X-Git-Url: https://www.bearssl.org/gitweb//home/git/?p=BearSSL;a=blobdiff_plain;f=tools%2Fserver.c;h=fbc778686eda58fb886138b5b9b1ea04b37c1a16;hp=7d24d6b75f8bd392128ebabf06dedc4f8f4fe82b;hb=556e525d62cd5559e74fe4d2777a59d33590a033;hpb=ef318ef83a3a58b0a9e036676b84d11261ed7bb4 diff --git a/tools/server.c b/tools/server.c index 7d24d6b..fbc7786 100644 --- a/tools/server.c +++ b/tools/server.c @@ -29,6 +29,10 @@ #include #include +#ifdef _WIN32 +#include +#include +#else #include #include #include @@ -37,14 +41,18 @@ #include #include +#define SOCKET int +#define INVALID_SOCKET (-1) +#define SOCKADDR_STORAGE struct sockaddr_storage +#endif + #include "brssl.h" -#include "bearssl.h" -static int +static SOCKET host_bind(const char *host, const char *port, int verbose) { struct addrinfo hints, *si, *p; - int fd; + SOCKET fd; int err; memset(&hints, 0, sizeof hints); @@ -54,9 +62,9 @@ host_bind(const char *host, const char *port, int verbose) if (err != 0) { fprintf(stderr, "ERROR: getaddrinfo(): %s\n", gai_strerror(err)); - return -1; + return INVALID_SOCKET; } - fd = -1; + fd = INVALID_SOCKET; for (p = si; p != NULL; p = p->ai_next) { struct sockaddr *sa; struct sockaddr_in sa4; @@ -102,21 +110,27 @@ host_bind(const char *host, const char *port, int verbose) fprintf(stderr, "binding to: %s\n", tmp); } fd = socket(p->ai_family, p->ai_socktype, p->ai_protocol); - if (fd < 0) { + if (fd == INVALID_SOCKET) { if (verbose) { perror("socket()"); } continue; } opt = 1; - setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof opt); + setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, + (void *)&opt, sizeof opt); opt = 0; - setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, &opt, sizeof opt); + setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, + (void *)&opt, sizeof opt); if (bind(fd, sa, sa_len) < 0) { if (verbose) { perror("bind()"); } +#ifdef _WIN32 + closesocket(fd); +#else close(fd); +#endif continue; } break; @@ -124,15 +138,19 @@ host_bind(const char *host, const char *port, int verbose) if (p == NULL) { freeaddrinfo(si); fprintf(stderr, "ERROR: failed to bind\n"); - return -1; + return INVALID_SOCKET; } freeaddrinfo(si); if (listen(fd, 5) < 0) { if (verbose) { perror("listen()"); } +#ifdef _WIN32 + closesocket(fd); +#else close(fd); - return -1; +#endif + return INVALID_SOCKET; } if (verbose) { fprintf(stderr, "bound.\n"); @@ -140,27 +158,27 @@ host_bind(const char *host, const char *port, int verbose) return fd; } -static int -accept_client(int server_fd, int verbose) +static SOCKET +accept_client(SOCKET server_fd, int verbose) { int fd; - struct sockaddr sa; + SOCKADDR_STORAGE sa; socklen_t sa_len; sa_len = sizeof sa; - fd = accept(server_fd, &sa, &sa_len); - if (fd < 0) { + fd = accept(server_fd, (struct sockaddr *)&sa, &sa_len); + if (fd == INVALID_SOCKET) { if (verbose) { perror("accept()"); } - return -1; + return INVALID_SOCKET; } if (verbose) { char tmp[INET6_ADDRSTRLEN + 50]; const char *name; name = NULL; - switch (sa.sa_family) { + switch (((struct sockaddr *)&sa)->sa_family) { case AF_INET: name = inet_ntop(AF_INET, &((struct sockaddr_in *)&sa)->sin_addr, @@ -173,8 +191,8 @@ accept_client(int server_fd, int verbose) break; } if (name == NULL) { - sprintf(tmp, "", - (unsigned long)sa.sa_family); + sprintf(tmp, "", (unsigned long) + ((struct sockaddr *)&sa)->sa_family); name = tmp; } fprintf(stderr, "accepting connection from: %s\n", name); @@ -182,9 +200,18 @@ accept_client(int server_fd, int verbose) /* * We make the socket non-blocking, since we are going to use - * poll() to organise I/O. + * poll() or select() to organise I/O. */ +#ifdef _WIN32 + { + u_long arg; + + arg = 1; + ioctlsocket(fd, FIONBIO, &arg); + } +#else fcntl(fd, F_SETFL, O_NONBLOCK); +#endif return fd; } @@ -440,19 +467,25 @@ choose_ok: static uint32_t sp_do_keyx(const br_ssl_server_policy_class **pctx, - unsigned char *data, size_t len) + unsigned char *data, size_t *len) { policy_context *pc; + uint32_t r; + size_t xoff, xlen; pc = (policy_context *)pctx; switch (pc->sk->key_type) { case BR_KEYTYPE_RSA: return br_rsa_ssl_decrypt( &br_rsa_i31_private, &pc->sk->key.rsa, - data, len); + data, *len); case BR_KEYTYPE_EC: - return br_ec_prime_i31.mul(data, len, pc->sk->key.ec.x, + r = br_ec_all_m15.mul(data, *len, pc->sk->key.ec.x, pc->sk->key.ec.xlen, pc->sk->key.ec.curve); + xoff = br_ec_all_m15.xoff(pc->sk->key.ec.curve, &xlen); + memmove(data, data + xoff, xlen); + *len = xlen; + return r; default: fprintf(stderr, "ERROR: unknown private key type (%d)\n", (int)pc->sk->key_type); @@ -551,7 +584,7 @@ sp_do_sign(const br_ssl_server_policy_class **pctx, } return 0; } - sig_len = br_ecdsa_i31_sign_asn1(&br_ec_prime_i31, + sig_len = br_ecdsa_i31_sign_asn1(&br_ec_all_m15, hc, hv, &pc->sk->key.ec, data); if (sig_len == 0) { if (pc->verbose) { @@ -600,7 +633,7 @@ do_server(int argc, char *argv[]) int cert_signer_algo; private_key *sk; anchor_list anchors = VEC_INIT; - VECTOR(const char *) alpn_names = VEC_INIT; + VECTOR(char *) alpn_names = VEC_INIT; br_x509_minimal_context xc; const br_hash_class *dnhash; size_t u; @@ -610,7 +643,7 @@ do_server(int argc, char *argv[]) unsigned char *iobuf, *cache; size_t iobuf_len, cache_len; uint32_t flags; - int server_fd, fd; + SOCKET server_fd, fd; retcode = 0; verbose = 1; @@ -633,8 +666,8 @@ do_server(int argc, char *argv[]) cache = NULL; cache_len = (size_t)-1; flags = 0; - server_fd = -1; - fd = -1; + server_fd = INVALID_SOCKET; + fd = INVALID_SOCKET; for (i = 0; i < argc; i ++) { const char *arg; @@ -923,7 +956,7 @@ do_server(int argc, char *argv[]) break; case BR_KEYTYPE_EC: curve = sk->key.ec.curve; - supp = br_ec_prime_i31.supported_curves; + supp = br_ec_all_m15.supported_curves; if (curve > 31 || !((supp >> curve) & 1)) { fprintf(stderr, "ERROR: private key curve (%d)" " is not supported\n", curve); @@ -1047,7 +1080,7 @@ do_server(int argc, char *argv[]) &br_sslrec_out_cbc_vtable); } if ((req & (REQ_ECDHE_RSA | REQ_ECDHE_ECDSA)) != 0) { - br_ssl_engine_set_ec(&cc.eng, &br_ec_prime_i31); + br_ssl_engine_set_ec(&cc.eng, &br_ec_all_m15); } } br_ssl_engine_set_suites(&cc.eng, suite_ids, num_suites); @@ -1083,7 +1116,8 @@ do_server(int argc, char *argv[]) if (VEC_LEN(alpn_names) != 0) { br_ssl_engine_set_protocol_names(&cc.eng, - &VEC_ELT(alpn_names, 0), VEC_LEN(alpn_names)); + (const char **)&VEC_ELT(alpn_names, 0), + VEC_LEN(alpn_names)); } /* @@ -1120,11 +1154,11 @@ do_server(int argc, char *argv[]) } } br_ssl_engine_set_rsavrfy(&cc.eng, &br_rsa_i31_pkcs1_vrfy); - br_ssl_engine_set_ec(&cc.eng, &br_ec_prime_i31); + br_ssl_engine_set_ec(&cc.eng, &br_ec_all_m15); br_ssl_engine_set_ecdsa(&cc.eng, &br_ecdsa_i31_vrfy_asn1); br_x509_minimal_set_rsa(&xc, &br_rsa_i31_pkcs1_vrfy); br_x509_minimal_set_ecdsa(&xc, - &br_ec_prime_i31, &br_ecdsa_i31_vrfy_asn1); + &br_ec_all_m15, &br_ecdsa_i31_vrfy_asn1); br_ssl_engine_set_x509(&cc.eng, &xc.vtable); br_ssl_server_set_trust_anchor_names_alt(&cc, &VEC_ELT(anchors, 0), VEC_LEN(anchors)); @@ -1133,15 +1167,17 @@ do_server(int argc, char *argv[]) br_ssl_engine_set_buffer(&cc.eng, iobuf, iobuf_len, bidi); /* - * We need to ignore SIGPIPE. + * On Unix systems, we need to ignore SIGPIPE. */ +#ifndef _WIN32 signal(SIGPIPE, SIG_IGN); +#endif /* * Open the server socket. */ server_fd = host_bind(bind_name, port, verbose); - if (server_fd < 0) { + if (server_fd == INVALID_SOCKET) { goto server_exit_error; } @@ -1156,15 +1192,19 @@ do_server(int argc, char *argv[]) int x; fd = accept_client(server_fd, verbose); - if (fd < 0) { + if (fd == INVALID_SOCKET) { goto server_exit_error; } br_ssl_server_reset(&cc); x = run_ssl_engine(&cc.eng, fd, (verbose ? RUN_ENGINE_VERBOSE : 0) | (trace ? RUN_ENGINE_TRACE : 0)); +#ifdef _WIN32 + closesocket(fd); +#else close(fd); - fd = -1; +#endif + fd = INVALID_SOCKET; if (x < -1) { goto server_exit_error; } @@ -1182,8 +1222,12 @@ server_exit: VEC_CLEAREXT(alpn_names, &free_alpn); xfree(iobuf); xfree(cache); - if (fd >= 0) { + if (fd != INVALID_SOCKET) { +#ifdef _WIN32 + closesocket(fd); +#else close(fd); +#endif } return retcode;