&br_aes_ct_cbcdec_vtable);
-			br_ssl_engine_set_cbc(&cc.eng,
-				&br_sslrec_in_cbc_vtable,
-				&br_sslrec_out_cbc_vtable);
+			br_ssl_engine_set_default_aes_cbc(&cc.eng);
 		}
 		if ((req & REQ_AESGCM) != 0) {
-			br_ssl_engine_set_aes_ctr(&cc.eng,
-				&br_aes_ct_ctr_vtable);
-			br_ssl_engine_set_ghash(&cc.eng,
-				&br_ghash_ctmul);
-			br_ssl_engine_set_gcm(&cc.eng,
-				&br_sslrec_in_gcm_vtable,
-				&br_sslrec_out_gcm_vtable);
+			br_ssl_engine_set_default_aes_gcm(&cc.eng);
 		}
 		if ((req & REQ_CHAPOL) != 0) {
-			br_ssl_engine_set_chacha20(&cc.eng,
-				&br_chacha20_ct_run);
-			br_ssl_engine_set_poly1305(&cc.eng,
-				&br_poly1305_ctmul_run);
-			br_ssl_engine_set_chapol(&cc.eng,
-				&br_sslrec_in_chapol_vtable,
-				&br_sslrec_out_chapol_vtable);
+			br_ssl_engine_set_default_chapol(&cc.eng);
 		}
 		if ((req & REQ_3DESCBC) != 0) {
-			br_ssl_engine_set_des_cbc(&cc.eng,
-				&br_des_ct_cbcenc_vtable,
-				&br_des_ct_cbcdec_vtable);
-			br_ssl_engine_set_cbc(&cc.eng,
-				&br_sslrec_in_cbc_vtable,
-				&br_sslrec_out_cbc_vtable);
+			br_ssl_engine_set_default_des_cbc(&cc.eng);
 		}
 		if ((req & (REQ_ECDHE_RSA | REQ_ECDHE_ECDSA)) != 0) {
-			br_ssl_engine_set_ec(&cc.eng, &br_ec_prime_i31);
+			br_ssl_engine_set_default_ec(&cc.eng);
 		}
 	}
 	br_ssl_engine_set_suites(&cc.eng, suite_ids, num_suites);
@@ -1083,7 +1104,8 @@ do_server(int argc, char *argv[])
 
 	if (VEC_LEN(alpn_names) != 0) {
 		br_ssl_engine_set_protocol_names(&cc.eng,
-			&VEC_ELT(alpn_names, 0), VEC_LEN(alpn_names));
+			(const char **)&VEC_ELT(alpn_names, 0),
+			VEC_LEN(alpn_names));
 	}
 
 	/*
@@ -1119,12 +1141,11 @@ do_server(int argc, char *argv[])
 				br_x509_minimal_set_hash(&xc, id, hc);
 			}
 		}
-		br_ssl_engine_set_rsavrfy(&cc.eng, &br_rsa_i31_pkcs1_vrfy);
-		br_ssl_engine_set_ec(&cc.eng, &br_ec_prime_i31);
-		br_ssl_engine_set_ecdsa(&cc.eng, &br_ecdsa_i31_vrfy_asn1);
-		br_x509_minimal_set_rsa(&xc, &br_rsa_i31_pkcs1_vrfy);
+		br_ssl_engine_set_default_rsavrfy(&cc.eng);
+		br_ssl_engine_set_default_ecdsa(&cc.eng);
+		br_x509_minimal_set_rsa(&xc, br_rsa_pkcs1_vrfy_get_default());
 		br_x509_minimal_set_ecdsa(&xc,
-			&br_ec_prime_i31, &br_ecdsa_i31_vrfy_asn1);
+			br_ec_get_default(), br_ecdsa_vrfy_asn1_get_default());
 		br_ssl_engine_set_x509(&cc.eng, &xc.vtable);
 		br_ssl_server_set_trust_anchor_names_alt(&cc,
 			&VEC_ELT(anchors, 0), VEC_LEN(anchors));
@@ -1133,15 +1154,17 @@ do_server(int argc, char *argv[])
 	br_ssl_engine_set_buffer(&cc.eng, iobuf, iobuf_len, bidi);
 
 	/*
-	 * We need to ignore SIGPIPE.
+	 * On Unix systems, we need to ignore SIGPIPE.
 	 */
+#ifndef _WIN32
 	signal(SIGPIPE, SIG_IGN);
+#endif
 
 	/*
 	 * Open the server socket.
 	 */
 	server_fd = host_bind(bind_name, port, verbose);
-	if (server_fd < 0) {
+	if (server_fd == INVALID_SOCKET) {
 		goto server_exit_error;
 	}
 
@@ -1154,17 +1177,22 @@ do_server(int argc, char *argv[])
 	 */
 	for (;;) {
 		int x;
+		unsigned run_flags;
 
-		fd = accept_client(server_fd, verbose);
-		if (fd < 0) {
+		fd = accept_client(server_fd, verbose, 1);
+		if (fd == INVALID_SOCKET) {
 			goto server_exit_error;
 		}
 		br_ssl_server_reset(&cc);
-		x = run_ssl_engine(&cc.eng, fd,
-			(verbose ? RUN_ENGINE_VERBOSE : 0)
-			| (trace ? RUN_ENGINE_TRACE : 0));
+		run_flags = (verbose ? RUN_ENGINE_VERBOSE : 0)
+			| (trace ? RUN_ENGINE_TRACE : 0);
+		x = run_ssl_engine(&cc.eng, fd, run_flags);
+#ifdef _WIN32
+		closesocket(fd);
+#else
 		close(fd);
-		fd = -1;
+#endif
+		fd = INVALID_SOCKET;
 		if (x < -1) {
 			goto server_exit_error;
 		}
@@ -1182,8 +1210,12 @@ server_exit:
 	VEC_CLEAREXT(alpn_names, &free_alpn);
 	xfree(iobuf);
 	xfree(cache);
-	if (fd >= 0) {
+	if (fd != INVALID_SOCKET) {
+#ifdef _WIN32
+		closesocket(fd);
+#else
 		close(fd);
+#endif
 	}
 	return retcode;