/src/openssl36/crypto/bio/bss_dgram.c
Line | Count | Source |
1 | | /* |
2 | | * Copyright 2005-2025 The OpenSSL Project Authors. All Rights Reserved. |
3 | | * |
4 | | * Licensed under the Apache License 2.0 (the "License"). You may not use |
5 | | * this file except in compliance with the License. You can obtain a copy |
6 | | * in the file LICENSE in the source distribution or at |
7 | | * https://www.openssl.org/source/license.html |
8 | | */ |
9 | | |
10 | | #ifndef _GNU_SOURCE |
11 | | #define _GNU_SOURCE |
12 | | #endif |
13 | | |
14 | | #include <stdio.h> |
15 | | #include <errno.h> |
16 | | |
17 | | #include "internal/time.h" |
18 | | #include "bio_local.h" |
19 | | #ifndef OPENSSL_NO_DGRAM |
20 | | |
21 | | #ifndef OPENSSL_NO_SCTP |
22 | | #include <netinet/sctp.h> |
23 | | #include <fcntl.h> |
24 | | #define OPENSSL_SCTP_DATA_CHUNK_TYPE 0x00 |
25 | | #define OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE 0xc0 |
26 | | #endif |
27 | | |
28 | | #if defined(OPENSSL_SYS_LINUX) && !defined(IP_MTU) |
29 | | #define IP_MTU 14 /* linux is lame */ |
30 | | #endif |
31 | | |
32 | | #if OPENSSL_USE_IPV6 && !defined(IPPROTO_IPV6) |
33 | | #define IPPROTO_IPV6 41 /* windows is lame */ |
34 | | #endif |
35 | | |
36 | | #if defined(__FreeBSD__) && defined(IN6_IS_ADDR_V4MAPPED) |
37 | | /* Standard definition causes type-punning problems. */ |
38 | | #undef IN6_IS_ADDR_V4MAPPED |
39 | | #define s6_addr32 __u6_addr.__u6_addr32 |
40 | | #define IN6_IS_ADDR_V4MAPPED(a) \ |
41 | | (((a)->s6_addr32[0] == 0) && ((a)->s6_addr32[1] == 0) && ((a)->s6_addr32[2] == htonl(0x0000ffff))) |
42 | | #endif |
43 | | |
44 | | /* Determine what method to use for BIO_sendmmsg and BIO_recvmmsg. */ |
45 | | #define M_METHOD_NONE 0 |
46 | | #define M_METHOD_RECVMMSG 1 |
47 | | #define M_METHOD_RECVMSG 2 |
48 | | #define M_METHOD_RECVFROM 3 |
49 | | #define M_METHOD_WSARECVMSG 4 |
50 | | |
51 | | #if defined(__GLIBC__) && defined(__GLIBC_PREREQ) |
52 | | #if !(__GLIBC_PREREQ(2, 14)) |
53 | | #undef NO_RECVMMSG |
54 | | /* |
55 | | * Some old glibc versions may have recvmmsg and MSG_WAITFORONE flag, but |
56 | | * not sendmmsg. We need both so force this to be disabled on these old |
57 | | * versions |
58 | | */ |
59 | | #define NO_RECVMMSG |
60 | | #endif |
61 | | #endif |
62 | | #if defined(__GNU__) |
63 | | /* GNU/Hurd does not have IP_PKTINFO yet */ |
64 | | #undef NO_RECVMSG |
65 | | #define NO_RECVMSG |
66 | | #endif |
67 | | #if (defined(__ANDROID_API__) && __ANDROID_API__ < 21) |
68 | | #undef NO_RECVMMSG |
69 | | #define NO_RECVMMSG |
70 | | #endif |
71 | | #if defined(_AIX) && !defined(_AIX72) |
72 | | /* AIX >= 7.2 provides sendmmsg() and recvmmsg(). */ |
73 | | #undef NO_RECVMMSG |
74 | | #define NO_RECVMMSG |
75 | | #endif |
76 | | #if !defined(M_METHOD) |
77 | | #if defined(OPENSSL_SYS_WINDOWS) && defined(BIO_HAVE_WSAMSG) && !defined(NO_WSARECVMSG) |
78 | | #define M_METHOD M_METHOD_WSARECVMSG |
79 | | #elif !defined(OPENSSL_SYS_WINDOWS) && defined(MSG_WAITFORONE) && !defined(NO_RECVMMSG) |
80 | | #define M_METHOD M_METHOD_RECVMMSG |
81 | | #elif !defined(OPENSSL_SYS_WINDOWS) && defined(CMSG_LEN) && !defined(NO_RECVMSG) |
82 | | #define M_METHOD M_METHOD_RECVMSG |
83 | | #elif !defined(NO_RECVFROM) |
84 | | #define M_METHOD M_METHOD_RECVFROM |
85 | | #else |
86 | | #define M_METHOD M_METHOD_NONE |
87 | | #endif |
88 | | #endif |
89 | | |
90 | | #if defined(OPENSSL_SYS_WINDOWS) |
91 | | #define BIO_CMSG_SPACE(x) WSA_CMSG_SPACE(x) |
92 | | #define BIO_CMSG_FIRSTHDR(x) WSA_CMSG_FIRSTHDR(x) |
93 | | #define BIO_CMSG_NXTHDR(x, y) WSA_CMSG_NXTHDR(x, y) |
94 | | #define BIO_CMSG_DATA(x) WSA_CMSG_DATA(x) |
95 | | #define BIO_CMSG_LEN(x) WSA_CMSG_LEN(x) |
96 | | #define MSGHDR_TYPE WSAMSG |
97 | | #define CMSGHDR_TYPE WSACMSGHDR |
98 | | #else |
99 | | #define MSGHDR_TYPE struct msghdr |
100 | 0 | #define CMSGHDR_TYPE struct cmsghdr |
101 | 0 | #define BIO_CMSG_SPACE(x) CMSG_SPACE(x) |
102 | 0 | #define BIO_CMSG_FIRSTHDR(x) CMSG_FIRSTHDR(x) |
103 | 0 | #define BIO_CMSG_NXTHDR(x, y) CMSG_NXTHDR(x, y) |
104 | 0 | #define BIO_CMSG_DATA(x) CMSG_DATA(x) |
105 | 0 | #define BIO_CMSG_LEN(x) CMSG_LEN(x) |
106 | | #endif |
107 | | |
108 | | #if M_METHOD == M_METHOD_RECVMMSG \ |
109 | | || M_METHOD == M_METHOD_RECVMSG \ |
110 | | || M_METHOD == M_METHOD_WSARECVMSG |
111 | | #if defined(__APPLE__) |
112 | | /* |
113 | | * CMSG_SPACE is not a constant expression on OSX even though POSIX |
114 | | * says it's supposed to be. This should be adequate. |
115 | | */ |
116 | | #define BIO_CMSG_ALLOC_LEN 64 |
117 | | #else |
118 | | #if defined(IPV6_PKTINFO) |
119 | | #define BIO_CMSG_ALLOC_LEN_1 BIO_CMSG_SPACE(sizeof(struct in6_pktinfo)) |
120 | | #else |
121 | | #define BIO_CMSG_ALLOC_LEN_1 0 |
122 | | #endif |
123 | | #if defined(IP_PKTINFO) |
124 | | #define BIO_CMSG_ALLOC_LEN_2 BIO_CMSG_SPACE(sizeof(struct in_pktinfo)) |
125 | | #else |
126 | | #define BIO_CMSG_ALLOC_LEN_2 0 |
127 | | #endif |
128 | | #if defined(IP_RECVDSTADDR) |
129 | | #define BIO_CMSG_ALLOC_LEN_3 BIO_CMSG_SPACE(sizeof(struct in_addr)) |
130 | | #else |
131 | | #define BIO_CMSG_ALLOC_LEN_3 0 |
132 | | #endif |
133 | 0 | #define BIO_MAX(X, Y) ((X) > (Y) ? (X) : (Y)) |
134 | | #define BIO_CMSG_ALLOC_LEN \ |
135 | 0 | BIO_MAX(BIO_CMSG_ALLOC_LEN_1, \ |
136 | 0 | BIO_MAX(BIO_CMSG_ALLOC_LEN_2, BIO_CMSG_ALLOC_LEN_3)) |
137 | | #endif |
138 | | /* |
139 | | * Although AIX defines IP_RECVDSTADDR and IPV6_RECVPKTINFO, the |
140 | | * implementation requires IP_PKTINFO to be available for AF_INET. |
141 | | * For AF_INET6 there seem to be limitations how local addresses |
142 | | * are handled on AIX. So, disable the support for now. |
143 | | */ |
144 | | #if (defined(IP_PKTINFO) || defined(IP_RECVDSTADDR)) && defined(IPV6_RECVPKTINFO) \ |
145 | | && !defined(_AIX) |
146 | | #define SUPPORT_LOCAL_ADDR |
147 | | #endif |
148 | | #endif |
149 | | |
150 | 0 | #define BIO_MSG_N(array, stride, n) (*(BIO_MSG *)((char *)(array) + (n) * (stride))) |
151 | | |
152 | | static int dgram_write(BIO *h, const char *buf, int num); |
153 | | static int dgram_read(BIO *h, char *buf, int size); |
154 | | static int dgram_puts(BIO *h, const char *str); |
155 | | static long dgram_ctrl(BIO *h, int cmd, long arg1, void *arg2); |
156 | | static int dgram_new(BIO *h); |
157 | | static int dgram_free(BIO *data); |
158 | | static int dgram_clear(BIO *bio); |
159 | | static int dgram_sendmmsg(BIO *b, BIO_MSG *msg, |
160 | | size_t stride, size_t num_msg, |
161 | | uint64_t flags, size_t *num_processed); |
162 | | static int dgram_recvmmsg(BIO *b, BIO_MSG *msg, |
163 | | size_t stride, size_t num_msg, |
164 | | uint64_t flags, size_t *num_processed); |
165 | | |
166 | | #ifndef OPENSSL_NO_SCTP |
167 | | static int dgram_sctp_write(BIO *h, const char *buf, int num); |
168 | | static int dgram_sctp_read(BIO *h, char *buf, int size); |
169 | | static int dgram_sctp_puts(BIO *h, const char *str); |
170 | | static long dgram_sctp_ctrl(BIO *h, int cmd, long arg1, void *arg2); |
171 | | static int dgram_sctp_new(BIO *h); |
172 | | static int dgram_sctp_free(BIO *data); |
173 | | static int dgram_sctp_wait_for_dry(BIO *b); |
174 | | static int dgram_sctp_msg_waiting(BIO *b); |
175 | | #ifdef SCTP_AUTHENTICATION_EVENT |
176 | | static void dgram_sctp_handle_auth_free_key_event(BIO *b, union sctp_notification *snp); |
177 | | #endif |
178 | | #endif |
179 | | |
180 | | static int BIO_dgram_should_retry(int s); |
181 | | |
182 | | static const BIO_METHOD methods_dgramp = { |
183 | | BIO_TYPE_DGRAM, |
184 | | "datagram socket", |
185 | | bwrite_conv, |
186 | | dgram_write, |
187 | | bread_conv, |
188 | | dgram_read, |
189 | | dgram_puts, |
190 | | NULL, /* dgram_gets, */ |
191 | | dgram_ctrl, |
192 | | dgram_new, |
193 | | dgram_free, |
194 | | NULL, /* dgram_callback_ctrl */ |
195 | | dgram_sendmmsg, |
196 | | dgram_recvmmsg, |
197 | | }; |
198 | | |
199 | | #ifndef OPENSSL_NO_SCTP |
200 | | static const BIO_METHOD methods_dgramp_sctp = { |
201 | | BIO_TYPE_DGRAM_SCTP, |
202 | | "datagram sctp socket", |
203 | | bwrite_conv, |
204 | | dgram_sctp_write, |
205 | | bread_conv, |
206 | | dgram_sctp_read, |
207 | | dgram_sctp_puts, |
208 | | NULL, /* dgram_gets, */ |
209 | | dgram_sctp_ctrl, |
210 | | dgram_sctp_new, |
211 | | dgram_sctp_free, |
212 | | NULL, /* dgram_callback_ctrl */ |
213 | | NULL, /* sendmmsg */ |
214 | | NULL, /* recvmmsg */ |
215 | | }; |
216 | | #endif |
217 | | |
218 | | typedef struct bio_dgram_data_st { |
219 | | BIO_ADDR peer; |
220 | | BIO_ADDR local_addr; |
221 | | unsigned int connected; |
222 | | unsigned int _errno; |
223 | | unsigned int mtu; |
224 | | OSSL_TIME next_timeout; |
225 | | OSSL_TIME socket_timeout; |
226 | | unsigned int peekmode; |
227 | | char local_addr_enabled; |
228 | | } bio_dgram_data; |
229 | | |
230 | | #ifndef OPENSSL_NO_SCTP |
231 | | typedef struct bio_dgram_sctp_save_message_st { |
232 | | BIO *bio; |
233 | | char *data; |
234 | | int length; |
235 | | } bio_dgram_sctp_save_message; |
236 | | |
237 | | /* |
238 | | * Note: bio_dgram_data must be first here |
239 | | * as we use dgram_ctrl for underlying dgram operations |
240 | | * which will cast this struct to a bio_dgram_data |
241 | | */ |
242 | | typedef struct bio_dgram_sctp_data_st { |
243 | | bio_dgram_data dgram; |
244 | | struct bio_dgram_sctp_sndinfo sndinfo; |
245 | | struct bio_dgram_sctp_rcvinfo rcvinfo; |
246 | | struct bio_dgram_sctp_prinfo prinfo; |
247 | | BIO_dgram_sctp_notification_handler_fn handle_notifications; |
248 | | void *notification_context; |
249 | | int in_handshake; |
250 | | int ccs_rcvd; |
251 | | int ccs_sent; |
252 | | int save_shutdown; |
253 | | int peer_auth_tested; |
254 | | } bio_dgram_sctp_data; |
255 | | #endif |
256 | | |
257 | | const BIO_METHOD *BIO_s_datagram(void) |
258 | 0 | { |
259 | 0 | return &methods_dgramp; |
260 | 0 | } |
261 | | |
262 | | BIO *BIO_new_dgram(int fd, int close_flag) |
263 | 0 | { |
264 | 0 | BIO *ret; |
265 | |
|
266 | 0 | ret = BIO_new(BIO_s_datagram()); |
267 | 0 | if (ret == NULL) |
268 | 0 | return NULL; |
269 | 0 | BIO_set_fd(ret, fd, close_flag); |
270 | 0 | return ret; |
271 | 0 | } |
272 | | |
273 | | static int dgram_new(BIO *bi) |
274 | 0 | { |
275 | 0 | bio_dgram_data *data = OPENSSL_zalloc(sizeof(*data)); |
276 | |
|
277 | 0 | if (data == NULL) |
278 | 0 | return 0; |
279 | 0 | bi->ptr = data; |
280 | 0 | return 1; |
281 | 0 | } |
282 | | |
283 | | static int dgram_free(BIO *a) |
284 | 0 | { |
285 | 0 | bio_dgram_data *data; |
286 | |
|
287 | 0 | if (a == NULL) |
288 | 0 | return 0; |
289 | 0 | if (!dgram_clear(a)) |
290 | 0 | return 0; |
291 | | |
292 | 0 | data = (bio_dgram_data *)a->ptr; |
293 | 0 | OPENSSL_free(data); |
294 | |
|
295 | 0 | return 1; |
296 | 0 | } |
297 | | |
298 | | static int dgram_clear(BIO *a) |
299 | 0 | { |
300 | 0 | if (a == NULL) |
301 | 0 | return 0; |
302 | 0 | if (a->shutdown) { |
303 | 0 | if (a->init) { |
304 | 0 | BIO_closesocket(a->num); |
305 | 0 | } |
306 | 0 | a->init = 0; |
307 | 0 | a->flags = 0; |
308 | 0 | } |
309 | 0 | return 1; |
310 | 0 | } |
311 | | |
312 | | static void dgram_adjust_rcv_timeout(BIO *b) |
313 | 0 | { |
314 | 0 | #if defined(SO_RCVTIMEO) |
315 | 0 | bio_dgram_data *data = (bio_dgram_data *)b->ptr; |
316 | 0 | OSSL_TIME timeleft; |
317 | | |
318 | | /* Is a timer active? */ |
319 | 0 | if (!ossl_time_is_zero(data->next_timeout)) { |
320 | | /* Read current socket timeout */ |
321 | | #ifdef OPENSSL_SYS_WINDOWS |
322 | | int timeout; |
323 | | int sz = sizeof(timeout); |
324 | | |
325 | | if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, |
326 | | (void *)&timeout, &sz) |
327 | | < 0) |
328 | | ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), |
329 | | "calling getsockopt()"); |
330 | | else |
331 | | data->socket_timeout = ossl_ms2time(timeout); |
332 | | #else |
333 | 0 | struct timeval tv; |
334 | 0 | socklen_t sz = sizeof(tv); |
335 | |
|
336 | 0 | if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, &tv, &sz) < 0) |
337 | 0 | ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), |
338 | 0 | "calling getsockopt()"); |
339 | 0 | else |
340 | 0 | data->socket_timeout = ossl_time_from_timeval(tv); |
341 | 0 | #endif |
342 | | |
343 | | /* Calculate time left until timer expires */ |
344 | 0 | timeleft = ossl_time_subtract(data->next_timeout, ossl_time_now()); |
345 | 0 | if (ossl_time_compare(timeleft, ossl_ticks2time(OSSL_TIME_US)) < 0) |
346 | 0 | timeleft = ossl_ticks2time(OSSL_TIME_US); |
347 | | |
348 | | /* |
349 | | * Adjust socket timeout if next handshake message timer will expire |
350 | | * earlier. |
351 | | */ |
352 | 0 | if (ossl_time_is_zero(data->socket_timeout) |
353 | 0 | || ossl_time_compare(data->socket_timeout, timeleft) >= 0) { |
354 | | #ifdef OPENSSL_SYS_WINDOWS |
355 | | timeout = (int)ossl_time2ms(timeleft); |
356 | | if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, |
357 | | (void *)&timeout, sizeof(timeout)) |
358 | | < 0) |
359 | | ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), |
360 | | "calling setsockopt()"); |
361 | | #else |
362 | 0 | tv = ossl_time_to_timeval(timeleft); |
363 | 0 | if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, &tv, |
364 | 0 | sizeof(tv)) |
365 | 0 | < 0) |
366 | 0 | ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), |
367 | 0 | "calling setsockopt()"); |
368 | 0 | #endif |
369 | 0 | } |
370 | 0 | } |
371 | 0 | #endif |
372 | 0 | } |
373 | | |
374 | | static void dgram_update_local_addr(BIO *b) |
375 | 0 | { |
376 | 0 | bio_dgram_data *data = (bio_dgram_data *)b->ptr; |
377 | 0 | socklen_t addr_len = sizeof(data->local_addr); |
378 | |
|
379 | 0 | if (getsockname(b->num, &data->local_addr.sa, &addr_len) < 0) |
380 | | /* |
381 | | * This should not be possible, but zero-initialize and return |
382 | | * anyway. |
383 | | */ |
384 | 0 | BIO_ADDR_clear(&data->local_addr); |
385 | 0 | } |
386 | | |
387 | | #if M_METHOD == M_METHOD_RECVMMSG || M_METHOD == M_METHOD_RECVMSG || M_METHOD == M_METHOD_WSARECVMSG |
388 | | static int dgram_get_sock_family(BIO *b) |
389 | 0 | { |
390 | 0 | bio_dgram_data *data = (bio_dgram_data *)b->ptr; |
391 | 0 | return data->local_addr.sa.sa_family; |
392 | 0 | } |
393 | | #endif |
394 | | |
395 | | static void dgram_reset_rcv_timeout(BIO *b) |
396 | 0 | { |
397 | 0 | #if defined(SO_RCVTIMEO) |
398 | 0 | bio_dgram_data *data = (bio_dgram_data *)b->ptr; |
399 | | |
400 | | /* Is a timer active? */ |
401 | 0 | if (!ossl_time_is_zero(data->next_timeout)) { |
402 | | #ifdef OPENSSL_SYS_WINDOWS |
403 | | int timeout = (int)ossl_time2ms(data->socket_timeout); |
404 | | |
405 | | if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, |
406 | | (void *)&timeout, sizeof(timeout)) |
407 | | < 0) |
408 | | ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), |
409 | | "calling setsockopt()"); |
410 | | #else |
411 | 0 | struct timeval tv = ossl_time_to_timeval(data->socket_timeout); |
412 | |
|
413 | 0 | if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, &tv, sizeof(tv)) < 0) |
414 | 0 | ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), |
415 | 0 | "calling setsockopt()"); |
416 | 0 | #endif |
417 | 0 | } |
418 | 0 | #endif |
419 | 0 | } |
420 | | |
421 | | static int dgram_read(BIO *b, char *out, int outl) |
422 | 0 | { |
423 | 0 | int ret = 0; |
424 | 0 | bio_dgram_data *data = (bio_dgram_data *)b->ptr; |
425 | 0 | int flags = 0; |
426 | |
|
427 | 0 | BIO_ADDR peer; |
428 | 0 | socklen_t len = sizeof(peer); |
429 | |
|
430 | 0 | if (out != NULL) { |
431 | 0 | clear_socket_error(); |
432 | 0 | BIO_ADDR_clear(&peer); |
433 | 0 | dgram_adjust_rcv_timeout(b); |
434 | 0 | if (data->peekmode) |
435 | 0 | flags = MSG_PEEK; |
436 | 0 | ret = recvfrom(b->num, out, outl, flags, |
437 | 0 | BIO_ADDR_sockaddr_noconst(&peer), &len); |
438 | |
|
439 | 0 | if (!data->connected && ret >= 0) |
440 | 0 | BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, &peer); |
441 | |
|
442 | 0 | BIO_clear_retry_flags(b); |
443 | 0 | if (ret < 0) { |
444 | 0 | if (BIO_dgram_should_retry(ret)) { |
445 | 0 | BIO_set_retry_read(b); |
446 | 0 | data->_errno = get_last_socket_error(); |
447 | 0 | } |
448 | 0 | } |
449 | |
|
450 | 0 | dgram_reset_rcv_timeout(b); |
451 | 0 | } |
452 | 0 | return ret; |
453 | 0 | } |
454 | | |
455 | | static int dgram_write(BIO *b, const char *in, int inl) |
456 | 0 | { |
457 | 0 | int ret; |
458 | 0 | bio_dgram_data *data = (bio_dgram_data *)b->ptr; |
459 | 0 | clear_socket_error(); |
460 | |
|
461 | 0 | if (data->connected) |
462 | 0 | ret = writesocket(b->num, in, inl); |
463 | 0 | else { |
464 | 0 | int peerlen = BIO_ADDR_sockaddr_size(&data->peer); |
465 | |
|
466 | 0 | ret = sendto(b->num, in, inl, 0, |
467 | 0 | BIO_ADDR_sockaddr(&data->peer), peerlen); |
468 | 0 | } |
469 | |
|
470 | 0 | BIO_clear_retry_flags(b); |
471 | 0 | if (ret <= 0) { |
472 | 0 | if (BIO_dgram_should_retry(ret)) { |
473 | 0 | BIO_set_retry_write(b); |
474 | 0 | data->_errno = get_last_socket_error(); |
475 | 0 | } |
476 | 0 | } |
477 | 0 | return ret; |
478 | 0 | } |
479 | | |
480 | | static long dgram_get_mtu_overhead(BIO_ADDR *addr) |
481 | 0 | { |
482 | 0 | long ret; |
483 | |
|
484 | 0 | switch (BIO_ADDR_family(addr)) { |
485 | 0 | case AF_INET: |
486 | | /* |
487 | | * Assume this is UDP - 20 bytes for IP, 8 bytes for UDP |
488 | | */ |
489 | 0 | ret = 28; |
490 | 0 | break; |
491 | 0 | #if OPENSSL_USE_IPV6 |
492 | 0 | case AF_INET6: { |
493 | 0 | #ifdef IN6_IS_ADDR_V4MAPPED |
494 | 0 | struct in6_addr tmp_addr; |
495 | |
|
496 | 0 | if (BIO_ADDR_rawaddress(addr, &tmp_addr, NULL) |
497 | 0 | && IN6_IS_ADDR_V4MAPPED(&tmp_addr)) |
498 | | /* |
499 | | * Assume this is UDP - 20 bytes for IP, 8 bytes for UDP |
500 | | */ |
501 | 0 | ret = 28; |
502 | 0 | else |
503 | 0 | #endif |
504 | | /* |
505 | | * Assume this is UDP - 40 bytes for IP, 8 bytes for UDP |
506 | | */ |
507 | 0 | ret = 48; |
508 | 0 | } break; |
509 | 0 | #endif |
510 | 0 | default: |
511 | | /* We don't know. Go with the historical default */ |
512 | 0 | ret = 28; |
513 | 0 | break; |
514 | 0 | } |
515 | 0 | return ret; |
516 | 0 | } |
517 | | |
518 | | /* Enables appropriate destination address reception option on the socket. */ |
519 | | #if defined(SUPPORT_LOCAL_ADDR) |
520 | | static int enable_local_addr(BIO *b, int enable) |
521 | 0 | { |
522 | 0 | int af = dgram_get_sock_family(b); |
523 | |
|
524 | 0 | if (af == AF_INET) { |
525 | 0 | #if defined(IP_PKTINFO) |
526 | | /* IP_PKTINFO is preferred */ |
527 | 0 | if (setsockopt(b->num, IPPROTO_IP, IP_PKTINFO, |
528 | 0 | (void *)&enable, sizeof(enable)) |
529 | 0 | < 0) |
530 | 0 | return 0; |
531 | | |
532 | 0 | return 1; |
533 | |
|
534 | | #elif defined(IP_RECVDSTADDR) |
535 | | /* Fall back to IP_RECVDSTADDR */ |
536 | | |
537 | | if (setsockopt(b->num, IPPROTO_IP, IP_RECVDSTADDR, |
538 | | &enable, sizeof(enable)) |
539 | | < 0) |
540 | | return 0; |
541 | | |
542 | | return 1; |
543 | | #endif |
544 | 0 | } |
545 | | |
546 | 0 | #if OPENSSL_USE_IPV6 |
547 | 0 | if (af == AF_INET6) { |
548 | 0 | #if defined(IPV6_RECVPKTINFO) |
549 | 0 | if (setsockopt(b->num, IPPROTO_IPV6, IPV6_RECVPKTINFO, |
550 | 0 | &enable, sizeof(enable)) |
551 | 0 | < 0) |
552 | 0 | return 0; |
553 | | |
554 | 0 | return 1; |
555 | 0 | #endif |
556 | 0 | } |
557 | 0 | #endif |
558 | | |
559 | 0 | return 0; |
560 | 0 | } |
561 | | #endif |
562 | | |
563 | | static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) |
564 | 0 | { |
565 | 0 | long ret = 1; |
566 | 0 | int *ip; |
567 | 0 | bio_dgram_data *data = NULL; |
568 | 0 | #ifndef __DJGPP__ |
569 | | /* There are currently no cases where this is used on djgpp/watt32. */ |
570 | 0 | int sockopt_val = 0; |
571 | 0 | #endif |
572 | 0 | int d_errno; |
573 | 0 | #if defined(OPENSSL_SYS_LINUX) && (defined(IP_MTU_DISCOVER) || defined(IP_MTU)) |
574 | 0 | socklen_t sockopt_len; /* assume that system supporting IP_MTU is |
575 | | * modern enough to define socklen_t */ |
576 | 0 | socklen_t addr_len; |
577 | 0 | BIO_ADDR addr; |
578 | 0 | #endif |
579 | 0 | struct sockaddr_storage ss; |
580 | 0 | socklen_t ss_len = sizeof(ss); |
581 | |
|
582 | 0 | data = (bio_dgram_data *)b->ptr; |
583 | |
|
584 | 0 | switch (cmd) { |
585 | 0 | case BIO_CTRL_RESET: |
586 | 0 | num = 0; |
587 | 0 | ret = 0; |
588 | 0 | break; |
589 | 0 | case BIO_CTRL_INFO: |
590 | 0 | ret = 0; |
591 | 0 | break; |
592 | 0 | case BIO_C_SET_FD: |
593 | 0 | dgram_clear(b); |
594 | 0 | b->num = *((int *)ptr); |
595 | 0 | b->shutdown = (int)num; |
596 | 0 | b->init = 1; |
597 | 0 | dgram_update_local_addr(b); |
598 | 0 | if (getpeername(b->num, (struct sockaddr *)&ss, &ss_len) == 0) { |
599 | 0 | BIO_ADDR_make(&data->peer, BIO_ADDR_sockaddr((BIO_ADDR *)&ss)); |
600 | 0 | data->connected = 1; |
601 | 0 | } |
602 | 0 | #if defined(SUPPORT_LOCAL_ADDR) |
603 | 0 | if (data->local_addr_enabled) { |
604 | 0 | if (enable_local_addr(b, 1) < 1) |
605 | 0 | data->local_addr_enabled = 0; |
606 | 0 | } |
607 | 0 | #endif |
608 | 0 | break; |
609 | 0 | case BIO_C_GET_FD: |
610 | 0 | if (b->init) { |
611 | 0 | ip = (int *)ptr; |
612 | 0 | if (ip != NULL) |
613 | 0 | *ip = b->num; |
614 | 0 | ret = b->num; |
615 | 0 | } else |
616 | 0 | ret = -1; |
617 | 0 | break; |
618 | 0 | case BIO_CTRL_GET_CLOSE: |
619 | 0 | ret = b->shutdown; |
620 | 0 | break; |
621 | 0 | case BIO_CTRL_SET_CLOSE: |
622 | 0 | b->shutdown = (int)num; |
623 | 0 | break; |
624 | 0 | case BIO_CTRL_PENDING: |
625 | 0 | case BIO_CTRL_WPENDING: |
626 | 0 | ret = 0; |
627 | 0 | break; |
628 | 0 | case BIO_CTRL_DUP: |
629 | 0 | case BIO_CTRL_FLUSH: |
630 | 0 | ret = 1; |
631 | 0 | break; |
632 | 0 | case BIO_CTRL_DGRAM_CONNECT: |
633 | 0 | BIO_ADDR_make(&data->peer, BIO_ADDR_sockaddr((BIO_ADDR *)ptr)); |
634 | 0 | break; |
635 | | /* (Linux)kernel sets DF bit on outgoing IP packets */ |
636 | 0 | case BIO_CTRL_DGRAM_MTU_DISCOVER: |
637 | 0 | #if defined(OPENSSL_SYS_LINUX) && defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DO) |
638 | 0 | addr_len = (socklen_t)sizeof(addr); |
639 | 0 | BIO_ADDR_clear(&addr); |
640 | 0 | if (getsockname(b->num, &addr.sa, &addr_len) < 0) { |
641 | 0 | ret = 0; |
642 | 0 | break; |
643 | 0 | } |
644 | 0 | switch (addr.sa.sa_family) { |
645 | 0 | case AF_INET: |
646 | 0 | sockopt_val = IP_PMTUDISC_DO; |
647 | 0 | if ((ret = setsockopt(b->num, IPPROTO_IP, IP_MTU_DISCOVER, |
648 | 0 | &sockopt_val, sizeof(sockopt_val))) |
649 | 0 | < 0) |
650 | 0 | ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), |
651 | 0 | "calling setsockopt()"); |
652 | 0 | break; |
653 | 0 | #if OPENSSL_USE_IPV6 && defined(IPV6_MTU_DISCOVER) && defined(IPV6_PMTUDISC_DO) |
654 | 0 | case AF_INET6: |
655 | 0 | sockopt_val = IPV6_PMTUDISC_DO; |
656 | 0 | if ((ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_MTU_DISCOVER, |
657 | 0 | &sockopt_val, sizeof(sockopt_val))) |
658 | 0 | < 0) |
659 | 0 | ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), |
660 | 0 | "calling setsockopt()"); |
661 | 0 | break; |
662 | 0 | #endif |
663 | 0 | default: |
664 | 0 | ret = -1; |
665 | 0 | break; |
666 | 0 | } |
667 | | #else |
668 | | ret = -1; |
669 | | #endif |
670 | 0 | break; |
671 | 0 | case BIO_CTRL_DGRAM_QUERY_MTU: |
672 | 0 | #if defined(OPENSSL_SYS_LINUX) && defined(IP_MTU) |
673 | 0 | addr_len = (socklen_t)sizeof(addr); |
674 | 0 | BIO_ADDR_clear(&addr); |
675 | 0 | if (getsockname(b->num, &addr.sa, &addr_len) < 0) { |
676 | 0 | ret = 0; |
677 | 0 | break; |
678 | 0 | } |
679 | 0 | sockopt_len = sizeof(sockopt_val); |
680 | 0 | switch (addr.sa.sa_family) { |
681 | 0 | case AF_INET: |
682 | 0 | if ((ret = getsockopt(b->num, IPPROTO_IP, IP_MTU, (void *)&sockopt_val, |
683 | 0 | &sockopt_len)) |
684 | 0 | < 0 |
685 | 0 | || sockopt_val < 0) { |
686 | 0 | ret = 0; |
687 | 0 | } else { |
688 | 0 | data->mtu = sockopt_val - dgram_get_mtu_overhead(&addr); |
689 | 0 | ret = data->mtu; |
690 | 0 | } |
691 | 0 | break; |
692 | 0 | #if OPENSSL_USE_IPV6 && defined(IPV6_MTU) |
693 | 0 | case AF_INET6: |
694 | 0 | if ((ret = getsockopt(b->num, IPPROTO_IPV6, IPV6_MTU, |
695 | 0 | (void *)&sockopt_val, &sockopt_len)) |
696 | 0 | < 0 |
697 | 0 | || sockopt_val < 0) { |
698 | 0 | ret = 0; |
699 | 0 | } else { |
700 | 0 | data->mtu = sockopt_val - dgram_get_mtu_overhead(&addr); |
701 | 0 | ret = data->mtu; |
702 | 0 | } |
703 | 0 | break; |
704 | 0 | #endif |
705 | 0 | default: |
706 | 0 | ret = 0; |
707 | 0 | break; |
708 | 0 | } |
709 | | #else |
710 | | ret = 0; |
711 | | #endif |
712 | 0 | break; |
713 | 0 | case BIO_CTRL_DGRAM_GET_FALLBACK_MTU: |
714 | 0 | ret = -dgram_get_mtu_overhead(&data->peer); |
715 | 0 | switch (BIO_ADDR_family(&data->peer)) { |
716 | 0 | case AF_INET: |
717 | 0 | ret += 576; |
718 | 0 | break; |
719 | 0 | #if OPENSSL_USE_IPV6 |
720 | 0 | case AF_INET6: { |
721 | 0 | #ifdef IN6_IS_ADDR_V4MAPPED |
722 | 0 | struct in6_addr tmp_addr; |
723 | 0 | if (BIO_ADDR_rawaddress(&data->peer, &tmp_addr, NULL) |
724 | 0 | && IN6_IS_ADDR_V4MAPPED(&tmp_addr)) |
725 | 0 | ret += 576; |
726 | 0 | else |
727 | 0 | #endif |
728 | 0 | ret += 1280; |
729 | 0 | } break; |
730 | 0 | #endif |
731 | 0 | default: |
732 | 0 | ret += 576; |
733 | 0 | break; |
734 | 0 | } |
735 | 0 | break; |
736 | 0 | case BIO_CTRL_DGRAM_GET_MTU: |
737 | 0 | return data->mtu; |
738 | 0 | case BIO_CTRL_DGRAM_SET_MTU: |
739 | 0 | data->mtu = num; |
740 | 0 | ret = num; |
741 | 0 | break; |
742 | 0 | case BIO_CTRL_DGRAM_SET_CONNECTED: |
743 | 0 | if (ptr != NULL) { |
744 | 0 | data->connected = 1; |
745 | 0 | BIO_ADDR_make(&data->peer, BIO_ADDR_sockaddr((BIO_ADDR *)ptr)); |
746 | 0 | } else { |
747 | 0 | data->connected = 0; |
748 | 0 | BIO_ADDR_clear(&data->peer); |
749 | 0 | } |
750 | 0 | break; |
751 | 0 | case BIO_CTRL_DGRAM_GET_PEER: |
752 | 0 | ret = BIO_ADDR_sockaddr_size(&data->peer); |
753 | | /* FIXME: if num < ret, we will only return part of an address. |
754 | | That should bee an error, no? */ |
755 | 0 | if (num == 0 || num > ret) |
756 | 0 | num = ret; |
757 | 0 | memcpy(ptr, &data->peer, (ret = num)); |
758 | 0 | break; |
759 | 0 | case BIO_CTRL_DGRAM_SET_PEER: |
760 | 0 | BIO_ADDR_make(&data->peer, BIO_ADDR_sockaddr((BIO_ADDR *)ptr)); |
761 | 0 | break; |
762 | 0 | case BIO_CTRL_DGRAM_DETECT_PEER_ADDR: { |
763 | 0 | BIO_ADDR xaddr, *p = &data->peer; |
764 | 0 | socklen_t xaddr_len = sizeof(xaddr.sa); |
765 | |
|
766 | 0 | if (BIO_ADDR_family(p) == AF_UNSPEC) { |
767 | 0 | if (getpeername(b->num, (void *)&xaddr.sa, &xaddr_len) == 0 |
768 | 0 | && BIO_ADDR_family(&xaddr) != AF_UNSPEC) { |
769 | 0 | p = &xaddr; |
770 | 0 | } else { |
771 | 0 | ret = 0; |
772 | 0 | break; |
773 | 0 | } |
774 | 0 | } |
775 | | |
776 | 0 | ret = BIO_ADDR_sockaddr_size(p); |
777 | 0 | if (num == 0 || num > ret) |
778 | 0 | num = ret; |
779 | |
|
780 | 0 | memcpy(ptr, p, (ret = num)); |
781 | 0 | } break; |
782 | 0 | case BIO_C_SET_NBIO: |
783 | 0 | if (!BIO_socket_nbio(b->num, num != 0)) |
784 | 0 | ret = 0; |
785 | 0 | break; |
786 | 0 | case BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT: |
787 | 0 | data->next_timeout = ossl_time_from_timeval(*(struct timeval *)ptr); |
788 | 0 | break; |
789 | 0 | #if defined(SO_RCVTIMEO) |
790 | 0 | case BIO_CTRL_DGRAM_SET_RECV_TIMEOUT: |
791 | | #ifdef OPENSSL_SYS_WINDOWS |
792 | | { |
793 | | struct timeval *tv = (struct timeval *)ptr; |
794 | | int timeout = tv->tv_sec * 1000 + tv->tv_usec / 1000; |
795 | | |
796 | | if ((ret = setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, |
797 | | (void *)&timeout, sizeof(timeout))) |
798 | | < 0) |
799 | | ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), |
800 | | "calling setsockopt()"); |
801 | | } |
802 | | #else |
803 | 0 | if ((ret = setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, ptr, |
804 | 0 | sizeof(struct timeval))) |
805 | 0 | < 0) |
806 | 0 | ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), |
807 | 0 | "calling setsockopt()"); |
808 | 0 | #endif |
809 | 0 | break; |
810 | 0 | case BIO_CTRL_DGRAM_GET_RECV_TIMEOUT: { |
811 | | #ifdef OPENSSL_SYS_WINDOWS |
812 | | int sz = 0; |
813 | | int timeout; |
814 | | struct timeval *tv = (struct timeval *)ptr; |
815 | | |
816 | | sz = sizeof(timeout); |
817 | | if ((ret = getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, |
818 | | (void *)&timeout, &sz)) |
819 | | < 0) { |
820 | | ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), |
821 | | "calling getsockopt()"); |
822 | | } else { |
823 | | tv->tv_sec = timeout / 1000; |
824 | | tv->tv_usec = (timeout % 1000) * 1000; |
825 | | ret = sizeof(*tv); |
826 | | } |
827 | | #else |
828 | 0 | socklen_t sz = sizeof(struct timeval); |
829 | |
|
830 | 0 | if ((ret = getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, |
831 | 0 | ptr, &sz)) |
832 | 0 | < 0) { |
833 | 0 | ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), |
834 | 0 | "calling getsockopt()"); |
835 | 0 | } else if (!ossl_assert((size_t)sz == sizeof(struct timeval))) { |
836 | 0 | ERR_raise_data(ERR_LIB_BIO, ERR_R_INTERNAL_ERROR, |
837 | 0 | "Unexpected getsockopt(SO_RCVTIMEO) return size"); |
838 | 0 | ret = -1; |
839 | 0 | } else { |
840 | 0 | ret = (int)sz; |
841 | 0 | } |
842 | 0 | #endif |
843 | 0 | } break; |
844 | 0 | #endif |
845 | 0 | #if defined(SO_SNDTIMEO) |
846 | 0 | case BIO_CTRL_DGRAM_SET_SEND_TIMEOUT: |
847 | | #ifdef OPENSSL_SYS_WINDOWS |
848 | | { |
849 | | struct timeval *tv = (struct timeval *)ptr; |
850 | | int timeout = tv->tv_sec * 1000 + tv->tv_usec / 1000; |
851 | | |
852 | | if ((ret = setsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, |
853 | | (void *)&timeout, sizeof(timeout))) |
854 | | < 0) |
855 | | ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), |
856 | | "calling setsockopt()"); |
857 | | } |
858 | | #else |
859 | 0 | if ((ret = setsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, ptr, |
860 | 0 | sizeof(struct timeval))) |
861 | 0 | < 0) |
862 | 0 | ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), |
863 | 0 | "calling setsockopt()"); |
864 | 0 | #endif |
865 | 0 | break; |
866 | 0 | case BIO_CTRL_DGRAM_GET_SEND_TIMEOUT: { |
867 | | #ifdef OPENSSL_SYS_WINDOWS |
868 | | int sz = 0; |
869 | | int timeout; |
870 | | struct timeval *tv = (struct timeval *)ptr; |
871 | | |
872 | | sz = sizeof(timeout); |
873 | | if ((ret = getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, |
874 | | (void *)&timeout, &sz)) |
875 | | < 0) { |
876 | | ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), |
877 | | "calling getsockopt()"); |
878 | | } else { |
879 | | tv->tv_sec = timeout / 1000; |
880 | | tv->tv_usec = (timeout % 1000) * 1000; |
881 | | ret = sizeof(*tv); |
882 | | } |
883 | | #else |
884 | 0 | socklen_t sz = sizeof(struct timeval); |
885 | |
|
886 | 0 | if ((ret = getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, |
887 | 0 | ptr, &sz)) |
888 | 0 | < 0) { |
889 | 0 | ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), |
890 | 0 | "calling getsockopt()"); |
891 | 0 | } else if (!ossl_assert((size_t)sz == sizeof(struct timeval))) { |
892 | 0 | ERR_raise_data(ERR_LIB_BIO, ERR_R_INTERNAL_ERROR, |
893 | 0 | "Unexpected getsockopt(SO_SNDTIMEO) return size"); |
894 | 0 | ret = -1; |
895 | 0 | } else { |
896 | 0 | ret = (int)sz; |
897 | 0 | } |
898 | 0 | #endif |
899 | 0 | } break; |
900 | 0 | #endif |
901 | 0 | case BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP: |
902 | | /* fall-through */ |
903 | 0 | case BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP: |
904 | | #ifdef OPENSSL_SYS_WINDOWS |
905 | | d_errno = (data->_errno == WSAETIMEDOUT); |
906 | | #else |
907 | 0 | d_errno = (data->_errno == EAGAIN); |
908 | 0 | #endif |
909 | 0 | if (d_errno) { |
910 | 0 | ret = 1; |
911 | 0 | data->_errno = 0; |
912 | 0 | } else |
913 | 0 | ret = 0; |
914 | 0 | break; |
915 | 0 | #ifdef EMSGSIZE |
916 | 0 | case BIO_CTRL_DGRAM_MTU_EXCEEDED: |
917 | 0 | if (data->_errno == EMSGSIZE) { |
918 | 0 | ret = 1; |
919 | 0 | data->_errno = 0; |
920 | 0 | } else |
921 | 0 | ret = 0; |
922 | 0 | break; |
923 | 0 | #endif |
924 | 0 | case BIO_CTRL_DGRAM_SET_DONT_FRAG: |
925 | 0 | switch (data->peer.sa.sa_family) { |
926 | 0 | case AF_INET: |
927 | | #if defined(IP_DONTFRAG) |
928 | | sockopt_val = num ? 1 : 0; |
929 | | if ((ret = setsockopt(b->num, IPPROTO_IP, IP_DONTFRAG, |
930 | | &sockopt_val, sizeof(sockopt_val))) |
931 | | < 0) |
932 | | ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), |
933 | | "calling setsockopt()"); |
934 | | #elif defined(OPENSSL_SYS_LINUX) && defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_PROBE) |
935 | 0 | sockopt_val = num ? IP_PMTUDISC_PROBE : IP_PMTUDISC_DONT; |
936 | 0 | if ((ret = setsockopt(b->num, IPPROTO_IP, IP_MTU_DISCOVER, |
937 | 0 | &sockopt_val, sizeof(sockopt_val))) |
938 | 0 | < 0) |
939 | 0 | ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), |
940 | 0 | "calling setsockopt()"); |
941 | | #elif defined(OPENSSL_SYS_WINDOWS) && defined(IP_DONTFRAGMENT) |
942 | | sockopt_val = num ? 1 : 0; |
943 | | if ((ret = setsockopt(b->num, IPPROTO_IP, IP_DONTFRAGMENT, |
944 | | (const char *)&sockopt_val, |
945 | | sizeof(sockopt_val))) |
946 | | < 0) |
947 | | ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), |
948 | | "calling setsockopt()"); |
949 | | #else |
950 | | ret = -1; |
951 | | #endif |
952 | 0 | break; |
953 | 0 | #if OPENSSL_USE_IPV6 |
954 | 0 | case AF_INET6: |
955 | 0 | #if defined(IPV6_DONTFRAG) |
956 | 0 | sockopt_val = num ? 1 : 0; |
957 | 0 | if ((ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_DONTFRAG, |
958 | 0 | (const void *)&sockopt_val, |
959 | 0 | sizeof(sockopt_val))) |
960 | 0 | < 0) |
961 | 0 | ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), |
962 | 0 | "calling setsockopt()"); |
963 | |
|
964 | | #elif defined(OPENSSL_SYS_LINUX) && defined(IPV6_MTU_DISCOVER) |
965 | | sockopt_val = num ? IPV6_PMTUDISC_PROBE : IPV6_PMTUDISC_DONT; |
966 | | if ((ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_MTU_DISCOVER, |
967 | | &sockopt_val, sizeof(sockopt_val))) |
968 | | < 0) |
969 | | ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), |
970 | | "calling setsockopt()"); |
971 | | #else |
972 | | ret = -1; |
973 | | #endif |
974 | 0 | break; |
975 | 0 | #endif |
976 | 0 | default: |
977 | 0 | ret = -1; |
978 | 0 | break; |
979 | 0 | } |
980 | 0 | break; |
981 | 0 | case BIO_CTRL_DGRAM_GET_MTU_OVERHEAD: |
982 | 0 | ret = dgram_get_mtu_overhead(&data->peer); |
983 | 0 | break; |
984 | | |
985 | | /* |
986 | | * BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE is used here for compatibility |
987 | | * reasons. When BIO_CTRL_DGRAM_SET_PEEK_MODE was first defined its value |
988 | | * was incorrectly clashing with BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE. The |
989 | | * value has been updated to a non-clashing value. However to preserve |
990 | | * binary compatibility we now respond to both the old value and the new one |
991 | | */ |
992 | 0 | case BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE: |
993 | 0 | case BIO_CTRL_DGRAM_SET_PEEK_MODE: |
994 | 0 | data->peekmode = (unsigned int)num; |
995 | 0 | break; |
996 | | |
997 | 0 | case BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP: |
998 | 0 | #if defined(SUPPORT_LOCAL_ADDR) |
999 | 0 | ret = 1; |
1000 | | #else |
1001 | | ret = 0; |
1002 | | #endif |
1003 | 0 | break; |
1004 | | |
1005 | 0 | case BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE: |
1006 | 0 | #if defined(SUPPORT_LOCAL_ADDR) |
1007 | 0 | num = num > 0; |
1008 | 0 | if (num != data->local_addr_enabled) { |
1009 | 0 | if (enable_local_addr(b, num) < 1) { |
1010 | 0 | ret = 0; |
1011 | 0 | break; |
1012 | 0 | } |
1013 | | |
1014 | 0 | data->local_addr_enabled = (char)num; |
1015 | 0 | } |
1016 | | #else |
1017 | | ret = 0; |
1018 | | #endif |
1019 | 0 | break; |
1020 | | |
1021 | 0 | case BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE: |
1022 | 0 | *(int *)ptr = data->local_addr_enabled; |
1023 | 0 | break; |
1024 | | |
1025 | 0 | case BIO_CTRL_DGRAM_GET_EFFECTIVE_CAPS: |
1026 | 0 | ret = (long)(BIO_DGRAM_CAP_HANDLES_DST_ADDR |
1027 | 0 | | BIO_DGRAM_CAP_HANDLES_SRC_ADDR |
1028 | 0 | | BIO_DGRAM_CAP_PROVIDES_DST_ADDR |
1029 | 0 | | BIO_DGRAM_CAP_PROVIDES_SRC_ADDR); |
1030 | 0 | break; |
1031 | | |
1032 | 0 | case BIO_CTRL_GET_RPOLL_DESCRIPTOR: |
1033 | 0 | case BIO_CTRL_GET_WPOLL_DESCRIPTOR: { |
1034 | 0 | BIO_POLL_DESCRIPTOR *pd = ptr; |
1035 | |
|
1036 | 0 | pd->type = BIO_POLL_DESCRIPTOR_TYPE_SOCK_FD; |
1037 | 0 | pd->value.fd = b->num; |
1038 | 0 | } break; |
1039 | | |
1040 | 0 | default: |
1041 | 0 | ret = 0; |
1042 | 0 | break; |
1043 | 0 | } |
1044 | | /* Normalize if error */ |
1045 | 0 | if (ret < 0) |
1046 | 0 | ret = -1; |
1047 | 0 | return ret; |
1048 | 0 | } |
1049 | | |
1050 | | static int dgram_puts(BIO *bp, const char *str) |
1051 | 0 | { |
1052 | 0 | int ret; |
1053 | 0 | size_t n = strlen(str); |
1054 | |
|
1055 | 0 | if (n > INT_MAX) |
1056 | 0 | return -1; |
1057 | 0 | ret = dgram_write(bp, str, (int)n); |
1058 | 0 | return ret; |
1059 | 0 | } |
1060 | | |
1061 | | #if M_METHOD == M_METHOD_WSARECVMSG |
1062 | | static void translate_msg_win(BIO *b, WSAMSG *mh, WSABUF *iov, |
1063 | | unsigned char *control, BIO_MSG *msg) |
1064 | | { |
1065 | | iov->len = msg->data_len; |
1066 | | iov->buf = msg->data; |
1067 | | |
1068 | | /* Windows requires namelen to be set exactly */ |
1069 | | mh->name = msg->peer != NULL ? &msg->peer->sa : NULL; |
1070 | | if (msg->peer != NULL && dgram_get_sock_family(b) == AF_INET) |
1071 | | mh->namelen = sizeof(struct sockaddr_in); |
1072 | | #if OPENSSL_USE_IPV6 |
1073 | | else if (msg->peer != NULL && dgram_get_sock_family(b) == AF_INET6) |
1074 | | mh->namelen = sizeof(struct sockaddr_in6); |
1075 | | #endif |
1076 | | else |
1077 | | mh->namelen = 0; |
1078 | | |
1079 | | /* |
1080 | | * When local address reception (IP_PKTINFO, etc.) is enabled, on Windows |
1081 | | * this causes WSARecvMsg to fail if the control buffer is too small to hold |
1082 | | * the structure, or if no control buffer is passed. So we need to give it |
1083 | | * the control buffer even if we aren't actually going to examine the |
1084 | | * result. |
1085 | | */ |
1086 | | mh->lpBuffers = iov; |
1087 | | mh->dwBufferCount = 1; |
1088 | | mh->Control.len = BIO_CMSG_ALLOC_LEN; |
1089 | | mh->Control.buf = control; |
1090 | | mh->dwFlags = 0; |
1091 | | } |
1092 | | #endif |
1093 | | |
1094 | | #if M_METHOD == M_METHOD_RECVMMSG || M_METHOD == M_METHOD_RECVMSG |
1095 | | /* Translates a BIO_MSG to a msghdr and iovec. */ |
1096 | | static void translate_msg(BIO *b, struct msghdr *mh, struct iovec *iov, |
1097 | | unsigned char *control, BIO_MSG *msg) |
1098 | 0 | { |
1099 | 0 | bio_dgram_data *data; |
1100 | |
|
1101 | 0 | iov->iov_base = msg->data; |
1102 | 0 | iov->iov_len = msg->data_len; |
1103 | |
|
1104 | 0 | data = (bio_dgram_data *)b->ptr; |
1105 | 0 | if (data->connected == 0) { |
1106 | | /* macOS requires msg_namelen be 0 if msg_name is NULL */ |
1107 | 0 | mh->msg_name = msg->peer != NULL ? &msg->peer->sa : NULL; |
1108 | 0 | if (msg->peer != NULL && dgram_get_sock_family(b) == AF_INET) |
1109 | 0 | mh->msg_namelen = sizeof(struct sockaddr_in); |
1110 | 0 | #if OPENSSL_USE_IPV6 |
1111 | 0 | else if (msg->peer != NULL && dgram_get_sock_family(b) == AF_INET6) |
1112 | 0 | mh->msg_namelen = sizeof(struct sockaddr_in6); |
1113 | 0 | #endif |
1114 | 0 | else |
1115 | 0 | mh->msg_namelen = 0; |
1116 | 0 | } else { |
1117 | 0 | mh->msg_name = NULL; |
1118 | 0 | mh->msg_namelen = 0; |
1119 | 0 | } |
1120 | |
|
1121 | 0 | mh->msg_iov = iov; |
1122 | 0 | mh->msg_iovlen = 1; |
1123 | 0 | mh->msg_control = msg->local != NULL ? control : NULL; |
1124 | 0 | mh->msg_controllen = msg->local != NULL ? BIO_CMSG_ALLOC_LEN : 0; |
1125 | 0 | mh->msg_flags = 0; |
1126 | 0 | } |
1127 | | #endif |
1128 | | |
1129 | | #if M_METHOD == M_METHOD_RECVMMSG || M_METHOD == M_METHOD_RECVMSG || M_METHOD == M_METHOD_WSARECVMSG |
1130 | | /* Extracts destination address from the control buffer. */ |
1131 | | static int extract_local(BIO *b, MSGHDR_TYPE *mh, BIO_ADDR *local) |
1132 | 0 | { |
1133 | 0 | #if defined(IP_PKTINFO) || defined(IP_RECVDSTADDR) || defined(IPV6_PKTINFO) |
1134 | 0 | CMSGHDR_TYPE *cmsg; |
1135 | 0 | int af = dgram_get_sock_family(b); |
1136 | |
|
1137 | 0 | for (cmsg = BIO_CMSG_FIRSTHDR(mh); cmsg != NULL; |
1138 | 0 | cmsg = BIO_CMSG_NXTHDR(mh, cmsg)) { |
1139 | 0 | if (af == AF_INET) { |
1140 | 0 | if (cmsg->cmsg_level != IPPROTO_IP) |
1141 | 0 | continue; |
1142 | | |
1143 | 0 | #if defined(IP_PKTINFO) |
1144 | 0 | if (cmsg->cmsg_type != IP_PKTINFO) |
1145 | 0 | continue; |
1146 | | |
1147 | 0 | local->s_in.sin_addr = ((struct in_pktinfo *)BIO_CMSG_DATA(cmsg))->ipi_addr; |
1148 | |
|
1149 | | #elif defined(IP_RECVDSTADDR) |
1150 | | if (cmsg->cmsg_type != IP_RECVDSTADDR) |
1151 | | continue; |
1152 | | |
1153 | | local->s_in.sin_addr = *(struct in_addr *)BIO_CMSG_DATA(cmsg); |
1154 | | #endif |
1155 | |
|
1156 | 0 | #if defined(IP_PKTINFO) || defined(IP_RECVDSTADDR) |
1157 | 0 | { |
1158 | 0 | bio_dgram_data *data = b->ptr; |
1159 | |
|
1160 | 0 | local->s_in.sin_family = AF_INET; |
1161 | 0 | local->s_in.sin_port = data->local_addr.s_in.sin_port; |
1162 | 0 | } |
1163 | 0 | return 1; |
1164 | 0 | #endif |
1165 | 0 | } |
1166 | 0 | #if OPENSSL_USE_IPV6 |
1167 | 0 | else if (af == AF_INET6) { |
1168 | 0 | if (cmsg->cmsg_level != IPPROTO_IPV6) |
1169 | 0 | continue; |
1170 | | |
1171 | 0 | #if defined(IPV6_RECVPKTINFO) |
1172 | 0 | if (cmsg->cmsg_type != IPV6_PKTINFO) |
1173 | 0 | continue; |
1174 | | |
1175 | 0 | { |
1176 | 0 | bio_dgram_data *data = b->ptr; |
1177 | |
|
1178 | 0 | local->s_in6.sin6_addr = ((struct in6_pktinfo *)BIO_CMSG_DATA(cmsg))->ipi6_addr; |
1179 | 0 | local->s_in6.sin6_family = AF_INET6; |
1180 | 0 | local->s_in6.sin6_port = data->local_addr.s_in6.sin6_port; |
1181 | 0 | local->s_in6.sin6_scope_id = data->local_addr.s_in6.sin6_scope_id; |
1182 | 0 | local->s_in6.sin6_flowinfo = 0; |
1183 | 0 | } |
1184 | 0 | return 1; |
1185 | 0 | #endif |
1186 | 0 | } |
1187 | 0 | #endif |
1188 | 0 | } |
1189 | 0 | #endif |
1190 | | |
1191 | 0 | return 0; |
1192 | 0 | } |
1193 | | |
1194 | | static int pack_local(BIO *b, MSGHDR_TYPE *mh, const BIO_ADDR *local) |
1195 | 0 | { |
1196 | 0 | int af = dgram_get_sock_family(b); |
1197 | 0 | #if defined(IP_PKTINFO) || defined(IP_RECVDSTADDR) || defined(IPV6_PKTINFO) |
1198 | 0 | CMSGHDR_TYPE *cmsg; |
1199 | 0 | bio_dgram_data *data = b->ptr; |
1200 | 0 | #endif |
1201 | |
|
1202 | 0 | if (af == AF_INET) { |
1203 | 0 | #if defined(IP_PKTINFO) |
1204 | 0 | struct in_pktinfo *info; |
1205 | |
|
1206 | | #if defined(OPENSSL_SYS_WINDOWS) |
1207 | | cmsg = (CMSGHDR_TYPE *)mh->Control.buf; |
1208 | | #else |
1209 | 0 | cmsg = (CMSGHDR_TYPE *)mh->msg_control; |
1210 | 0 | #endif |
1211 | |
|
1212 | 0 | cmsg->cmsg_len = BIO_CMSG_LEN(sizeof(struct in_pktinfo)); |
1213 | 0 | cmsg->cmsg_level = IPPROTO_IP; |
1214 | 0 | cmsg->cmsg_type = IP_PKTINFO; |
1215 | |
|
1216 | 0 | info = (struct in_pktinfo *)BIO_CMSG_DATA(cmsg); |
1217 | 0 | #if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_CYGWIN) && !defined(__FreeBSD__) && !defined(__QNX__) |
1218 | 0 | info->ipi_spec_dst = local->s_in.sin_addr; |
1219 | 0 | #endif |
1220 | 0 | info->ipi_addr.s_addr = 0; |
1221 | 0 | info->ipi_ifindex = 0; |
1222 | | |
1223 | | /* |
1224 | | * We cannot override source port using this API, therefore |
1225 | | * ensure the application specified a source port of 0 |
1226 | | * or the one we are bound to. (Better to error than silently |
1227 | | * ignore this.) |
1228 | | */ |
1229 | 0 | if (local->s_in.sin_port != 0 |
1230 | 0 | && data->local_addr.s_in.sin_port != local->s_in.sin_port) { |
1231 | 0 | ERR_raise(ERR_LIB_BIO, BIO_R_PORT_MISMATCH); |
1232 | 0 | return 0; |
1233 | 0 | } |
1234 | | |
1235 | | #if defined(OPENSSL_SYS_WINDOWS) |
1236 | | mh->Control.len = BIO_CMSG_SPACE(sizeof(struct in_pktinfo)); |
1237 | | #else |
1238 | 0 | mh->msg_controllen = BIO_CMSG_SPACE(sizeof(struct in_pktinfo)); |
1239 | 0 | #endif |
1240 | 0 | return 1; |
1241 | |
|
1242 | | #elif defined(IP_SENDSRCADDR) |
1243 | | struct in_addr *info; |
1244 | | |
1245 | | /* |
1246 | | * At least FreeBSD is very pedantic about using IP_SENDSRCADDR when we |
1247 | | * are not bound to 0.0.0.0 or ::, even if the address matches what we |
1248 | | * bound to. Support this by not packing the structure if the address |
1249 | | * matches our understanding of our local address. IP_SENDSRCADDR is a |
1250 | | * BSD thing, so we don't need an explicit test for BSD here. |
1251 | | */ |
1252 | | if (local->s_in.sin_addr.s_addr == data->local_addr.s_in.sin_addr.s_addr) { |
1253 | | mh->msg_control = NULL; |
1254 | | mh->msg_controllen = 0; |
1255 | | return 1; |
1256 | | } |
1257 | | |
1258 | | cmsg = (struct cmsghdr *)mh->msg_control; |
1259 | | cmsg->cmsg_len = BIO_CMSG_LEN(sizeof(struct in_addr)); |
1260 | | cmsg->cmsg_level = IPPROTO_IP; |
1261 | | cmsg->cmsg_type = IP_SENDSRCADDR; |
1262 | | |
1263 | | info = (struct in_addr *)BIO_CMSG_DATA(cmsg); |
1264 | | *info = local->s_in.sin_addr; |
1265 | | |
1266 | | /* See comment above. */ |
1267 | | if (local->s_in.sin_port != 0 |
1268 | | && data->local_addr.s_in.sin_port != local->s_in.sin_port) { |
1269 | | ERR_raise(ERR_LIB_BIO, BIO_R_PORT_MISMATCH); |
1270 | | return 0; |
1271 | | } |
1272 | | |
1273 | | mh->msg_controllen = BIO_CMSG_SPACE(sizeof(struct in_addr)); |
1274 | | return 1; |
1275 | | #endif |
1276 | 0 | } |
1277 | 0 | #if OPENSSL_USE_IPV6 |
1278 | 0 | else if (af == AF_INET6) { |
1279 | 0 | #if defined(IPV6_PKTINFO) |
1280 | 0 | struct in6_pktinfo *info; |
1281 | |
|
1282 | | #if defined(OPENSSL_SYS_WINDOWS) |
1283 | | cmsg = (CMSGHDR_TYPE *)mh->Control.buf; |
1284 | | #else |
1285 | 0 | cmsg = (CMSGHDR_TYPE *)mh->msg_control; |
1286 | 0 | #endif |
1287 | 0 | cmsg->cmsg_len = BIO_CMSG_LEN(sizeof(struct in6_pktinfo)); |
1288 | 0 | cmsg->cmsg_level = IPPROTO_IPV6; |
1289 | 0 | cmsg->cmsg_type = IPV6_PKTINFO; |
1290 | |
|
1291 | 0 | info = (struct in6_pktinfo *)BIO_CMSG_DATA(cmsg); |
1292 | 0 | info->ipi6_addr = local->s_in6.sin6_addr; |
1293 | 0 | info->ipi6_ifindex = 0; |
1294 | | |
1295 | | /* |
1296 | | * See comment above, but also applies to the other fields |
1297 | | * in sockaddr_in6. |
1298 | | */ |
1299 | 0 | if (local->s_in6.sin6_port != 0 |
1300 | 0 | && data->local_addr.s_in6.sin6_port != local->s_in6.sin6_port) { |
1301 | 0 | ERR_raise(ERR_LIB_BIO, BIO_R_PORT_MISMATCH); |
1302 | 0 | return 0; |
1303 | 0 | } |
1304 | | |
1305 | 0 | if (local->s_in6.sin6_scope_id != 0 |
1306 | 0 | && data->local_addr.s_in6.sin6_scope_id != local->s_in6.sin6_scope_id) { |
1307 | 0 | ERR_raise(ERR_LIB_BIO, BIO_R_PORT_MISMATCH); |
1308 | 0 | return 0; |
1309 | 0 | } |
1310 | | |
1311 | | #if defined(OPENSSL_SYS_WINDOWS) |
1312 | | mh->Control.len = BIO_CMSG_SPACE(sizeof(struct in6_pktinfo)); |
1313 | | #else |
1314 | 0 | mh->msg_controllen = BIO_CMSG_SPACE(sizeof(struct in6_pktinfo)); |
1315 | 0 | #endif |
1316 | 0 | return 1; |
1317 | 0 | #endif |
1318 | 0 | } |
1319 | 0 | #endif |
1320 | | |
1321 | 0 | return 0; |
1322 | 0 | } |
1323 | | #endif |
1324 | | |
1325 | | /* |
1326 | | * Converts flags passed to BIO_sendmmsg or BIO_recvmmsg to syscall flags. You |
1327 | | * should mask out any system flags returned by this function you cannot support |
1328 | | * in a particular circumstance. Currently no flags are defined. |
1329 | | */ |
1330 | | #if M_METHOD != M_METHOD_NONE |
1331 | | static int translate_flags(uint64_t flags) |
1332 | 0 | { |
1333 | 0 | return 0; |
1334 | 0 | } |
1335 | | #endif |
1336 | | |
1337 | | static int dgram_sendmmsg(BIO *b, BIO_MSG *msg, size_t stride, |
1338 | | size_t num_msg, uint64_t flags, size_t *num_processed) |
1339 | 0 | { |
1340 | 0 | #if M_METHOD != M_METHOD_NONE && M_METHOD != M_METHOD_RECVMSG |
1341 | 0 | int ret; |
1342 | 0 | #endif |
1343 | 0 | #if M_METHOD == M_METHOD_RECVMMSG |
1344 | 0 | #define BIO_MAX_MSGS_PER_CALL 64 |
1345 | 0 | int sysflags; |
1346 | 0 | bio_dgram_data *data = (bio_dgram_data *)b->ptr; |
1347 | 0 | size_t i; |
1348 | 0 | struct mmsghdr mh[BIO_MAX_MSGS_PER_CALL]; |
1349 | 0 | struct iovec iov[BIO_MAX_MSGS_PER_CALL]; |
1350 | 0 | unsigned char control[BIO_MAX_MSGS_PER_CALL][BIO_CMSG_ALLOC_LEN]; |
1351 | 0 | int have_local_enabled = data->local_addr_enabled; |
1352 | | #elif M_METHOD == M_METHOD_RECVMSG |
1353 | | int sysflags; |
1354 | | bio_dgram_data *data = (bio_dgram_data *)b->ptr; |
1355 | | ossl_ssize_t l; |
1356 | | struct msghdr mh; |
1357 | | struct iovec iov; |
1358 | | unsigned char control[BIO_CMSG_ALLOC_LEN]; |
1359 | | int have_local_enabled = data->local_addr_enabled; |
1360 | | #elif M_METHOD == M_METHOD_WSARECVMSG |
1361 | | bio_dgram_data *data = (bio_dgram_data *)b->ptr; |
1362 | | int have_local_enabled = data->local_addr_enabled; |
1363 | | WSAMSG wmsg; |
1364 | | WSABUF wbuf; |
1365 | | DWORD num_bytes_sent = 0; |
1366 | | unsigned char control[BIO_CMSG_ALLOC_LEN]; |
1367 | | #endif |
1368 | | #if M_METHOD == M_METHOD_RECVFROM || M_METHOD == M_METHOD_WSARECVMSG |
1369 | | int sysflags; |
1370 | | #endif |
1371 | |
|
1372 | 0 | if (num_msg == 0) { |
1373 | 0 | *num_processed = 0; |
1374 | 0 | return 1; |
1375 | 0 | } |
1376 | | |
1377 | 0 | if (num_msg > OSSL_SSIZE_MAX) |
1378 | 0 | num_msg = OSSL_SSIZE_MAX; |
1379 | |
|
1380 | 0 | #if M_METHOD != M_METHOD_NONE |
1381 | 0 | sysflags = translate_flags(flags); |
1382 | 0 | #endif |
1383 | |
|
1384 | 0 | #if M_METHOD == M_METHOD_RECVMMSG |
1385 | | /* |
1386 | | * In the sendmmsg/recvmmsg case, we need to allocate our translated struct |
1387 | | * msghdr and struct iovec on the stack to support multithreaded use. Thus |
1388 | | * we place a fixed limit on the number of messages per call, in the |
1389 | | * expectation that we will be called again if there were more messages to |
1390 | | * be sent. |
1391 | | */ |
1392 | 0 | if (num_msg > BIO_MAX_MSGS_PER_CALL) |
1393 | 0 | num_msg = BIO_MAX_MSGS_PER_CALL; |
1394 | |
|
1395 | 0 | for (i = 0; i < num_msg; ++i) { |
1396 | 0 | translate_msg(b, &mh[i].msg_hdr, &iov[i], |
1397 | 0 | control[i], &BIO_MSG_N(msg, stride, i)); |
1398 | | |
1399 | | /* If local address was requested, it must have been enabled */ |
1400 | 0 | if (BIO_MSG_N(msg, stride, i).local != NULL) { |
1401 | 0 | if (!have_local_enabled) { |
1402 | 0 | ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE); |
1403 | 0 | *num_processed = 0; |
1404 | 0 | return 0; |
1405 | 0 | } |
1406 | | |
1407 | 0 | if (pack_local(b, &mh[i].msg_hdr, |
1408 | 0 | BIO_MSG_N(msg, stride, i).local) |
1409 | 0 | < 1) { |
1410 | 0 | ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE); |
1411 | 0 | *num_processed = 0; |
1412 | 0 | return 0; |
1413 | 0 | } |
1414 | 0 | } |
1415 | 0 | } |
1416 | | |
1417 | | /* Do the batch */ |
1418 | 0 | ret = sendmmsg(b->num, mh, num_msg, sysflags); |
1419 | 0 | if (ret < 0) { |
1420 | 0 | ERR_raise(ERR_LIB_SYS, get_last_socket_error()); |
1421 | 0 | *num_processed = 0; |
1422 | 0 | return 0; |
1423 | 0 | } |
1424 | | |
1425 | 0 | for (i = 0; i < (size_t)ret; ++i) { |
1426 | 0 | BIO_MSG_N(msg, stride, i).data_len = mh[i].msg_len; |
1427 | 0 | BIO_MSG_N(msg, stride, i).flags = 0; |
1428 | 0 | } |
1429 | |
|
1430 | 0 | *num_processed = (size_t)ret; |
1431 | 0 | return 1; |
1432 | |
|
1433 | | #elif M_METHOD == M_METHOD_RECVMSG |
1434 | | /* |
1435 | | * If sendmsg is available, use it. |
1436 | | */ |
1437 | | translate_msg(b, &mh, &iov, control, msg); |
1438 | | |
1439 | | if (msg->local != NULL) { |
1440 | | if (!have_local_enabled) { |
1441 | | ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE); |
1442 | | *num_processed = 0; |
1443 | | return 0; |
1444 | | } |
1445 | | |
1446 | | if (pack_local(b, &mh, msg->local) < 1) { |
1447 | | ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE); |
1448 | | *num_processed = 0; |
1449 | | return 0; |
1450 | | } |
1451 | | } |
1452 | | |
1453 | | l = sendmsg(b->num, &mh, sysflags); |
1454 | | if (l < 0) { |
1455 | | ERR_raise(ERR_LIB_SYS, get_last_socket_error()); |
1456 | | *num_processed = 0; |
1457 | | return 0; |
1458 | | } |
1459 | | |
1460 | | msg->data_len = (size_t)l; |
1461 | | msg->flags = 0; |
1462 | | *num_processed = 1; |
1463 | | return 1; |
1464 | | |
1465 | | #elif M_METHOD == M_METHOD_WSARECVMSG || M_METHOD == M_METHOD_RECVFROM |
1466 | | #if M_METHOD == M_METHOD_WSARECVMSG |
1467 | | if (bio_WSASendMsg != NULL) { |
1468 | | /* WSASendMsg-based implementation for Windows. */ |
1469 | | translate_msg_win(b, &wmsg, &wbuf, control, msg); |
1470 | | |
1471 | | if (msg[0].local != NULL) { |
1472 | | if (!have_local_enabled) { |
1473 | | ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE); |
1474 | | *num_processed = 0; |
1475 | | return 0; |
1476 | | } |
1477 | | |
1478 | | if (pack_local(b, &wmsg, msg[0].local) < 1) { |
1479 | | ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE); |
1480 | | *num_processed = 0; |
1481 | | return 0; |
1482 | | } |
1483 | | } |
1484 | | |
1485 | | ret = WSASendMsg((SOCKET)b->num, &wmsg, 0, &num_bytes_sent, NULL, NULL); |
1486 | | if (ret < 0) { |
1487 | | ERR_raise(ERR_LIB_SYS, get_last_socket_error()); |
1488 | | *num_processed = 0; |
1489 | | return 0; |
1490 | | } |
1491 | | |
1492 | | msg[0].data_len = num_bytes_sent; |
1493 | | msg[0].flags = 0; |
1494 | | *num_processed = 1; |
1495 | | return 1; |
1496 | | } |
1497 | | #endif |
1498 | | |
1499 | | /* |
1500 | | * Fallback to sendto and send a single message. |
1501 | | */ |
1502 | | if (msg[0].local != NULL) { |
1503 | | /* |
1504 | | * We cannot set the local address if using sendto |
1505 | | * so fail in this case |
1506 | | */ |
1507 | | ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE); |
1508 | | *num_processed = 0; |
1509 | | return 0; |
1510 | | } |
1511 | | |
1512 | | ret = sendto(b->num, msg[0].data, |
1513 | | #if defined(OPENSSL_SYS_WINDOWS) |
1514 | | (int)msg[0].data_len, |
1515 | | #else |
1516 | | msg[0].data_len, |
1517 | | #endif |
1518 | | sysflags, |
1519 | | msg[0].peer != NULL ? BIO_ADDR_sockaddr(msg[0].peer) : NULL, |
1520 | | msg[0].peer != NULL ? BIO_ADDR_sockaddr_size(msg[0].peer) : 0); |
1521 | | if (ret <= 0) { |
1522 | | ERR_raise(ERR_LIB_SYS, get_last_socket_error()); |
1523 | | *num_processed = 0; |
1524 | | return 0; |
1525 | | } |
1526 | | |
1527 | | msg[0].data_len = ret; |
1528 | | msg[0].flags = 0; |
1529 | | *num_processed = 1; |
1530 | | return 1; |
1531 | | |
1532 | | #else |
1533 | | ERR_raise(ERR_LIB_BIO, BIO_R_UNSUPPORTED_METHOD); |
1534 | | *num_processed = 0; |
1535 | | return 0; |
1536 | | #endif |
1537 | 0 | } |
1538 | | |
1539 | | static int dgram_recvmmsg(BIO *b, BIO_MSG *msg, |
1540 | | size_t stride, size_t num_msg, |
1541 | | uint64_t flags, size_t *num_processed) |
1542 | 0 | { |
1543 | 0 | #if M_METHOD != M_METHOD_NONE && M_METHOD != M_METHOD_RECVMSG |
1544 | 0 | int ret; |
1545 | 0 | #endif |
1546 | 0 | #if M_METHOD == M_METHOD_RECVMMSG |
1547 | 0 | int sysflags; |
1548 | 0 | bio_dgram_data *data = (bio_dgram_data *)b->ptr; |
1549 | 0 | size_t i; |
1550 | 0 | struct mmsghdr mh[BIO_MAX_MSGS_PER_CALL]; |
1551 | 0 | struct iovec iov[BIO_MAX_MSGS_PER_CALL]; |
1552 | 0 | unsigned char control[BIO_MAX_MSGS_PER_CALL][BIO_CMSG_ALLOC_LEN]; |
1553 | 0 | int have_local_enabled = data->local_addr_enabled; |
1554 | | #elif M_METHOD == M_METHOD_RECVMSG |
1555 | | int sysflags; |
1556 | | bio_dgram_data *data = (bio_dgram_data *)b->ptr; |
1557 | | ossl_ssize_t l; |
1558 | | struct msghdr mh; |
1559 | | struct iovec iov; |
1560 | | unsigned char control[BIO_CMSG_ALLOC_LEN]; |
1561 | | int have_local_enabled = data->local_addr_enabled; |
1562 | | #elif M_METHOD == M_METHOD_WSARECVMSG |
1563 | | bio_dgram_data *data = (bio_dgram_data *)b->ptr; |
1564 | | int have_local_enabled = data->local_addr_enabled; |
1565 | | WSAMSG wmsg; |
1566 | | WSABUF wbuf; |
1567 | | DWORD num_bytes_received = 0; |
1568 | | unsigned char control[BIO_CMSG_ALLOC_LEN]; |
1569 | | #endif |
1570 | | #if M_METHOD == M_METHOD_RECVFROM || M_METHOD == M_METHOD_WSARECVMSG |
1571 | | int sysflags; |
1572 | | socklen_t slen; |
1573 | | #endif |
1574 | |
|
1575 | 0 | if (num_msg == 0) { |
1576 | 0 | *num_processed = 0; |
1577 | 0 | return 1; |
1578 | 0 | } |
1579 | | |
1580 | 0 | if (num_msg > OSSL_SSIZE_MAX) |
1581 | 0 | num_msg = OSSL_SSIZE_MAX; |
1582 | |
|
1583 | 0 | #if M_METHOD != M_METHOD_NONE |
1584 | 0 | sysflags = translate_flags(flags); |
1585 | 0 | #endif |
1586 | |
|
1587 | 0 | #if M_METHOD == M_METHOD_RECVMMSG |
1588 | | /* |
1589 | | * In the sendmmsg/recvmmsg case, we need to allocate our translated struct |
1590 | | * msghdr and struct iovec on the stack to support multithreaded use. Thus |
1591 | | * we place a fixed limit on the number of messages per call, in the |
1592 | | * expectation that we will be called again if there were more messages to |
1593 | | * be sent. |
1594 | | */ |
1595 | 0 | if (num_msg > BIO_MAX_MSGS_PER_CALL) |
1596 | 0 | num_msg = BIO_MAX_MSGS_PER_CALL; |
1597 | |
|
1598 | 0 | for (i = 0; i < num_msg; ++i) { |
1599 | 0 | translate_msg(b, &mh[i].msg_hdr, &iov[i], |
1600 | 0 | control[i], &BIO_MSG_N(msg, stride, i)); |
1601 | | |
1602 | | /* If local address was requested, it must have been enabled */ |
1603 | 0 | if (BIO_MSG_N(msg, stride, i).local != NULL && !have_local_enabled) { |
1604 | 0 | ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE); |
1605 | 0 | *num_processed = 0; |
1606 | 0 | return 0; |
1607 | 0 | } |
1608 | 0 | } |
1609 | | |
1610 | | /* Do the batch */ |
1611 | 0 | ret = recvmmsg(b->num, mh, num_msg, sysflags, NULL); |
1612 | 0 | if (ret < 0) { |
1613 | 0 | ERR_raise(ERR_LIB_SYS, get_last_socket_error()); |
1614 | 0 | *num_processed = 0; |
1615 | 0 | return 0; |
1616 | 0 | } |
1617 | | |
1618 | 0 | for (i = 0; i < (size_t)ret; ++i) { |
1619 | 0 | BIO_MSG_N(msg, stride, i).data_len = mh[i].msg_len; |
1620 | 0 | BIO_MSG_N(msg, stride, i).flags = 0; |
1621 | | /* |
1622 | | * *(msg->peer) will have been filled in by recvmmsg; |
1623 | | * for msg->local we parse the control data returned |
1624 | | */ |
1625 | 0 | if (BIO_MSG_N(msg, stride, i).local != NULL) |
1626 | 0 | if (extract_local(b, &mh[i].msg_hdr, |
1627 | 0 | BIO_MSG_N(msg, stride, i).local) |
1628 | 0 | < 1) |
1629 | | /* |
1630 | | * It appears BSDs do not support local addresses for |
1631 | | * loopback sockets. In this case, just clear the local |
1632 | | * address, as for OS X and Windows in some circumstances |
1633 | | * (see below). |
1634 | | */ |
1635 | 0 | BIO_ADDR_clear(BIO_MSG_N(msg, stride, i).local); |
1636 | 0 | } |
1637 | |
|
1638 | 0 | *num_processed = (size_t)ret; |
1639 | 0 | return 1; |
1640 | |
|
1641 | | #elif M_METHOD == M_METHOD_RECVMSG |
1642 | | /* |
1643 | | * If recvmsg is available, use it. |
1644 | | */ |
1645 | | translate_msg(b, &mh, &iov, control, msg); |
1646 | | |
1647 | | /* If local address was requested, it must have been enabled */ |
1648 | | if (msg->local != NULL && !have_local_enabled) { |
1649 | | /* |
1650 | | * If we have done at least one message, we must return the |
1651 | | * count; if we haven't done any, we can give an error code |
1652 | | */ |
1653 | | ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE); |
1654 | | *num_processed = 0; |
1655 | | return 0; |
1656 | | } |
1657 | | |
1658 | | l = recvmsg(b->num, &mh, sysflags); |
1659 | | if (l < 0) { |
1660 | | ERR_raise(ERR_LIB_SYS, get_last_socket_error()); |
1661 | | *num_processed = 0; |
1662 | | return 0; |
1663 | | } |
1664 | | |
1665 | | msg->data_len = (size_t)l; |
1666 | | msg->flags = 0; |
1667 | | |
1668 | | if (msg->local != NULL) |
1669 | | if (extract_local(b, &mh, msg->local) < 1) |
1670 | | /* |
1671 | | * OS X exhibits odd behaviour where it appears that if a packet is |
1672 | | * sent before the receiving interface enables IP_PKTINFO, it will |
1673 | | * sometimes not have any control data returned even if the |
1674 | | * receiving interface enables IP_PKTINFO before calling recvmsg(). |
1675 | | * This appears to occur non-deterministically. Presumably, OS X |
1676 | | * handles IP_PKTINFO at the time the packet is enqueued into a |
1677 | | * socket's receive queue, rather than at the time recvmsg() is |
1678 | | * called, unlike most other operating systems. Thus (if this |
1679 | | * hypothesis is correct) there is a race between where IP_PKTINFO |
1680 | | * is enabled by the process and when the kernel's network stack |
1681 | | * queues the incoming message. |
1682 | | * |
1683 | | * We cannot return the local address if we do not have it, but this |
1684 | | * is not a caller error either, so just return a zero address |
1685 | | * structure. This is similar to how we handle Windows loopback |
1686 | | * interfaces (see below). We enable this workaround for all |
1687 | | * platforms, not just Apple, as this kind of quirk in OS networking |
1688 | | * stacks seems to be common enough that failing hard if a local |
1689 | | * address is not provided appears to be too brittle. |
1690 | | */ |
1691 | | BIO_ADDR_clear(msg->local); |
1692 | | |
1693 | | *num_processed = 1; |
1694 | | return 1; |
1695 | | |
1696 | | #elif M_METHOD == M_METHOD_RECVFROM || M_METHOD == M_METHOD_WSARECVMSG |
1697 | | #if M_METHOD == M_METHOD_WSARECVMSG |
1698 | | if (bio_WSARecvMsg != NULL) { |
1699 | | /* WSARecvMsg-based implementation for Windows. */ |
1700 | | translate_msg_win(b, &wmsg, &wbuf, control, msg); |
1701 | | |
1702 | | /* If local address was requested, it must have been enabled */ |
1703 | | if (msg[0].local != NULL && !have_local_enabled) { |
1704 | | ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE); |
1705 | | *num_processed = 0; |
1706 | | return 0; |
1707 | | } |
1708 | | |
1709 | | ret = WSARecvMsg((SOCKET)b->num, &wmsg, &num_bytes_received, NULL, NULL); |
1710 | | if (ret < 0) { |
1711 | | ERR_raise(ERR_LIB_SYS, get_last_socket_error()); |
1712 | | *num_processed = 0; |
1713 | | return 0; |
1714 | | } |
1715 | | |
1716 | | msg[0].data_len = num_bytes_received; |
1717 | | msg[0].flags = 0; |
1718 | | if (msg[0].local != NULL) |
1719 | | if (extract_local(b, &wmsg, msg[0].local) < 1) |
1720 | | /* |
1721 | | * On Windows, loopback is not a "proper" interface and it works |
1722 | | * differently; packets are essentially short-circuited and |
1723 | | * don't go through all of the normal processing. A consequence |
1724 | | * of this is that packets sent from the local machine to the |
1725 | | * local machine _will not have IP_PKTINFO_ even if the |
1726 | | * IP_PKTINFO socket option is enabled. WSARecvMsg just sets |
1727 | | * Control.len to 0 on returning. |
1728 | | * |
1729 | | * This applies regardless of whether the loopback address, |
1730 | | * 127.0.0.1 is used, or a local interface address (e.g. |
1731 | | * 192.168.1.1); in both cases IP_PKTINFO will not be present. |
1732 | | * |
1733 | | * We report this condition by setting the local BIO_ADDR's |
1734 | | * family to 0. |
1735 | | */ |
1736 | | BIO_ADDR_clear(msg[0].local); |
1737 | | |
1738 | | *num_processed = 1; |
1739 | | return 1; |
1740 | | } |
1741 | | #endif |
1742 | | |
1743 | | /* |
1744 | | * Fallback to recvfrom and receive a single message. |
1745 | | */ |
1746 | | if (msg[0].local != NULL) { |
1747 | | /* |
1748 | | * We cannot determine the local address if using recvfrom |
1749 | | * so fail in this case |
1750 | | */ |
1751 | | ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE); |
1752 | | *num_processed = 0; |
1753 | | return 0; |
1754 | | } |
1755 | | |
1756 | | slen = sizeof(*msg[0].peer); |
1757 | | ret = recvfrom(b->num, msg[0].data, |
1758 | | #if defined(OPENSSL_SYS_WINDOWS) |
1759 | | (int)msg[0].data_len, |
1760 | | #else |
1761 | | msg[0].data_len, |
1762 | | #endif |
1763 | | sysflags, |
1764 | | msg[0].peer != NULL ? &msg[0].peer->sa : NULL, |
1765 | | msg[0].peer != NULL ? &slen : NULL); |
1766 | | if (ret <= 0) { |
1767 | | ERR_raise(ERR_LIB_SYS, get_last_socket_error()); |
1768 | | *num_processed = 0; |
1769 | | return 0; |
1770 | | } |
1771 | | |
1772 | | msg[0].data_len = ret; |
1773 | | msg[0].flags = 0; |
1774 | | *num_processed = 1; |
1775 | | return 1; |
1776 | | |
1777 | | #else |
1778 | | ERR_raise(ERR_LIB_BIO, BIO_R_UNSUPPORTED_METHOD); |
1779 | | *num_processed = 0; |
1780 | | return 0; |
1781 | | #endif |
1782 | 0 | } |
1783 | | |
1784 | | #ifndef OPENSSL_NO_SCTP |
1785 | | const BIO_METHOD *BIO_s_datagram_sctp(void) |
1786 | | { |
1787 | | return &methods_dgramp_sctp; |
1788 | | } |
1789 | | |
1790 | | BIO *BIO_new_dgram_sctp(int fd, int close_flag) |
1791 | | { |
1792 | | BIO *bio; |
1793 | | int ret, optval = 20000; |
1794 | | int auth_data = 0, auth_forward = 0; |
1795 | | unsigned char *p; |
1796 | | struct sctp_authchunk auth; |
1797 | | struct sctp_authchunks *authchunks; |
1798 | | socklen_t sockopt_len; |
1799 | | #ifdef SCTP_AUTHENTICATION_EVENT |
1800 | | #ifdef SCTP_EVENT |
1801 | | struct sctp_event event; |
1802 | | #else |
1803 | | struct sctp_event_subscribe event; |
1804 | | #endif |
1805 | | #endif |
1806 | | |
1807 | | bio = BIO_new(BIO_s_datagram_sctp()); |
1808 | | if (bio == NULL) |
1809 | | return NULL; |
1810 | | BIO_set_fd(bio, fd, close_flag); |
1811 | | |
1812 | | /* Activate SCTP-AUTH for DATA and FORWARD-TSN chunks */ |
1813 | | auth.sauth_chunk = OPENSSL_SCTP_DATA_CHUNK_TYPE; |
1814 | | ret = setsockopt(fd, IPPROTO_SCTP, SCTP_AUTH_CHUNK, &auth, |
1815 | | sizeof(struct sctp_authchunk)); |
1816 | | if (ret < 0) { |
1817 | | BIO_vfree(bio); |
1818 | | ERR_raise_data(ERR_LIB_BIO, ERR_R_SYS_LIB, |
1819 | | "Ensure SCTP AUTH chunks are enabled in kernel"); |
1820 | | return NULL; |
1821 | | } |
1822 | | auth.sauth_chunk = OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE; |
1823 | | ret = setsockopt(fd, IPPROTO_SCTP, SCTP_AUTH_CHUNK, &auth, |
1824 | | sizeof(struct sctp_authchunk)); |
1825 | | if (ret < 0) { |
1826 | | BIO_vfree(bio); |
1827 | | ERR_raise_data(ERR_LIB_BIO, ERR_R_SYS_LIB, |
1828 | | "Ensure SCTP AUTH chunks are enabled in kernel"); |
1829 | | return NULL; |
1830 | | } |
1831 | | |
1832 | | /* |
1833 | | * Test if activation was successful. When using accept(), SCTP-AUTH has |
1834 | | * to be activated for the listening socket already, otherwise the |
1835 | | * connected socket won't use it. Similarly with connect(): the socket |
1836 | | * prior to connection must be activated for SCTP-AUTH |
1837 | | */ |
1838 | | sockopt_len = (socklen_t)(sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t)); |
1839 | | authchunks = OPENSSL_zalloc(sockopt_len); |
1840 | | if (authchunks == NULL) { |
1841 | | BIO_vfree(bio); |
1842 | | return NULL; |
1843 | | } |
1844 | | ret = getsockopt(fd, IPPROTO_SCTP, SCTP_LOCAL_AUTH_CHUNKS, authchunks, |
1845 | | &sockopt_len); |
1846 | | if (ret < 0) { |
1847 | | OPENSSL_free(authchunks); |
1848 | | BIO_vfree(bio); |
1849 | | return NULL; |
1850 | | } |
1851 | | |
1852 | | for (p = (unsigned char *)authchunks->gauth_chunks; |
1853 | | p < (unsigned char *)authchunks + sockopt_len; |
1854 | | p += sizeof(uint8_t)) { |
1855 | | if (*p == OPENSSL_SCTP_DATA_CHUNK_TYPE) |
1856 | | auth_data = 1; |
1857 | | if (*p == OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE) |
1858 | | auth_forward = 1; |
1859 | | } |
1860 | | |
1861 | | OPENSSL_free(authchunks); |
1862 | | |
1863 | | if (!auth_data || !auth_forward) { |
1864 | | BIO_vfree(bio); |
1865 | | ERR_raise_data(ERR_LIB_BIO, ERR_R_SYS_LIB, |
1866 | | "Ensure SCTP AUTH chunks are enabled on the " |
1867 | | "underlying socket"); |
1868 | | return NULL; |
1869 | | } |
1870 | | |
1871 | | #ifdef SCTP_AUTHENTICATION_EVENT |
1872 | | #ifdef SCTP_EVENT |
1873 | | memset(&event, 0, sizeof(event)); |
1874 | | event.se_assoc_id = 0; |
1875 | | event.se_type = SCTP_AUTHENTICATION_EVENT; |
1876 | | event.se_on = 1; |
1877 | | ret = setsockopt(fd, IPPROTO_SCTP, SCTP_EVENT, &event, |
1878 | | sizeof(struct sctp_event)); |
1879 | | if (ret < 0) { |
1880 | | BIO_vfree(bio); |
1881 | | return NULL; |
1882 | | } |
1883 | | #else |
1884 | | sockopt_len = (socklen_t)sizeof(struct sctp_event_subscribe); |
1885 | | ret = getsockopt(fd, IPPROTO_SCTP, SCTP_EVENTS, &event, &sockopt_len); |
1886 | | if (ret < 0) { |
1887 | | BIO_vfree(bio); |
1888 | | return NULL; |
1889 | | } |
1890 | | |
1891 | | event.sctp_authentication_event = 1; |
1892 | | |
1893 | | ret = setsockopt(fd, IPPROTO_SCTP, SCTP_EVENTS, &event, |
1894 | | sizeof(struct sctp_event_subscribe)); |
1895 | | if (ret < 0) { |
1896 | | BIO_vfree(bio); |
1897 | | return NULL; |
1898 | | } |
1899 | | #endif |
1900 | | #endif |
1901 | | |
1902 | | /* |
1903 | | * Disable partial delivery by setting the min size larger than the max |
1904 | | * record size of 2^14 + 2048 + 13 |
1905 | | */ |
1906 | | ret = setsockopt(fd, IPPROTO_SCTP, SCTP_PARTIAL_DELIVERY_POINT, &optval, |
1907 | | sizeof(optval)); |
1908 | | if (ret < 0) { |
1909 | | BIO_vfree(bio); |
1910 | | return NULL; |
1911 | | } |
1912 | | |
1913 | | return bio; |
1914 | | } |
1915 | | |
1916 | | int BIO_dgram_is_sctp(BIO *bio) |
1917 | | { |
1918 | | return (BIO_method_type(bio) == BIO_TYPE_DGRAM_SCTP); |
1919 | | } |
1920 | | |
1921 | | static int dgram_sctp_new(BIO *bi) |
1922 | | { |
1923 | | bio_dgram_sctp_data *data = NULL; |
1924 | | |
1925 | | bi->init = 0; |
1926 | | bi->num = 0; |
1927 | | if ((data = OPENSSL_zalloc(sizeof(*data))) == NULL) |
1928 | | return 0; |
1929 | | #ifdef SCTP_PR_SCTP_NONE |
1930 | | data->prinfo.pr_policy = SCTP_PR_SCTP_NONE; |
1931 | | #endif |
1932 | | bi->ptr = data; |
1933 | | |
1934 | | bi->flags = 0; |
1935 | | return 1; |
1936 | | } |
1937 | | |
1938 | | static int dgram_sctp_free(BIO *a) |
1939 | | { |
1940 | | bio_dgram_sctp_data *data; |
1941 | | |
1942 | | if (a == NULL) |
1943 | | return 0; |
1944 | | if (!dgram_clear(a)) |
1945 | | return 0; |
1946 | | |
1947 | | data = (bio_dgram_sctp_data *)a->ptr; |
1948 | | if (data != NULL) |
1949 | | OPENSSL_free(data); |
1950 | | |
1951 | | return 1; |
1952 | | } |
1953 | | |
1954 | | #ifdef SCTP_AUTHENTICATION_EVENT |
1955 | | void dgram_sctp_handle_auth_free_key_event(BIO *b, |
1956 | | union sctp_notification *snp) |
1957 | | { |
1958 | | int ret; |
1959 | | struct sctp_authkey_event *authkeyevent = &snp->sn_auth_event; |
1960 | | |
1961 | | if (authkeyevent->auth_indication == SCTP_AUTH_FREE_KEY) { |
1962 | | struct sctp_authkeyid authkeyid; |
1963 | | |
1964 | | /* delete key */ |
1965 | | authkeyid.scact_keynumber = authkeyevent->auth_keynumber; |
1966 | | ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_DELETE_KEY, |
1967 | | &authkeyid, sizeof(struct sctp_authkeyid)); |
1968 | | } |
1969 | | } |
1970 | | #endif |
1971 | | |
1972 | | static int dgram_sctp_read(BIO *b, char *out, int outl) |
1973 | | { |
1974 | | int ret = 0, n = 0, i, optval; |
1975 | | socklen_t optlen; |
1976 | | bio_dgram_sctp_data *data = (bio_dgram_sctp_data *)b->ptr; |
1977 | | struct msghdr msg; |
1978 | | struct iovec iov; |
1979 | | struct cmsghdr *cmsg; |
1980 | | char cmsgbuf[512]; |
1981 | | |
1982 | | if (out != NULL) { |
1983 | | clear_socket_error(); |
1984 | | |
1985 | | do { |
1986 | | memset(&data->rcvinfo, 0, sizeof(data->rcvinfo)); |
1987 | | iov.iov_base = out; |
1988 | | iov.iov_len = outl; |
1989 | | msg.msg_name = NULL; |
1990 | | msg.msg_namelen = 0; |
1991 | | msg.msg_iov = &iov; |
1992 | | msg.msg_iovlen = 1; |
1993 | | msg.msg_control = cmsgbuf; |
1994 | | msg.msg_controllen = 512; |
1995 | | msg.msg_flags = 0; |
1996 | | n = recvmsg(b->num, &msg, 0); |
1997 | | |
1998 | | if (n <= 0) { |
1999 | | if (n < 0) |
2000 | | ret = n; |
2001 | | break; |
2002 | | } |
2003 | | |
2004 | | if (msg.msg_controllen > 0) { |
2005 | | for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; |
2006 | | cmsg = CMSG_NXTHDR(&msg, cmsg)) { |
2007 | | if (cmsg->cmsg_level != IPPROTO_SCTP) |
2008 | | continue; |
2009 | | #ifdef SCTP_RCVINFO |
2010 | | if (cmsg->cmsg_type == SCTP_RCVINFO) { |
2011 | | struct sctp_rcvinfo *rcvinfo; |
2012 | | |
2013 | | rcvinfo = (struct sctp_rcvinfo *)CMSG_DATA(cmsg); |
2014 | | data->rcvinfo.rcv_sid = rcvinfo->rcv_sid; |
2015 | | data->rcvinfo.rcv_ssn = rcvinfo->rcv_ssn; |
2016 | | data->rcvinfo.rcv_flags = rcvinfo->rcv_flags; |
2017 | | data->rcvinfo.rcv_ppid = rcvinfo->rcv_ppid; |
2018 | | data->rcvinfo.rcv_tsn = rcvinfo->rcv_tsn; |
2019 | | data->rcvinfo.rcv_cumtsn = rcvinfo->rcv_cumtsn; |
2020 | | data->rcvinfo.rcv_context = rcvinfo->rcv_context; |
2021 | | } |
2022 | | #endif |
2023 | | #ifdef SCTP_SNDRCV |
2024 | | if (cmsg->cmsg_type == SCTP_SNDRCV) { |
2025 | | struct sctp_sndrcvinfo *sndrcvinfo; |
2026 | | |
2027 | | sndrcvinfo = (struct sctp_sndrcvinfo *)CMSG_DATA(cmsg); |
2028 | | data->rcvinfo.rcv_sid = sndrcvinfo->sinfo_stream; |
2029 | | data->rcvinfo.rcv_ssn = sndrcvinfo->sinfo_ssn; |
2030 | | data->rcvinfo.rcv_flags = sndrcvinfo->sinfo_flags; |
2031 | | data->rcvinfo.rcv_ppid = sndrcvinfo->sinfo_ppid; |
2032 | | data->rcvinfo.rcv_tsn = sndrcvinfo->sinfo_tsn; |
2033 | | data->rcvinfo.rcv_cumtsn = sndrcvinfo->sinfo_cumtsn; |
2034 | | data->rcvinfo.rcv_context = sndrcvinfo->sinfo_context; |
2035 | | } |
2036 | | #endif |
2037 | | } |
2038 | | } |
2039 | | |
2040 | | if (msg.msg_flags & MSG_NOTIFICATION) { |
2041 | | union sctp_notification snp; |
2042 | | |
2043 | | if (n < (int)sizeof(snp.sn_header)) |
2044 | | return -1; |
2045 | | memset(&snp, 0, sizeof(snp)); |
2046 | | memcpy(&snp, out, (size_t)n < sizeof(snp) ? (size_t)n : sizeof(snp)); |
2047 | | if (snp.sn_header.sn_type == SCTP_SENDER_DRY_EVENT) { |
2048 | | #ifdef SCTP_EVENT |
2049 | | struct sctp_event event; |
2050 | | #else |
2051 | | struct sctp_event_subscribe event; |
2052 | | socklen_t eventsize; |
2053 | | #endif |
2054 | | |
2055 | | /* disable sender dry event */ |
2056 | | #ifdef SCTP_EVENT |
2057 | | memset(&event, 0, sizeof(event)); |
2058 | | event.se_assoc_id = 0; |
2059 | | event.se_type = SCTP_SENDER_DRY_EVENT; |
2060 | | event.se_on = 0; |
2061 | | i = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENT, &event, |
2062 | | sizeof(struct sctp_event)); |
2063 | | if (i < 0) { |
2064 | | ret = i; |
2065 | | break; |
2066 | | } |
2067 | | #else |
2068 | | eventsize = sizeof(struct sctp_event_subscribe); |
2069 | | i = getsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, |
2070 | | &eventsize); |
2071 | | if (i < 0) { |
2072 | | ret = i; |
2073 | | break; |
2074 | | } |
2075 | | |
2076 | | event.sctp_sender_dry_event = 0; |
2077 | | |
2078 | | i = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, |
2079 | | sizeof(struct sctp_event_subscribe)); |
2080 | | if (i < 0) { |
2081 | | ret = i; |
2082 | | break; |
2083 | | } |
2084 | | #endif |
2085 | | } |
2086 | | #ifdef SCTP_AUTHENTICATION_EVENT |
2087 | | if (snp.sn_header.sn_type == SCTP_AUTHENTICATION_EVENT) |
2088 | | dgram_sctp_handle_auth_free_key_event(b, &snp); |
2089 | | #endif |
2090 | | |
2091 | | if (data->handle_notifications != NULL) |
2092 | | data->handle_notifications(b, data->notification_context, |
2093 | | (void *)out); |
2094 | | |
2095 | | memset(out, 0, outl); |
2096 | | } else { |
2097 | | ret += n; |
2098 | | } |
2099 | | } while ((msg.msg_flags & MSG_NOTIFICATION) && (msg.msg_flags & MSG_EOR) |
2100 | | && (ret < outl)); |
2101 | | |
2102 | | if (ret > 0 && !(msg.msg_flags & MSG_EOR)) { |
2103 | | /* Partial message read, this should never happen! */ |
2104 | | |
2105 | | /* |
2106 | | * The buffer was too small, this means the peer sent a message |
2107 | | * that was larger than allowed. |
2108 | | */ |
2109 | | if (ret == outl) |
2110 | | return -1; |
2111 | | |
2112 | | /* |
2113 | | * Test if socket buffer can handle max record size (2^14 + 2048 |
2114 | | * + 13) |
2115 | | */ |
2116 | | optlen = (socklen_t)sizeof(int); |
2117 | | ret = getsockopt(b->num, SOL_SOCKET, SO_RCVBUF, &optval, &optlen); |
2118 | | if (ret >= 0 && !ossl_assert(optval >= 18445)) |
2119 | | return -1; |
2120 | | |
2121 | | /* |
2122 | | * Test if SCTP doesn't partially deliver below max record size |
2123 | | * (2^14 + 2048 + 13) |
2124 | | */ |
2125 | | optlen = (socklen_t)sizeof(int); |
2126 | | ret = getsockopt(b->num, IPPROTO_SCTP, SCTP_PARTIAL_DELIVERY_POINT, |
2127 | | &optval, &optlen); |
2128 | | if (ret >= 0 && !ossl_assert(optval >= 18445)) |
2129 | | return -1; |
2130 | | |
2131 | | /* |
2132 | | * Partially delivered notification??? Probably a bug.... |
2133 | | */ |
2134 | | if (!ossl_assert((msg.msg_flags & MSG_NOTIFICATION) == 0)) |
2135 | | return -1; |
2136 | | |
2137 | | /* |
2138 | | * Everything seems ok till now, so it's most likely a message |
2139 | | * dropped by PR-SCTP. |
2140 | | */ |
2141 | | memset(out, 0, outl); |
2142 | | BIO_set_retry_read(b); |
2143 | | return -1; |
2144 | | } |
2145 | | |
2146 | | BIO_clear_retry_flags(b); |
2147 | | if (ret < 0) { |
2148 | | if (BIO_dgram_should_retry(ret)) { |
2149 | | BIO_set_retry_read(b); |
2150 | | data->dgram._errno = get_last_socket_error(); |
2151 | | } |
2152 | | } |
2153 | | |
2154 | | /* Test if peer uses SCTP-AUTH before continuing */ |
2155 | | if (!data->peer_auth_tested) { |
2156 | | int ii, auth_data = 0, auth_forward = 0; |
2157 | | unsigned char *p; |
2158 | | struct sctp_authchunks *authchunks; |
2159 | | |
2160 | | optlen = (socklen_t)(sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t)); |
2161 | | authchunks = OPENSSL_malloc(optlen); |
2162 | | if (authchunks == NULL) |
2163 | | return -1; |
2164 | | memset(authchunks, 0, optlen); |
2165 | | ii = getsockopt(b->num, IPPROTO_SCTP, SCTP_PEER_AUTH_CHUNKS, |
2166 | | authchunks, &optlen); |
2167 | | |
2168 | | if (ii >= 0) |
2169 | | for (p = (unsigned char *)authchunks->gauth_chunks; |
2170 | | p < (unsigned char *)authchunks + optlen; |
2171 | | p += sizeof(uint8_t)) { |
2172 | | if (*p == OPENSSL_SCTP_DATA_CHUNK_TYPE) |
2173 | | auth_data = 1; |
2174 | | if (*p == OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE) |
2175 | | auth_forward = 1; |
2176 | | } |
2177 | | |
2178 | | OPENSSL_free(authchunks); |
2179 | | |
2180 | | if (!auth_data || !auth_forward) { |
2181 | | ERR_raise(ERR_LIB_BIO, BIO_R_CONNECT_ERROR); |
2182 | | return -1; |
2183 | | } |
2184 | | |
2185 | | data->peer_auth_tested = 1; |
2186 | | } |
2187 | | } |
2188 | | return ret; |
2189 | | } |
2190 | | |
2191 | | /* |
2192 | | * dgram_sctp_write - send message on SCTP socket |
2193 | | * @b: BIO to write to |
2194 | | * @in: data to send |
2195 | | * @inl: amount of bytes in @in to send |
2196 | | * |
2197 | | * Returns -1 on error or the sent amount of bytes on success |
2198 | | */ |
2199 | | static int dgram_sctp_write(BIO *b, const char *in, int inl) |
2200 | | { |
2201 | | int ret; |
2202 | | bio_dgram_sctp_data *data = (bio_dgram_sctp_data *)b->ptr; |
2203 | | struct bio_dgram_sctp_sndinfo *sinfo = &(data->sndinfo); |
2204 | | struct bio_dgram_sctp_prinfo *pinfo = &(data->prinfo); |
2205 | | struct bio_dgram_sctp_sndinfo handshake_sinfo; |
2206 | | struct iovec iov[1]; |
2207 | | struct msghdr msg; |
2208 | | struct cmsghdr *cmsg; |
2209 | | #if defined(SCTP_SNDINFO) && defined(SCTP_PRINFO) |
2210 | | char cmsgbuf[CMSG_SPACE(sizeof(struct sctp_sndinfo)) + CMSG_SPACE(sizeof(struct sctp_prinfo))]; |
2211 | | struct sctp_sndinfo *sndinfo; |
2212 | | struct sctp_prinfo *prinfo; |
2213 | | #else |
2214 | | char cmsgbuf[CMSG_SPACE(sizeof(struct sctp_sndrcvinfo))]; |
2215 | | struct sctp_sndrcvinfo *sndrcvinfo; |
2216 | | #endif |
2217 | | |
2218 | | clear_socket_error(); |
2219 | | |
2220 | | /* |
2221 | | * If we're send anything else than application data, disable all user |
2222 | | * parameters and flags. |
2223 | | */ |
2224 | | if (in[0] != 23) { |
2225 | | memset(&handshake_sinfo, 0, sizeof(handshake_sinfo)); |
2226 | | #ifdef SCTP_SACK_IMMEDIATELY |
2227 | | handshake_sinfo.snd_flags = SCTP_SACK_IMMEDIATELY; |
2228 | | #endif |
2229 | | sinfo = &handshake_sinfo; |
2230 | | } |
2231 | | |
2232 | | /* We can only send a shutdown alert if the socket is dry */ |
2233 | | if (data->save_shutdown) { |
2234 | | ret = BIO_dgram_sctp_wait_for_dry(b); |
2235 | | if (ret < 0) |
2236 | | return -1; |
2237 | | if (ret == 0) { |
2238 | | BIO_clear_retry_flags(b); |
2239 | | BIO_set_retry_write(b); |
2240 | | return -1; |
2241 | | } |
2242 | | } |
2243 | | |
2244 | | iov[0].iov_base = (char *)in; |
2245 | | iov[0].iov_len = inl; |
2246 | | msg.msg_name = NULL; |
2247 | | msg.msg_namelen = 0; |
2248 | | msg.msg_iov = iov; |
2249 | | msg.msg_iovlen = 1; |
2250 | | msg.msg_control = (caddr_t)cmsgbuf; |
2251 | | msg.msg_controllen = 0; |
2252 | | msg.msg_flags = 0; |
2253 | | #if defined(SCTP_SNDINFO) && defined(SCTP_PRINFO) |
2254 | | cmsg = (struct cmsghdr *)cmsgbuf; |
2255 | | cmsg->cmsg_level = IPPROTO_SCTP; |
2256 | | cmsg->cmsg_type = SCTP_SNDINFO; |
2257 | | cmsg->cmsg_len = CMSG_LEN(sizeof(struct sctp_sndinfo)); |
2258 | | sndinfo = (struct sctp_sndinfo *)CMSG_DATA(cmsg); |
2259 | | memset(sndinfo, 0, sizeof(*sndinfo)); |
2260 | | sndinfo->snd_sid = sinfo->snd_sid; |
2261 | | sndinfo->snd_flags = sinfo->snd_flags; |
2262 | | sndinfo->snd_ppid = sinfo->snd_ppid; |
2263 | | sndinfo->snd_context = sinfo->snd_context; |
2264 | | msg.msg_controllen += CMSG_SPACE(sizeof(struct sctp_sndinfo)); |
2265 | | |
2266 | | cmsg = (struct cmsghdr *)&cmsgbuf[CMSG_SPACE(sizeof(struct sctp_sndinfo))]; |
2267 | | cmsg->cmsg_level = IPPROTO_SCTP; |
2268 | | cmsg->cmsg_type = SCTP_PRINFO; |
2269 | | cmsg->cmsg_len = CMSG_LEN(sizeof(struct sctp_prinfo)); |
2270 | | prinfo = (struct sctp_prinfo *)CMSG_DATA(cmsg); |
2271 | | memset(prinfo, 0, sizeof(*prinfo)); |
2272 | | prinfo->pr_policy = pinfo->pr_policy; |
2273 | | prinfo->pr_value = pinfo->pr_value; |
2274 | | msg.msg_controllen += CMSG_SPACE(sizeof(struct sctp_prinfo)); |
2275 | | #else |
2276 | | cmsg = (struct cmsghdr *)cmsgbuf; |
2277 | | cmsg->cmsg_level = IPPROTO_SCTP; |
2278 | | cmsg->cmsg_type = SCTP_SNDRCV; |
2279 | | cmsg->cmsg_len = CMSG_LEN(sizeof(struct sctp_sndrcvinfo)); |
2280 | | sndrcvinfo = (struct sctp_sndrcvinfo *)CMSG_DATA(cmsg); |
2281 | | memset(sndrcvinfo, 0, sizeof(*sndrcvinfo)); |
2282 | | sndrcvinfo->sinfo_stream = sinfo->snd_sid; |
2283 | | sndrcvinfo->sinfo_flags = sinfo->snd_flags; |
2284 | | #ifdef __FreeBSD__ |
2285 | | sndrcvinfo->sinfo_flags |= pinfo->pr_policy; |
2286 | | #endif |
2287 | | sndrcvinfo->sinfo_ppid = sinfo->snd_ppid; |
2288 | | sndrcvinfo->sinfo_context = sinfo->snd_context; |
2289 | | sndrcvinfo->sinfo_timetolive = pinfo->pr_value; |
2290 | | msg.msg_controllen += CMSG_SPACE(sizeof(struct sctp_sndrcvinfo)); |
2291 | | #endif |
2292 | | |
2293 | | ret = sendmsg(b->num, &msg, 0); |
2294 | | |
2295 | | BIO_clear_retry_flags(b); |
2296 | | if (ret <= 0) { |
2297 | | if (BIO_dgram_should_retry(ret)) { |
2298 | | BIO_set_retry_write(b); |
2299 | | data->dgram._errno = get_last_socket_error(); |
2300 | | } |
2301 | | } |
2302 | | return ret; |
2303 | | } |
2304 | | |
2305 | | static long dgram_sctp_ctrl(BIO *b, int cmd, long num, void *ptr) |
2306 | | { |
2307 | | long ret = 1; |
2308 | | bio_dgram_sctp_data *data = NULL; |
2309 | | socklen_t sockopt_len = 0; |
2310 | | struct sctp_authkeyid authkeyid; |
2311 | | struct sctp_authkey *authkey = NULL; |
2312 | | |
2313 | | data = (bio_dgram_sctp_data *)b->ptr; |
2314 | | |
2315 | | switch (cmd) { |
2316 | | case BIO_CTRL_DGRAM_QUERY_MTU: |
2317 | | /* |
2318 | | * Set to maximum (2^14) and ignore user input to enable transport |
2319 | | * protocol fragmentation. Returns always 2^14. |
2320 | | */ |
2321 | | data->dgram.mtu = 16384; |
2322 | | ret = data->dgram.mtu; |
2323 | | break; |
2324 | | case BIO_CTRL_DGRAM_SET_MTU: |
2325 | | /* |
2326 | | * Set to maximum (2^14) and ignore input to enable transport |
2327 | | * protocol fragmentation. Returns always 2^14. |
2328 | | */ |
2329 | | data->dgram.mtu = 16384; |
2330 | | ret = data->dgram.mtu; |
2331 | | break; |
2332 | | case BIO_CTRL_DGRAM_SET_CONNECTED: |
2333 | | case BIO_CTRL_DGRAM_CONNECT: |
2334 | | /* Returns always -1. */ |
2335 | | ret = -1; |
2336 | | break; |
2337 | | case BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT: |
2338 | | /* |
2339 | | * SCTP doesn't need the DTLS timer Returns always 1. |
2340 | | */ |
2341 | | break; |
2342 | | case BIO_CTRL_DGRAM_GET_MTU_OVERHEAD: |
2343 | | /* |
2344 | | * We allow transport protocol fragmentation so this is irrelevant |
2345 | | */ |
2346 | | ret = 0; |
2347 | | break; |
2348 | | case BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE: |
2349 | | if (num > 0) |
2350 | | data->in_handshake = 1; |
2351 | | else |
2352 | | data->in_handshake = 0; |
2353 | | |
2354 | | ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_NODELAY, |
2355 | | &data->in_handshake, sizeof(int)); |
2356 | | break; |
2357 | | case BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY: |
2358 | | /* |
2359 | | * New shared key for SCTP AUTH. Returns 0 on success, -1 otherwise. |
2360 | | */ |
2361 | | |
2362 | | /* Get active key */ |
2363 | | sockopt_len = sizeof(struct sctp_authkeyid); |
2364 | | ret = getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, &authkeyid, |
2365 | | &sockopt_len); |
2366 | | if (ret < 0) |
2367 | | break; |
2368 | | |
2369 | | /* Add new key */ |
2370 | | sockopt_len = sizeof(struct sctp_authkey) + 64 * sizeof(uint8_t); |
2371 | | authkey = OPENSSL_malloc(sockopt_len); |
2372 | | if (authkey == NULL) { |
2373 | | ret = -1; |
2374 | | break; |
2375 | | } |
2376 | | memset(authkey, 0, sockopt_len); |
2377 | | authkey->sca_keynumber = authkeyid.scact_keynumber + 1; |
2378 | | #ifndef __FreeBSD__ |
2379 | | /* |
2380 | | * This field is missing in FreeBSD 8.2 and earlier, and FreeBSD 8.3 |
2381 | | * and higher work without it. |
2382 | | */ |
2383 | | authkey->sca_keylength = 64; |
2384 | | #endif |
2385 | | memcpy(&authkey->sca_key[0], ptr, 64 * sizeof(uint8_t)); |
2386 | | |
2387 | | ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_KEY, authkey, |
2388 | | sockopt_len); |
2389 | | OPENSSL_free(authkey); |
2390 | | authkey = NULL; |
2391 | | if (ret < 0) |
2392 | | break; |
2393 | | |
2394 | | /* Reset active key */ |
2395 | | ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, |
2396 | | &authkeyid, sizeof(struct sctp_authkeyid)); |
2397 | | if (ret < 0) |
2398 | | break; |
2399 | | |
2400 | | break; |
2401 | | case BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY: |
2402 | | /* Returns 0 on success, -1 otherwise. */ |
2403 | | |
2404 | | /* Get active key */ |
2405 | | sockopt_len = sizeof(struct sctp_authkeyid); |
2406 | | ret = getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, &authkeyid, |
2407 | | &sockopt_len); |
2408 | | if (ret < 0) |
2409 | | break; |
2410 | | |
2411 | | /* Set active key */ |
2412 | | authkeyid.scact_keynumber = authkeyid.scact_keynumber + 1; |
2413 | | ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, |
2414 | | &authkeyid, sizeof(struct sctp_authkeyid)); |
2415 | | if (ret < 0) |
2416 | | break; |
2417 | | |
2418 | | /* |
2419 | | * CCS has been sent, so remember that and fall through to check if |
2420 | | * we need to deactivate an old key |
2421 | | */ |
2422 | | data->ccs_sent = 1; |
2423 | | /* fall-through */ |
2424 | | |
2425 | | case BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD: |
2426 | | /* Returns 0 on success, -1 otherwise. */ |
2427 | | |
2428 | | /* |
2429 | | * Has this command really been called or is this just a |
2430 | | * fall-through? |
2431 | | */ |
2432 | | if (cmd == BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD) |
2433 | | data->ccs_rcvd = 1; |
2434 | | |
2435 | | /* |
2436 | | * CSS has been both, received and sent, so deactivate an old key |
2437 | | */ |
2438 | | if (data->ccs_rcvd == 1 && data->ccs_sent == 1) { |
2439 | | /* Get active key */ |
2440 | | sockopt_len = sizeof(struct sctp_authkeyid); |
2441 | | ret = getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, |
2442 | | &authkeyid, &sockopt_len); |
2443 | | if (ret < 0) |
2444 | | break; |
2445 | | |
2446 | | /* |
2447 | | * Deactivate key or delete second last key if |
2448 | | * SCTP_AUTHENTICATION_EVENT is not available. |
2449 | | */ |
2450 | | authkeyid.scact_keynumber = authkeyid.scact_keynumber - 1; |
2451 | | #ifdef SCTP_AUTH_DEACTIVATE_KEY |
2452 | | sockopt_len = sizeof(struct sctp_authkeyid); |
2453 | | ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_DEACTIVATE_KEY, |
2454 | | &authkeyid, sockopt_len); |
2455 | | if (ret < 0) |
2456 | | break; |
2457 | | #endif |
2458 | | #ifndef SCTP_AUTHENTICATION_EVENT |
2459 | | if (authkeyid.scact_keynumber > 0) { |
2460 | | authkeyid.scact_keynumber = authkeyid.scact_keynumber - 1; |
2461 | | ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_DELETE_KEY, |
2462 | | &authkeyid, sizeof(struct sctp_authkeyid)); |
2463 | | if (ret < 0) |
2464 | | break; |
2465 | | } |
2466 | | #endif |
2467 | | |
2468 | | data->ccs_rcvd = 0; |
2469 | | data->ccs_sent = 0; |
2470 | | } |
2471 | | break; |
2472 | | case BIO_CTRL_DGRAM_SCTP_GET_SNDINFO: |
2473 | | /* Returns the size of the copied struct. */ |
2474 | | if (num > (long)sizeof(struct bio_dgram_sctp_sndinfo)) |
2475 | | num = sizeof(struct bio_dgram_sctp_sndinfo); |
2476 | | |
2477 | | memcpy(ptr, &(data->sndinfo), num); |
2478 | | ret = num; |
2479 | | break; |
2480 | | case BIO_CTRL_DGRAM_SCTP_SET_SNDINFO: |
2481 | | /* Returns the size of the copied struct. */ |
2482 | | if (num > (long)sizeof(struct bio_dgram_sctp_sndinfo)) |
2483 | | num = sizeof(struct bio_dgram_sctp_sndinfo); |
2484 | | |
2485 | | memcpy(&(data->sndinfo), ptr, num); |
2486 | | break; |
2487 | | case BIO_CTRL_DGRAM_SCTP_GET_RCVINFO: |
2488 | | /* Returns the size of the copied struct. */ |
2489 | | if (num > (long)sizeof(struct bio_dgram_sctp_rcvinfo)) |
2490 | | num = sizeof(struct bio_dgram_sctp_rcvinfo); |
2491 | | |
2492 | | memcpy(ptr, &data->rcvinfo, num); |
2493 | | |
2494 | | ret = num; |
2495 | | break; |
2496 | | case BIO_CTRL_DGRAM_SCTP_SET_RCVINFO: |
2497 | | /* Returns the size of the copied struct. */ |
2498 | | if (num > (long)sizeof(struct bio_dgram_sctp_rcvinfo)) |
2499 | | num = sizeof(struct bio_dgram_sctp_rcvinfo); |
2500 | | |
2501 | | memcpy(&(data->rcvinfo), ptr, num); |
2502 | | break; |
2503 | | case BIO_CTRL_DGRAM_SCTP_GET_PRINFO: |
2504 | | /* Returns the size of the copied struct. */ |
2505 | | if (num > (long)sizeof(struct bio_dgram_sctp_prinfo)) |
2506 | | num = sizeof(struct bio_dgram_sctp_prinfo); |
2507 | | |
2508 | | memcpy(ptr, &(data->prinfo), num); |
2509 | | ret = num; |
2510 | | break; |
2511 | | case BIO_CTRL_DGRAM_SCTP_SET_PRINFO: |
2512 | | /* Returns the size of the copied struct. */ |
2513 | | if (num > (long)sizeof(struct bio_dgram_sctp_prinfo)) |
2514 | | num = sizeof(struct bio_dgram_sctp_prinfo); |
2515 | | |
2516 | | memcpy(&(data->prinfo), ptr, num); |
2517 | | break; |
2518 | | case BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN: |
2519 | | /* Returns always 1. */ |
2520 | | if (num > 0) |
2521 | | data->save_shutdown = 1; |
2522 | | else |
2523 | | data->save_shutdown = 0; |
2524 | | break; |
2525 | | case BIO_CTRL_DGRAM_SCTP_WAIT_FOR_DRY: |
2526 | | return dgram_sctp_wait_for_dry(b); |
2527 | | case BIO_CTRL_DGRAM_SCTP_MSG_WAITING: |
2528 | | return dgram_sctp_msg_waiting(b); |
2529 | | |
2530 | | default: |
2531 | | /* |
2532 | | * Pass to default ctrl function to process SCTP unspecific commands |
2533 | | */ |
2534 | | ret = dgram_ctrl(b, cmd, num, ptr); |
2535 | | break; |
2536 | | } |
2537 | | return ret; |
2538 | | } |
2539 | | |
2540 | | int BIO_dgram_sctp_notification_cb(BIO *b, |
2541 | | BIO_dgram_sctp_notification_handler_fn handle_notifications, |
2542 | | void *context) |
2543 | | { |
2544 | | bio_dgram_sctp_data *data = (bio_dgram_sctp_data *)b->ptr; |
2545 | | |
2546 | | if (handle_notifications != NULL) { |
2547 | | data->handle_notifications = handle_notifications; |
2548 | | data->notification_context = context; |
2549 | | } else |
2550 | | return -1; |
2551 | | |
2552 | | return 0; |
2553 | | } |
2554 | | |
2555 | | /* |
2556 | | * BIO_dgram_sctp_wait_for_dry - Wait for SCTP SENDER_DRY event |
2557 | | * @b: The BIO to check for the dry event |
2558 | | * |
2559 | | * Wait until the peer confirms all packets have been received, and so that |
2560 | | * our kernel doesn't have anything to send anymore. This is only received by |
2561 | | * the peer's kernel, not the application. |
2562 | | * |
2563 | | * Returns: |
2564 | | * -1 on error |
2565 | | * 0 when not dry yet |
2566 | | * 1 when dry |
2567 | | */ |
2568 | | int BIO_dgram_sctp_wait_for_dry(BIO *b) |
2569 | | { |
2570 | | return (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SCTP_WAIT_FOR_DRY, 0, NULL); |
2571 | | } |
2572 | | |
2573 | | static int dgram_sctp_wait_for_dry(BIO *b) |
2574 | | { |
2575 | | int is_dry = 0; |
2576 | | int sockflags = 0; |
2577 | | int n, ret; |
2578 | | union sctp_notification snp; |
2579 | | struct msghdr msg; |
2580 | | struct iovec iov; |
2581 | | #ifdef SCTP_EVENT |
2582 | | struct sctp_event event; |
2583 | | #else |
2584 | | struct sctp_event_subscribe event; |
2585 | | socklen_t eventsize; |
2586 | | #endif |
2587 | | bio_dgram_sctp_data *data = (bio_dgram_sctp_data *)b->ptr; |
2588 | | |
2589 | | /* set sender dry event */ |
2590 | | #ifdef SCTP_EVENT |
2591 | | memset(&event, 0, sizeof(event)); |
2592 | | event.se_assoc_id = 0; |
2593 | | event.se_type = SCTP_SENDER_DRY_EVENT; |
2594 | | event.se_on = 1; |
2595 | | ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENT, &event, |
2596 | | sizeof(struct sctp_event)); |
2597 | | #else |
2598 | | eventsize = sizeof(struct sctp_event_subscribe); |
2599 | | ret = getsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, &eventsize); |
2600 | | if (ret < 0) |
2601 | | return -1; |
2602 | | |
2603 | | event.sctp_sender_dry_event = 1; |
2604 | | |
2605 | | ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, |
2606 | | sizeof(struct sctp_event_subscribe)); |
2607 | | #endif |
2608 | | if (ret < 0) |
2609 | | return -1; |
2610 | | |
2611 | | /* peek for notification */ |
2612 | | memset(&snp, 0, sizeof(snp)); |
2613 | | iov.iov_base = (char *)&snp; |
2614 | | iov.iov_len = sizeof(union sctp_notification); |
2615 | | msg.msg_name = NULL; |
2616 | | msg.msg_namelen = 0; |
2617 | | msg.msg_iov = &iov; |
2618 | | msg.msg_iovlen = 1; |
2619 | | msg.msg_control = NULL; |
2620 | | msg.msg_controllen = 0; |
2621 | | msg.msg_flags = 0; |
2622 | | |
2623 | | n = recvmsg(b->num, &msg, MSG_PEEK); |
2624 | | if (n <= 0) { |
2625 | | if ((n < 0) && (get_last_socket_error() != EAGAIN) |
2626 | | && (get_last_socket_error() != EWOULDBLOCK)) |
2627 | | return -1; |
2628 | | else |
2629 | | return 0; |
2630 | | } |
2631 | | |
2632 | | /* if we find a notification, process it and try again if necessary */ |
2633 | | while (msg.msg_flags & MSG_NOTIFICATION) { |
2634 | | memset(&snp, 0, sizeof(snp)); |
2635 | | iov.iov_base = (char *)&snp; |
2636 | | iov.iov_len = sizeof(union sctp_notification); |
2637 | | msg.msg_name = NULL; |
2638 | | msg.msg_namelen = 0; |
2639 | | msg.msg_iov = &iov; |
2640 | | msg.msg_iovlen = 1; |
2641 | | msg.msg_control = NULL; |
2642 | | msg.msg_controllen = 0; |
2643 | | msg.msg_flags = 0; |
2644 | | |
2645 | | n = recvmsg(b->num, &msg, 0); |
2646 | | if (n <= 0) { |
2647 | | if ((n < 0) && (get_last_socket_error() != EAGAIN) |
2648 | | && (get_last_socket_error() != EWOULDBLOCK)) |
2649 | | return -1; |
2650 | | else |
2651 | | return is_dry; |
2652 | | } |
2653 | | |
2654 | | if (snp.sn_header.sn_type == SCTP_SENDER_DRY_EVENT) { |
2655 | | is_dry = 1; |
2656 | | |
2657 | | /* disable sender dry event */ |
2658 | | #ifdef SCTP_EVENT |
2659 | | memset(&event, 0, sizeof(event)); |
2660 | | event.se_assoc_id = 0; |
2661 | | event.se_type = SCTP_SENDER_DRY_EVENT; |
2662 | | event.se_on = 0; |
2663 | | ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENT, &event, |
2664 | | sizeof(struct sctp_event)); |
2665 | | #else |
2666 | | eventsize = (socklen_t)sizeof(struct sctp_event_subscribe); |
2667 | | ret = getsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, |
2668 | | &eventsize); |
2669 | | if (ret < 0) |
2670 | | return -1; |
2671 | | |
2672 | | event.sctp_sender_dry_event = 0; |
2673 | | |
2674 | | ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, |
2675 | | sizeof(struct sctp_event_subscribe)); |
2676 | | #endif |
2677 | | if (ret < 0) |
2678 | | return -1; |
2679 | | } |
2680 | | #ifdef SCTP_AUTHENTICATION_EVENT |
2681 | | if (snp.sn_header.sn_type == SCTP_AUTHENTICATION_EVENT) |
2682 | | dgram_sctp_handle_auth_free_key_event(b, &snp); |
2683 | | #endif |
2684 | | |
2685 | | if (data->handle_notifications != NULL) |
2686 | | data->handle_notifications(b, data->notification_context, |
2687 | | (void *)&snp); |
2688 | | |
2689 | | /* found notification, peek again */ |
2690 | | memset(&snp, 0, sizeof(snp)); |
2691 | | iov.iov_base = (char *)&snp; |
2692 | | iov.iov_len = sizeof(union sctp_notification); |
2693 | | msg.msg_name = NULL; |
2694 | | msg.msg_namelen = 0; |
2695 | | msg.msg_iov = &iov; |
2696 | | msg.msg_iovlen = 1; |
2697 | | msg.msg_control = NULL; |
2698 | | msg.msg_controllen = 0; |
2699 | | msg.msg_flags = 0; |
2700 | | |
2701 | | /* if we have seen the dry already, don't wait */ |
2702 | | if (is_dry) { |
2703 | | sockflags = fcntl(b->num, F_GETFL, 0); |
2704 | | fcntl(b->num, F_SETFL, O_NONBLOCK); |
2705 | | } |
2706 | | |
2707 | | n = recvmsg(b->num, &msg, MSG_PEEK); |
2708 | | |
2709 | | if (is_dry) { |
2710 | | fcntl(b->num, F_SETFL, sockflags); |
2711 | | } |
2712 | | |
2713 | | if (n <= 0) { |
2714 | | if ((n < 0) && (get_last_socket_error() != EAGAIN) |
2715 | | && (get_last_socket_error() != EWOULDBLOCK)) |
2716 | | return -1; |
2717 | | else |
2718 | | return is_dry; |
2719 | | } |
2720 | | } |
2721 | | |
2722 | | /* read anything else */ |
2723 | | return is_dry; |
2724 | | } |
2725 | | |
2726 | | int BIO_dgram_sctp_msg_waiting(BIO *b) |
2727 | | { |
2728 | | return (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SCTP_MSG_WAITING, 0, NULL); |
2729 | | } |
2730 | | |
2731 | | static int dgram_sctp_msg_waiting(BIO *b) |
2732 | | { |
2733 | | int n, sockflags; |
2734 | | union sctp_notification snp; |
2735 | | struct msghdr msg; |
2736 | | struct iovec iov; |
2737 | | bio_dgram_sctp_data *data = (bio_dgram_sctp_data *)b->ptr; |
2738 | | |
2739 | | /* Check if there are any messages waiting to be read */ |
2740 | | do { |
2741 | | memset(&snp, 0, sizeof(snp)); |
2742 | | iov.iov_base = (char *)&snp; |
2743 | | iov.iov_len = sizeof(union sctp_notification); |
2744 | | msg.msg_name = NULL; |
2745 | | msg.msg_namelen = 0; |
2746 | | msg.msg_iov = &iov; |
2747 | | msg.msg_iovlen = 1; |
2748 | | msg.msg_control = NULL; |
2749 | | msg.msg_controllen = 0; |
2750 | | msg.msg_flags = 0; |
2751 | | |
2752 | | sockflags = fcntl(b->num, F_GETFL, 0); |
2753 | | fcntl(b->num, F_SETFL, O_NONBLOCK); |
2754 | | n = recvmsg(b->num, &msg, MSG_PEEK); |
2755 | | fcntl(b->num, F_SETFL, sockflags); |
2756 | | |
2757 | | /* if notification, process and try again */ |
2758 | | if (n > 0 && (msg.msg_flags & MSG_NOTIFICATION)) { |
2759 | | #ifdef SCTP_AUTHENTICATION_EVENT |
2760 | | if (snp.sn_header.sn_type == SCTP_AUTHENTICATION_EVENT) |
2761 | | dgram_sctp_handle_auth_free_key_event(b, &snp); |
2762 | | #endif |
2763 | | |
2764 | | memset(&snp, 0, sizeof(snp)); |
2765 | | iov.iov_base = (char *)&snp; |
2766 | | iov.iov_len = sizeof(union sctp_notification); |
2767 | | msg.msg_name = NULL; |
2768 | | msg.msg_namelen = 0; |
2769 | | msg.msg_iov = &iov; |
2770 | | msg.msg_iovlen = 1; |
2771 | | msg.msg_control = NULL; |
2772 | | msg.msg_controllen = 0; |
2773 | | msg.msg_flags = 0; |
2774 | | n = recvmsg(b->num, &msg, 0); |
2775 | | |
2776 | | if (data->handle_notifications != NULL) |
2777 | | data->handle_notifications(b, data->notification_context, |
2778 | | (void *)&snp); |
2779 | | } |
2780 | | |
2781 | | } while (n > 0 && (msg.msg_flags & MSG_NOTIFICATION)); |
2782 | | |
2783 | | /* Return 1 if there is a message to be read, return 0 otherwise. */ |
2784 | | if (n > 0) |
2785 | | return 1; |
2786 | | else |
2787 | | return 0; |
2788 | | } |
2789 | | |
2790 | | static int dgram_sctp_puts(BIO *bp, const char *str) |
2791 | | { |
2792 | | int n, ret; |
2793 | | |
2794 | | n = strlen(str); |
2795 | | ret = dgram_sctp_write(bp, str, n); |
2796 | | return ret; |
2797 | | } |
2798 | | #endif |
2799 | | |
2800 | | static int BIO_dgram_should_retry(int i) |
2801 | 0 | { |
2802 | 0 | int err; |
2803 | |
|
2804 | 0 | if ((i == 0) || (i == -1)) { |
2805 | 0 | err = get_last_socket_error(); |
2806 | |
|
2807 | | #if defined(OPENSSL_SYS_WINDOWS) |
2808 | | /* |
2809 | | * If the socket return value (i) is -1 and err is unexpectedly 0 at |
2810 | | * this point, the error code was overwritten by another system call |
2811 | | * before this error handling is called. |
2812 | | */ |
2813 | | #endif |
2814 | |
|
2815 | 0 | return BIO_dgram_non_fatal_error(err); |
2816 | 0 | } |
2817 | 0 | return 0; |
2818 | 0 | } |
2819 | | |
2820 | | int BIO_dgram_non_fatal_error(int err) |
2821 | 0 | { |
2822 | 0 | switch (err) { |
2823 | | #if defined(OPENSSL_SYS_WINDOWS) |
2824 | | #if defined(WSAEWOULDBLOCK) |
2825 | | case WSAEWOULDBLOCK: |
2826 | | #endif |
2827 | | #endif |
2828 | | |
2829 | 0 | #ifdef EWOULDBLOCK |
2830 | | #ifdef WSAEWOULDBLOCK |
2831 | | #if WSAEWOULDBLOCK != EWOULDBLOCK |
2832 | | case EWOULDBLOCK: |
2833 | | #endif |
2834 | | #else |
2835 | 0 | case EWOULDBLOCK: |
2836 | 0 | #endif |
2837 | 0 | #endif |
2838 | |
|
2839 | 0 | #ifdef EINTR |
2840 | 0 | case EINTR: |
2841 | 0 | #endif |
2842 | |
|
2843 | 0 | #ifdef EAGAIN |
2844 | | #if EWOULDBLOCK != EAGAIN |
2845 | | case EAGAIN: |
2846 | | #endif |
2847 | 0 | #endif |
2848 | |
|
2849 | 0 | #ifdef EPROTO |
2850 | 0 | case EPROTO: |
2851 | 0 | #endif |
2852 | |
|
2853 | 0 | #ifdef EINPROGRESS |
2854 | 0 | case EINPROGRESS: |
2855 | 0 | #endif |
2856 | |
|
2857 | 0 | #ifdef EALREADY |
2858 | 0 | case EALREADY: |
2859 | 0 | #endif |
2860 | |
|
2861 | 0 | return 1; |
2862 | 0 | default: |
2863 | 0 | break; |
2864 | 0 | } |
2865 | 0 | return 0; |
2866 | 0 | } |
2867 | | |
2868 | | #endif |