diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c index e9523ce84..3ccfa6d9f 100644 --- a/programs/pkey/dh_client.c +++ b/programs/pkey/dh_client.c @@ -71,7 +71,7 @@ int main( void ) int ret; size_t n, buflen; - int server_fd = -1; + mbedtls_net_context server_fd; unsigned char *p, *end; unsigned char buf[2048]; @@ -84,7 +84,8 @@ int main( void ) mbedtls_dhm_context dhm; mbedtls_aes_context aes; - memset( &rsa, 0, sizeof( rsa ) ); + mbedtls_net_init( &server_fd ); + mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_SHA256 ); mbedtls_dhm_init( &dhm ); mbedtls_aes_init( &aes ); mbedtls_ctr_drbg_init( &ctr_drbg ); @@ -280,8 +281,7 @@ int main( void ) exit: - if( server_fd != -1 ) - mbedtls_net_close( server_fd ); + mbedtls_net_close( &server_fd ); mbedtls_aes_free( &aes ); mbedtls_rsa_free( &rsa ); diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c index 30abaa894..71fa73704 100644 --- a/programs/pkey/dh_server.c +++ b/programs/pkey/dh_server.c @@ -71,8 +71,7 @@ int main( void ) int ret; size_t n, buflen; - int listen_fd = -1; - int client_fd = -1; + mbedtls_net_context listen_fd, client_fd; unsigned char buf[2048]; unsigned char hash[20]; @@ -85,7 +84,9 @@ int main( void ) mbedtls_dhm_context dhm; mbedtls_aes_context aes; - memset( &rsa, 0, sizeof( rsa ) ); + mbedtls_net_init( &listen_fd ); + mbedtls_net_init( &client_fd ); + mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_SHA256 ); mbedtls_dhm_init( &dhm ); mbedtls_aes_init( &aes ); mbedtls_ctr_drbg_init( &ctr_drbg ); @@ -173,7 +174,7 @@ int main( void ) goto exit; } - if( ( ret = mbedtls_net_accept( listen_fd, &client_fd, + if( ( ret = mbedtls_net_accept( &listen_fd, &client_fd, NULL, 0, NULL ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_net_accept returned %d\n\n", ret ); @@ -282,8 +283,8 @@ int main( void ) exit: - if( client_fd != -1 ) - mbedtls_net_close( client_fd ); + mbedtls_net_close( &client_fd ); + mbedtls_net_close( &listen_fd ); mbedtls_aes_free( &aes ); mbedtls_rsa_free( &rsa ); diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c index 0fedbc739..b3cfb310d 100644 --- a/programs/ssl/dtls_client.c +++ b/programs/ssl/dtls_client.c @@ -83,7 +83,8 @@ static void my_debug( void *ctx, int level, int main( int argc, char *argv[] ) { - int ret, len, server_fd = -1; + int ret, len; + mbedtls_net_context server_fd; uint32_t flags; unsigned char buf[1024]; const char *pers = "dtls_client"; @@ -106,6 +107,7 @@ int main( int argc, char *argv[] ) /* * 0. Initialize the RNG and the session data */ + mbedtls_net_init( &server_fd ); mbedtls_ssl_init( &ssl ); mbedtls_ssl_config_init( &conf ); mbedtls_x509_crt_init( &cacert ); @@ -324,8 +326,7 @@ exit: } #endif - if( server_fd != -1 ) - mbedtls_net_close( server_fd ); + mbedtls_net_close( &server_fd ); mbedtls_x509_crt_free( &cacert ); mbedtls_ssl_free( &ssl ); diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c index ef7ce9405..e1da0f74a 100644 --- a/programs/ssl/dtls_server.c +++ b/programs/ssl/dtls_server.c @@ -92,8 +92,7 @@ static void my_debug( void *ctx, int level, int main( void ) { int ret, len; - int listen_fd; - int client_fd = -1; + mbedtls_net_context listen_fd, client_fd; unsigned char buf[1024]; const char *pers = "dtls_server"; unsigned char client_ip[16] = { 0 }; @@ -111,6 +110,8 @@ int main( void ) mbedtls_ssl_cache_context cache; #endif + mbedtls_net_init( &listen_fd ); + mbedtls_net_init( &client_fd ); mbedtls_ssl_init( &ssl ); mbedtls_ssl_config_init( &conf ); mbedtls_ssl_cookie_init( &cookie_ctx ); @@ -255,20 +256,17 @@ reset: } #endif - if( client_fd != -1 ) - mbedtls_net_close( client_fd ); + mbedtls_net_close( &client_fd ); mbedtls_ssl_session_reset( &ssl ); /* * 3. Wait until a client connects */ - client_fd = -1; - printf( " . Waiting for a remote connection ..." ); fflush( stdout ); - if( ( ret = mbedtls_net_accept( listen_fd, &client_fd, + if( ( ret = mbedtls_net_accept( &listen_fd, &client_fd, client_ip, sizeof( client_ip ), &cliip_len ) ) != 0 ) { printf( " failed\n ! mbedtls_net_accept returned %d\n\n", ret ); @@ -403,8 +401,8 @@ exit: } #endif - if( client_fd != -1 ) - mbedtls_net_close( client_fd ); + mbedtls_net_close( &client_fd ); + mbedtls_net_close( &listen_fd ); mbedtls_x509_crt_free( &srvcert ); mbedtls_pk_free( &pkey ); diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c index 2d1dcb9cc..95b0f9227 100644 --- a/programs/ssl/mini_client.c +++ b/programs/ssl/mini_client.c @@ -32,6 +32,10 @@ * NET module, in order to avoid the overhead of getaddrinfo() which tends to * dominate memory usage in small configurations. For the sake of simplicity, * only a Unix version is implemented. + * + * Warning: we are breaking some of the abtractions from the NET layer here. + * This is not a good example for general use. This programs has the specific + * goal of minimizing use of the libc functions on full-blown OSes. */ #if defined(unix) || defined(__unix__) || defined(__unix) #define UNIX @@ -160,7 +164,7 @@ enum exit_codes int main( void ) { int ret = exit_ok; - int server_fd = -1; + mbedtls_net_context server_fd; struct sockaddr_in addr; #if defined(MBEDTLS_X509_CRT_PARSE_C) mbedtls_x509_crt ca; @@ -175,6 +179,7 @@ int main( void ) /* * 0. Initialize and setup stuff */ + mbedtls_net_init( &server_fd ); mbedtls_ssl_init( &ssl ); mbedtls_ssl_config_init( &conf ); #if defined(MBEDTLS_X509_CRT_PARSE_C) @@ -241,13 +246,13 @@ int main( void ) addr.sin_addr.s_addr = *((char *) &ret) == ret ? ADDR_LE : ADDR_BE; ret = 0; - if( ( server_fd = socket( AF_INET, SOCK_STREAM, 0 ) ) < 0 ) + if( ( server_fd.fd = socket( AF_INET, SOCK_STREAM, 0 ) ) < 0 ) { ret = socket_failed; goto exit; } - if( connect( server_fd, + if( connect( server_fd.fd, (const struct sockaddr *) &addr, sizeof( addr ) ) < 0 ) { ret = connect_failed; @@ -275,8 +280,7 @@ int main( void ) mbedtls_ssl_close_notify( &ssl ); exit: - if( server_fd != -1 ) - mbedtls_net_close( server_fd ); + mbedtls_net_close( &server_fd ); mbedtls_ssl_free( &ssl ); mbedtls_ssl_config_free( &conf ); diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c index c23c65323..61ead50ed 100644 --- a/programs/ssl/ssl_client1.c +++ b/programs/ssl/ssl_client1.c @@ -78,7 +78,8 @@ static void my_debug( void *ctx, int level, int main( void ) { - int ret, len, server_fd = -1; + int ret, len; + mbedtls_net_context server_fd; uint32_t flags; unsigned char buf[1024]; const char *pers = "ssl_client1"; @@ -96,6 +97,7 @@ int main( void ) /* * 0. Initialize the RNG and the session data */ + mbedtls_net_init( &server_fd ); mbedtls_ssl_init( &ssl ); mbedtls_ssl_config_init( &conf ); mbedtls_x509_crt_init( &cacert ); @@ -288,8 +290,7 @@ exit: } #endif - if( server_fd != -1 ) - mbedtls_net_close( server_fd ); + mbedtls_net_close( &server_fd ); mbedtls_x509_crt_free( &cacert ); mbedtls_ssl_free( &ssl ); diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index f8188d636..27bd8bf41 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -386,7 +386,8 @@ static int my_verify( void *data, mbedtls_x509_crt *crt, int depth, uint32_t *fl int main( int argc, char *argv[] ) { - int ret = 0, len, tail_len, server_fd, i, written, frags, retry_left; + int ret = 0, len, tail_len, i, written, frags, retry_left; + mbedtls_net_context server_fd; unsigned char buf[MBEDTLS_SSL_MAX_CONTENT_LEN + 1]; #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) unsigned char psk[MBEDTLS_PSK_MAX_LEN]; @@ -417,7 +418,7 @@ int main( int argc, char *argv[] ) /* * Make sure memory references are valid. */ - server_fd = 0; + mbedtls_net_init( &server_fd ); mbedtls_ssl_init( &ssl ); mbedtls_ssl_config_init( &conf ); memset( &saved_session, 0, sizeof( mbedtls_ssl_session ) ); @@ -1038,9 +1039,9 @@ int main( int argc, char *argv[] ) } if( opt.nbio > 0 ) - ret = mbedtls_net_set_nonblock( server_fd ); + ret = mbedtls_net_set_nonblock( &server_fd ); else - ret = mbedtls_net_set_block( server_fd ); + ret = mbedtls_net_set_block( &server_fd ); if( ret != 0 ) { mbedtls_printf( " failed\n ! net_set_(non)block() returned -0x%x\n\n", -ret ); @@ -1502,7 +1503,7 @@ reconnect: { --opt.reconnect; - mbedtls_net_close( server_fd ); + mbedtls_net_close( &server_fd ); #if defined(MBEDTLS_TIMING_C) if( opt.reco_delay > 0 ) @@ -1533,9 +1534,9 @@ reconnect: } if( opt.nbio > 0 ) - ret = mbedtls_net_set_nonblock( server_fd ); + ret = mbedtls_net_set_nonblock( &server_fd ); else - ret = mbedtls_net_set_block( server_fd ); + ret = mbedtls_net_set_block( &server_fd ); if( ret != 0 ) { mbedtls_printf( " failed\n ! net_set_(non)block() returned -0x%x\n\n", @@ -1571,8 +1572,7 @@ exit: } #endif - if( server_fd ) - mbedtls_net_close( server_fd ); + mbedtls_net_close( &server_fd ); #if defined(MBEDTLS_X509_CRT_PARSE_C) mbedtls_x509_crt_free( &clicert ); diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c index 0984be1b1..9aab97585 100644 --- a/programs/ssl/ssl_fork_server.c +++ b/programs/ssl/ssl_fork_server.c @@ -96,8 +96,7 @@ static void my_debug( void *ctx, int level, int main( void ) { int ret, len, cnt = 0, pid; - int listen_fd; - int client_fd = -1; + mbedtls_net_context listen_fd, client_fd; unsigned char buf[1024]; const char *pers = "ssl_fork_server"; @@ -108,6 +107,8 @@ int main( void ) mbedtls_x509_crt srvcert; mbedtls_pk_context pkey; + mbedtls_net_init( &listen_fd ); + mbedtls_net_init( &client_fd ); mbedtls_ssl_init( &ssl ); mbedtls_ssl_config_init( &conf ); mbedtls_entropy_init( &entropy ); @@ -216,13 +217,13 @@ int main( void ) /* * 3. Wait until a client connects */ - client_fd = -1; - memset( &ssl, 0, sizeof( ssl ) ); + mbedtls_net_init( &client_fd ); + mbedtls_ssl_init( &ssl ); mbedtls_printf( " . Waiting for a remote connection ..." ); fflush( stdout ); - if( ( ret = mbedtls_net_accept( listen_fd, &client_fd, + if( ( ret = mbedtls_net_accept( &listen_fd, &client_fd, NULL, 0, NULL ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_net_accept returned %d\n\n", ret ); @@ -258,11 +259,11 @@ int main( void ) goto exit; } - close( client_fd ); + mbedtls_net_close( &client_fd ); continue; } - close( listen_fd ); + mbedtls_net_close( &listen_fd ); /* * 4. Setup stuff @@ -384,9 +385,8 @@ int main( void ) } exit: - - if( client_fd != -1 ) - mbedtls_net_close( client_fd ); + mbedtls_net_close( &client_fd ); + mbedtls_net_close( &listen_fd ); mbedtls_x509_crt_free( &srvcert ); mbedtls_pk_free( &pkey ); diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index 99325942e..4ea5d4c1b 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -66,8 +66,6 @@ int main( void ) #include #else #include -#define read _read -#define write _write #endif #if defined(_WIN32) || defined(_WIN32_WCE) @@ -294,7 +292,7 @@ static int write_ssl_and_get_response( mbedtls_ssl_context *ssl, unsigned char * while( 1 ); } -static int write_and_get_response( int sock_fd, unsigned char *buf, size_t len ) +static int write_and_get_response( mbedtls_net_context *sock_fd, unsigned char *buf, size_t len ) { int ret; unsigned char data[128]; @@ -302,7 +300,7 @@ static int write_and_get_response( int sock_fd, unsigned char *buf, size_t len ) size_t i, idx = 0; mbedtls_printf("\n%s", buf); - if( len && ( ret = write( sock_fd, buf, len ) ) <= 0 ) + if( len && ( ret = mbedtls_net_send( sock_fd, buf, len ) ) <= 0 ) { mbedtls_printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", ret ); return -1; @@ -312,7 +310,7 @@ static int write_and_get_response( int sock_fd, unsigned char *buf, size_t len ) { len = sizeof( data ) - 1; memset( data, 0, sizeof( data ) ); - ret = read( sock_fd, data, len ); + ret = mbedtls_net_recv( sock_fd, data, len ); if( ret <= 0 ) { @@ -346,7 +344,8 @@ static int write_and_get_response( int sock_fd, unsigned char *buf, size_t len ) int main( int argc, char *argv[] ) { - int ret = 0, len, server_fd; + int ret = 0, len; + mbedtls_net_context server_fd; unsigned char buf[1024]; #if defined(MBEDTLS_BASE64_C) unsigned char base[1024]; @@ -369,7 +368,7 @@ int main( int argc, char *argv[] ) /* * Make sure memory references are valid in case we exit early. */ - server_fd = 0; + mbedtls_net_init( &server_fd ); mbedtls_ssl_init( &ssl ); mbedtls_ssl_config_init( &conf ); memset( &buf, 0, sizeof( buf ) ); @@ -658,7 +657,7 @@ int main( int argc, char *argv[] ) mbedtls_printf( " > Get header from server:" ); fflush( stdout ); - ret = write_and_get_response( server_fd, buf, 0 ); + ret = write_and_get_response( &server_fd, buf, 0 ); if( ret < 200 || ret > 299 ) { mbedtls_printf( " failed\n ! server responded with %d\n\n", ret ); @@ -672,7 +671,7 @@ int main( int argc, char *argv[] ) gethostname( hostname, 32 ); len = sprintf( (char *) buf, "EHLO %s\r\n", hostname ); - ret = write_and_get_response( server_fd, buf, len ); + ret = write_and_get_response( &server_fd, buf, len ); if( ret < 200 || ret > 299 ) { mbedtls_printf( " failed\n ! server responded with %d\n\n", ret ); @@ -686,7 +685,7 @@ int main( int argc, char *argv[] ) gethostname( hostname, 32 ); len = sprintf( (char *) buf, "STARTTLS\r\n" ); - ret = write_and_get_response( server_fd, buf, len ); + ret = write_and_get_response( &server_fd, buf, len ); if( ret < 200 || ret > 299 ) { mbedtls_printf( " failed\n ! server responded with %d\n\n", ret ); @@ -820,8 +819,7 @@ int main( int argc, char *argv[] ) exit: - if( server_fd ) - mbedtls_net_close( server_fd ); + mbedtls_net_close( &server_fd ); mbedtls_x509_crt_free( &clicert ); mbedtls_x509_crt_free( &cacert ); mbedtls_pk_free( &pkey ); diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c index 7a4c2b27a..4bd3671d4 100644 --- a/programs/ssl/ssl_pthread_server.c +++ b/programs/ssl/ssl_pthread_server.c @@ -106,7 +106,7 @@ static void my_mutexed_debug( void *ctx, int level, } typedef struct { - int client_fd; + mbedtls_net_context client_fd; int thread_complete; const mbedtls_ssl_config *config; } thread_info_t; @@ -124,7 +124,7 @@ static void *handle_ssl_connection( void *data ) { int ret, len; thread_info_t *thread_info = (thread_info_t *) data; - int client_fd = thread_info->client_fd; + mbedtls_net_context *client_fd = &thread_info->client_fd; long int thread_id = (long int) pthread_self(); unsigned char buf[1024]; mbedtls_ssl_context ssl; @@ -132,7 +132,7 @@ static void *handle_ssl_connection( void *data ) /* Make sure memory references are valid */ mbedtls_ssl_init( &ssl ); - mbedtls_printf( " [ #%ld ] Client FD %d\n", thread_id, client_fd ); + mbedtls_printf( " [ #%ld ] Setting up SSL/TLS data\n", thread_id ); /* * 4. Get the SSL context ready @@ -144,7 +144,7 @@ static void *handle_ssl_connection( void *data ) goto thread_exit; } - mbedtls_ssl_set_bio( &ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv, NULL ); + mbedtls_ssl_set_bio( &ssl, client_fd, mbedtls_net_send, mbedtls_net_recv, NULL ); /* * 5. Handshake @@ -273,7 +273,7 @@ thread_exit: return( NULL ); } -static int thread_create( int client_fd ) +static int thread_create( mbedtls_net_context *client_fd ) { int ret, i; @@ -302,9 +302,10 @@ static int thread_create( int client_fd ) */ memcpy( &threads[i].data, &base_info, sizeof(base_info) ); threads[i].active = 1; - threads[i].data.client_fd = client_fd; + memcpy( &threads[i].data.client_fd, client_fd, sizeof( mbedtls_net_context ) ); - if( ( ret = pthread_create( &threads[i].thread, NULL, handle_ssl_connection, &threads[i].data ) ) != 0 ) + if( ( ret = pthread_create( &threads[i].thread, NULL, handle_ssl_connection, + &threads[i].data ) ) != 0 ) { return( ret ); } @@ -315,8 +316,7 @@ static int thread_create( int client_fd ) int main( void ) { int ret; - int listen_fd; - int client_fd = -1; + mbedtls_net_context listen_fd, client_fd; const char pers[] = "ssl_pthread_server"; mbedtls_entropy_context entropy; @@ -346,6 +346,8 @@ int main( void ) mbedtls_ssl_config_init( &conf ); mbedtls_ctr_drbg_init( &ctr_drbg ); memset( threads, 0, sizeof(threads) ); + mbedtls_net_init( &listen_fd ); + mbedtls_net_init( &client_fd ); mbedtls_mutex_init( &debug_mutex ); @@ -474,11 +476,9 @@ reset: /* * 3. Wait until a client connects */ - client_fd = -1; - mbedtls_printf( " [ main ] Waiting for a remote connection\n" ); - if( ( ret = mbedtls_net_accept( listen_fd, &client_fd, + if( ( ret = mbedtls_net_accept( &listen_fd, &client_fd, NULL, 0, NULL ) ) != 0 ) { mbedtls_printf( " [ main ] failed: mbedtls_net_accept returned -0x%04x\n", ret ); @@ -488,10 +488,10 @@ reset: mbedtls_printf( " [ main ] ok\n" ); mbedtls_printf( " [ main ] Creating a new thread\n" ); - if( ( ret = thread_create( client_fd ) ) != 0 ) + if( ( ret = thread_create( &client_fd ) ) != 0 ) { mbedtls_printf( " [ main ] failed: thread_create returned %d\n", ret ); - mbedtls_net_close( client_fd ); + mbedtls_net_close( &client_fd ); goto reset; } @@ -508,6 +508,8 @@ exit: mbedtls_entropy_free( &entropy ); mbedtls_ssl_config_free( &conf ); + mbedtls_net_free( &listen_fd ); + mbedtls_mutex_free( &debug_mutex ); #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c index c009733fb..786ae5c3d 100644 --- a/programs/ssl/ssl_server.c +++ b/programs/ssl/ssl_server.c @@ -91,8 +91,7 @@ static void my_debug( void *ctx, int level, int main( void ) { int ret, len; - int listen_fd; - int client_fd = -1; + mbedtls_net_context listen_fd, client_fd; unsigned char buf[1024]; const char *pers = "ssl_server"; @@ -106,6 +105,8 @@ int main( void ) mbedtls_ssl_cache_context cache; #endif + mbedtls_net_init( &listen_fd ); + mbedtls_net_init( &client_fd ); mbedtls_ssl_init( &ssl ); mbedtls_ssl_config_init( &conf ); #if defined(MBEDTLS_SSL_CACHE_C) @@ -236,20 +237,17 @@ reset: } #endif - if( client_fd != -1 ) - mbedtls_net_close( client_fd ); + mbedtls_net_close( &client_fd ); mbedtls_ssl_session_reset( &ssl ); /* * 3. Wait until a client connects */ - client_fd = -1; - mbedtls_printf( " . Waiting for a remote connection ..." ); fflush( stdout ); - if( ( ret = mbedtls_net_accept( listen_fd, &client_fd, + if( ( ret = mbedtls_net_accept( &listen_fd, &client_fd, NULL, 0, NULL ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_net_accept returned %d\n\n", ret ); @@ -375,8 +373,8 @@ exit: } #endif - if( client_fd != -1 ) - mbedtls_net_close( client_fd ); + mbedtls_net_close( &client_fd ); + mbedtls_net_close( &listen_fd ); mbedtls_x509_crt_free( &srvcert ); mbedtls_pk_free( &pkey ); diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index c66a4e91f..3b2c802b1 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -746,7 +746,7 @@ int psk_callback( void *p_info, mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */ -static int listen_fd, client_fd = -1; +static mbedtls_net_context listen_fd, client_fd; /* Interruption handler to ensure clean exit (for valgrind testing) */ #if !defined(_WIN32) @@ -755,8 +755,8 @@ void term_handler( int sig ) { ((void) sig); received_sigterm = 1; - mbedtls_net_close( listen_fd ); /* causes mbedtls_net_accept() to abort */ - mbedtls_net_close( client_fd ); /* causes net_read() to abort */ + mbedtls_net_close( &listen_fd ); /* causes mbedtls_net_accept() to abort */ + mbedtls_net_close( &client_fd ); /* causes net_read() to abort */ } #endif @@ -826,7 +826,8 @@ int main( int argc, char *argv[] ) /* * Make sure memory references are valid in case we exit early. */ - listen_fd = 0; + mbedtls_net_init( &client_fd ); + mbedtls_net_init( &listen_fd ); mbedtls_ssl_init( &ssl ); mbedtls_ssl_config_init( &conf ); mbedtls_ctr_drbg_init( &ctr_drbg ); @@ -1842,20 +1843,17 @@ reset: } #endif - if( client_fd != -1 ) - mbedtls_net_close( client_fd ); + mbedtls_net_close( &client_fd ); mbedtls_ssl_session_reset( &ssl ); /* * 3. Wait until a client connects */ - client_fd = -1; - mbedtls_printf( " . Waiting for a remote connection ..." ); fflush( stdout ); - if( ( ret = mbedtls_net_accept( listen_fd, &client_fd, + if( ( ret = mbedtls_net_accept( &listen_fd, &client_fd, client_ip, sizeof( client_ip ), &cliip_len ) ) != 0 ) { #if !defined(_WIN32) @@ -1872,9 +1870,9 @@ reset: } if( opt.nbio > 0 ) - ret = mbedtls_net_set_nonblock( client_fd ); + ret = mbedtls_net_set_nonblock( &client_fd ); else - ret = mbedtls_net_set_block( client_fd ); + ret = mbedtls_net_set_block( &client_fd ); if( ret != 0 ) { mbedtls_printf( " failed\n ! net_set_(non)block() returned -0x%x\n\n", -ret ); @@ -2254,8 +2252,8 @@ exit: mbedtls_printf( " . Cleaning up..." ); fflush( stdout ); - if( client_fd != -1 ) - mbedtls_net_close( client_fd ); + mbedtls_net_close( &client_fd ); + mbedtls_net_close( &listen_fd ); #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO) mbedtls_dhm_free( &dhm ); diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c index f91d42f1d..9962445f9 100644 --- a/programs/test/udp_proxy.c +++ b/programs/test/udp_proxy.c @@ -20,6 +20,12 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ +/* + * Warning: this is an internal utility program we use for tests. + * It does break some abstractions from the NET layer, and is thus NOT an + * example of good general usage. + */ + #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" #else @@ -284,7 +290,7 @@ static unsigned long ellapsed_time( void ) typedef struct { - int dst; + mbedtls_net_context *dst; const char *way; const char *type; unsigned len; @@ -306,7 +312,7 @@ void print_packet( const packet *p, const char *why ) int send_packet( const packet *p, const char *why ) { int ret; - int dst = p->dst; + mbedtls_net_context *dst = p->dst; /* insert corrupted ApplicationData record? */ if( opt.bad_ad && @@ -317,7 +323,7 @@ int send_packet( const packet *p, const char *why ) ++buf[p->len - 1]; print_packet( p, "corrupted" ); - if( ( ret = mbedtls_net_send( &dst, buf, p->len ) ) <= 0 ) + if( ( ret = mbedtls_net_send( dst, buf, p->len ) ) <= 0 ) { mbedtls_printf( " ! mbedtls_net_send returned %d\n", ret ); return( ret ); @@ -325,7 +331,7 @@ int send_packet( const packet *p, const char *why ) } print_packet( p, why ); - if( ( ret = mbedtls_net_send( &dst, p->buf, p->len ) ) <= 0 ) + if( ( ret = mbedtls_net_send( dst, p->buf, p->len ) ) <= 0 ) { mbedtls_printf( " ! mbedtls_net_send returned %d\n", ret ); return( ret ); @@ -338,7 +344,7 @@ int send_packet( const packet *p, const char *why ) { print_packet( p, "duplicated" ); - if( ( ret = mbedtls_net_send( &dst, p->buf, p->len ) ) <= 0 ) + if( ( ret = mbedtls_net_send( dst, p->buf, p->len ) ) <= 0 ) { mbedtls_printf( " ! mbedtls_net_send returned %d\n", ret ); return( ret ); @@ -392,14 +398,16 @@ void update_dropped( const packet *p ) } } -int handle_message( const char *way, int dst, int src ) +int handle_message( const char *way, + mbedtls_net_context *dst, + mbedtls_net_context *src ) { int ret; packet cur; size_t id; /* receive packet */ - if( ( ret = mbedtls_net_recv( &src, cur.buf, sizeof( cur.buf ) ) ) <= 0 ) + if( ( ret = mbedtls_net_recv( src, cur.buf, sizeof( cur.buf ) ) ) <= 0 ) { mbedtls_printf( " ! mbedtls_net_recv returned %d\n", ret ); return( ret ); @@ -432,7 +440,7 @@ int handle_message( const char *way, int dst, int src ) strcmp( cur.type, "ApplicationData" ) != 0 && ! ( opt.protect_hvr && strcmp( cur.type, "HelloVerifyRequest" ) == 0 ) && - prev.dst == 0 && + prev.dst == NULL && cur.len != (size_t) opt.protect_len && dropped[id] < DROP_MAX && rand() % opt.delay == 0 ) ) @@ -446,7 +454,7 @@ int handle_message( const char *way, int dst, int src ) return( ret ); /* send previously delayed message if any */ - if( prev.dst != 0 ) + if( prev.dst != NULL ) { ret = send_packet( &prev, "delayed" ); memset( &prev, 0, sizeof( packet ) ); @@ -462,13 +470,15 @@ int main( int argc, char *argv[] ) { int ret; - int listen_fd = -1; - int client_fd = -1; - int server_fd = -1; + mbedtls_net_context listen_fd, client_fd, server_fd; int nb_fds; fd_set read_fds; + mbedtls_net_init( &listen_fd ); + mbedtls_net_init( &client_fd ); + mbedtls_net_init( &server_fd ); + get_options( argc, argv ); /* @@ -526,7 +536,7 @@ accept: mbedtls_printf( " . Waiting for a remote connection ..." ); fflush( stdout ); - if( ( ret = mbedtls_net_accept( listen_fd, &client_fd, + if( ( ret = mbedtls_net_accept( &listen_fd, &client_fd, NULL, 0, NULL ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_net_accept returned %d\n\n", ret ); @@ -555,19 +565,19 @@ accept: clear_pending(); memset( dropped, 0, sizeof( dropped ) ); - nb_fds = client_fd; - if( nb_fds < server_fd ) - nb_fds = server_fd; - if( nb_fds < listen_fd ) - nb_fds = listen_fd; + nb_fds = client_fd.fd; + if( nb_fds < server_fd.fd ) + nb_fds = server_fd.fd; + if( nb_fds < listen_fd.fd ) + nb_fds = listen_fd.fd; ++nb_fds; while( 1 ) { FD_ZERO( &read_fds ); - FD_SET( server_fd, &read_fds ); - FD_SET( client_fd, &read_fds ); - FD_SET( listen_fd, &read_fds ); + FD_SET( server_fd.fd, &read_fds ); + FD_SET( client_fd.fd, &read_fds ); + FD_SET( listen_fd.fd, &read_fds ); if( ( ret = select( nb_fds, &read_fds, NULL, NULL, NULL ) ) <= 0 ) { @@ -575,20 +585,20 @@ accept: goto exit; } - if( FD_ISSET( listen_fd, &read_fds ) ) + if( FD_ISSET( listen_fd.fd, &read_fds ) ) goto accept; - if( FD_ISSET( client_fd, &read_fds ) ) + if( FD_ISSET( client_fd.fd, &read_fds ) ) { if( ( ret = handle_message( "S <- C", - server_fd, client_fd ) ) != 0 ) + &server_fd, &client_fd ) ) != 0 ) goto accept; } - if( FD_ISSET( server_fd, &read_fds ) ) + if( FD_ISSET( server_fd.fd, &read_fds ) ) { if( ( ret = handle_message( "S -> C", - client_fd, server_fd ) ) != 0 ) + &client_fd, &server_fd ) ) != 0 ) goto accept; } } @@ -605,11 +615,9 @@ exit: } #endif - if( client_fd != -1 ) - mbedtls_net_close( client_fd ); - - if( listen_fd != -1 ) - mbedtls_net_close( listen_fd ); + mbedtls_net_close( &client_fd ); + mbedtls_net_close( &server_fd ); + mbedtls_net_close( &listen_fd ); #if defined(_WIN32) mbedtls_printf( " Press Enter to exit this program.\n" ); diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c index dd398051c..dd5c508cc 100644 --- a/programs/x509/cert_app.c +++ b/programs/x509/cert_app.c @@ -142,7 +142,8 @@ static int my_verify( void *data, mbedtls_x509_crt *crt, int depth, uint32_t *fl int main( int argc, char *argv[] ) { - int ret = 0, server_fd; + int ret = 0; + mbedtls_net_context server_fd; unsigned char buf[1024]; mbedtls_entropy_context entropy; mbedtls_ctr_drbg_context ctr_drbg; @@ -161,7 +162,7 @@ int main( int argc, char *argv[] ) /* * Set to sane values */ - server_fd = 0; + mbedtls_net_init( &server_fd ); mbedtls_ctr_drbg_init( &ctr_drbg ); mbedtls_ssl_init( &ssl ); mbedtls_ssl_config_init( &conf ); @@ -474,8 +475,7 @@ ssl_exit: exit: - if( server_fd ) - mbedtls_net_close( server_fd ); + mbedtls_net_close( &server_fd ); mbedtls_x509_crt_free( &cacert ); mbedtls_x509_crt_free( &clicert ); #if defined(MBEDTLS_X509_CRL_PARSE_C)