/src/openssl/crypto/bio/bss_dgram.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Copyright 2005-2023 The OpenSSL Project Authors. All Rights Reserved. |
3 | | * |
4 | | * Licensed under the Apache License 2.0 (the "License"). You may not use |
5 | | * this file except in compliance with the License. You can obtain a copy |
6 | | * in the file LICENSE in the source distribution or at |
7 | | * https://www.openssl.org/source/license.html |
8 | | */ |
9 | | |
10 | | #ifndef _GNU_SOURCE |
11 | | # define _GNU_SOURCE |
12 | | #endif |
13 | | |
14 | | #include <stdio.h> |
15 | | #include <errno.h> |
16 | | |
17 | | #include "internal/time.h" |
18 | | #include "bio_local.h" |
19 | | #ifndef OPENSSL_NO_DGRAM |
20 | | |
21 | | # ifndef OPENSSL_NO_SCTP |
22 | | # include <netinet/sctp.h> |
23 | | # include <fcntl.h> |
24 | | # define OPENSSL_SCTP_DATA_CHUNK_TYPE 0x00 |
25 | | # define OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE 0xc0 |
26 | | # endif |
27 | | |
28 | | # if defined(OPENSSL_SYS_LINUX) && !defined(IP_MTU) |
29 | | # define IP_MTU 14 /* linux is lame */ |
30 | | # endif |
31 | | |
32 | | # if OPENSSL_USE_IPV6 && !defined(IPPROTO_IPV6) |
33 | | # define IPPROTO_IPV6 41 /* windows is lame */ |
34 | | # endif |
35 | | |
36 | | # if defined(__FreeBSD__) && defined(IN6_IS_ADDR_V4MAPPED) |
37 | | /* Standard definition causes type-punning problems. */ |
38 | | # undef IN6_IS_ADDR_V4MAPPED |
39 | | # define s6_addr32 __u6_addr.__u6_addr32 |
40 | | # define IN6_IS_ADDR_V4MAPPED(a) \ |
41 | | (((a)->s6_addr32[0] == 0) && \ |
42 | | ((a)->s6_addr32[1] == 0) && \ |
43 | | ((a)->s6_addr32[2] == htonl(0x0000ffff))) |
44 | | # endif |
45 | | |
46 | | /* Determine what method to use for BIO_sendmmsg and BIO_recvmmsg. */ |
47 | | # define M_METHOD_NONE 0 |
48 | | # define M_METHOD_RECVMMSG 1 |
49 | | # define M_METHOD_RECVMSG 2 |
50 | | # define M_METHOD_RECVFROM 3 |
51 | | # define M_METHOD_WSARECVMSG 4 |
52 | | |
53 | | # if defined(__GLIBC__) && defined(__GLIBC_PREREQ) |
54 | | # if !(__GLIBC_PREREQ(2, 14)) |
55 | | # undef NO_RECVMMSG |
56 | | /* |
57 | | * Some old glibc versions may have recvmmsg and MSG_WAITFORONE flag, but |
58 | | * not sendmmsg. We need both so force this to be disabled on these old |
59 | | * versions |
60 | | */ |
61 | | # define NO_RECVMMSG |
62 | | # endif |
63 | | # endif |
64 | | # if defined(__GNU__) |
65 | | /* GNU/Hurd does not have IP_PKTINFO yet */ |
66 | | #undef NO_RECVMSG |
67 | | #define NO_RECVMSG |
68 | | # endif |
69 | | # if !defined(M_METHOD) |
70 | | # if defined(OPENSSL_SYS_WINDOWS) && defined(BIO_HAVE_WSAMSG) && !defined(NO_WSARECVMSG) |
71 | | # define M_METHOD M_METHOD_WSARECVMSG |
72 | | # elif !defined(OPENSSL_SYS_WINDOWS) && defined(MSG_WAITFORONE) && !defined(NO_RECVMMSG) |
73 | | # define M_METHOD M_METHOD_RECVMMSG |
74 | | # elif !defined(OPENSSL_SYS_WINDOWS) && defined(CMSG_LEN) && !defined(NO_RECVMSG) |
75 | | # define M_METHOD M_METHOD_RECVMSG |
76 | | # elif !defined(NO_RECVFROM) |
77 | | # define M_METHOD M_METHOD_RECVFROM |
78 | | # else |
79 | | # define M_METHOD M_METHOD_NONE |
80 | | # endif |
81 | | # endif |
82 | | |
83 | | # if defined(OPENSSL_SYS_WINDOWS) |
84 | | # define BIO_CMSG_SPACE(x) WSA_CMSG_SPACE(x) |
85 | | # define BIO_CMSG_FIRSTHDR(x) WSA_CMSG_FIRSTHDR(x) |
86 | | # define BIO_CMSG_NXTHDR(x, y) WSA_CMSG_NXTHDR(x, y) |
87 | | # define BIO_CMSG_DATA(x) WSA_CMSG_DATA(x) |
88 | | # define BIO_CMSG_LEN(x) WSA_CMSG_LEN(x) |
89 | | # define MSGHDR_TYPE WSAMSG |
90 | | # define CMSGHDR_TYPE WSACMSGHDR |
91 | | # else |
92 | | # define MSGHDR_TYPE struct msghdr |
93 | 0 | # define CMSGHDR_TYPE struct cmsghdr |
94 | 0 | # define BIO_CMSG_SPACE(x) CMSG_SPACE(x) |
95 | 0 | # define BIO_CMSG_FIRSTHDR(x) CMSG_FIRSTHDR(x) |
96 | 0 | # define BIO_CMSG_NXTHDR(x, y) CMSG_NXTHDR(x, y) |
97 | 0 | # define BIO_CMSG_DATA(x) CMSG_DATA(x) |
98 | 0 | # define BIO_CMSG_LEN(x) CMSG_LEN(x) |
99 | | # endif |
100 | | |
101 | | # if M_METHOD == M_METHOD_RECVMMSG \ |
102 | | || M_METHOD == M_METHOD_RECVMSG \ |
103 | | || M_METHOD == M_METHOD_WSARECVMSG |
104 | | # if defined(__APPLE__) |
105 | | /* |
106 | | * CMSG_SPACE is not a constant expression on OSX even though POSIX |
107 | | * says it's supposed to be. This should be adequate. |
108 | | */ |
109 | | # define BIO_CMSG_ALLOC_LEN 64 |
110 | | # else |
111 | | # if defined(IPV6_PKTINFO) |
112 | | # define BIO_CMSG_ALLOC_LEN_1 BIO_CMSG_SPACE(sizeof(struct in6_pktinfo)) |
113 | | # else |
114 | | # define BIO_CMSG_ALLOC_LEN_1 0 |
115 | | # endif |
116 | | # if defined(IP_PKTINFO) |
117 | | # define BIO_CMSG_ALLOC_LEN_2 BIO_CMSG_SPACE(sizeof(struct in_pktinfo)) |
118 | | # else |
119 | | # define BIO_CMSG_ALLOC_LEN_2 0 |
120 | | # endif |
121 | | # if defined(IP_RECVDSTADDR) |
122 | | # define BIO_CMSG_ALLOC_LEN_3 BIO_CMSG_SPACE(sizeof(struct in_addr)) |
123 | | # else |
124 | | # define BIO_CMSG_ALLOC_LEN_3 0 |
125 | | # endif |
126 | 0 | # define BIO_MAX(X,Y) ((X) > (Y) ? (X) : (Y)) |
127 | | # define BIO_CMSG_ALLOC_LEN \ |
128 | 0 | BIO_MAX(BIO_CMSG_ALLOC_LEN_1, \ |
129 | 0 | BIO_MAX(BIO_CMSG_ALLOC_LEN_2, BIO_CMSG_ALLOC_LEN_3)) |
130 | | # endif |
131 | | # if (defined(IP_PKTINFO) || defined(IP_RECVDSTADDR)) && defined(IPV6_RECVPKTINFO) |
132 | | # define SUPPORT_LOCAL_ADDR |
133 | | # endif |
134 | | # endif |
135 | | |
136 | 0 | # define BIO_MSG_N(array, stride, n) (*(BIO_MSG *)((char *)(array) + (n)*(stride))) |
137 | | |
138 | | static int dgram_write(BIO *h, const char *buf, int num); |
139 | | static int dgram_read(BIO *h, char *buf, int size); |
140 | | static int dgram_puts(BIO *h, const char *str); |
141 | | static long dgram_ctrl(BIO *h, int cmd, long arg1, void *arg2); |
142 | | static int dgram_new(BIO *h); |
143 | | static int dgram_free(BIO *data); |
144 | | static int dgram_clear(BIO *bio); |
145 | | static int dgram_sendmmsg(BIO *b, BIO_MSG *msg, |
146 | | size_t stride, size_t num_msg, |
147 | | uint64_t flags, size_t *num_processed); |
148 | | static int dgram_recvmmsg(BIO *b, BIO_MSG *msg, |
149 | | size_t stride, size_t num_msg, |
150 | | uint64_t flags, size_t *num_processed); |
151 | | |
152 | | # ifndef OPENSSL_NO_SCTP |
153 | | static int dgram_sctp_write(BIO *h, const char *buf, int num); |
154 | | static int dgram_sctp_read(BIO *h, char *buf, int size); |
155 | | static int dgram_sctp_puts(BIO *h, const char *str); |
156 | | static long dgram_sctp_ctrl(BIO *h, int cmd, long arg1, void *arg2); |
157 | | static int dgram_sctp_new(BIO *h); |
158 | | static int dgram_sctp_free(BIO *data); |
159 | | static int dgram_sctp_wait_for_dry(BIO *b); |
160 | | static int dgram_sctp_msg_waiting(BIO *b); |
161 | | # ifdef SCTP_AUTHENTICATION_EVENT |
162 | | static void dgram_sctp_handle_auth_free_key_event(BIO *b, union sctp_notification |
163 | | *snp); |
164 | | # endif |
165 | | # endif |
166 | | |
167 | | static int BIO_dgram_should_retry(int s); |
168 | | |
169 | | static const BIO_METHOD methods_dgramp = { |
170 | | BIO_TYPE_DGRAM, |
171 | | "datagram socket", |
172 | | bwrite_conv, |
173 | | dgram_write, |
174 | | bread_conv, |
175 | | dgram_read, |
176 | | dgram_puts, |
177 | | NULL, /* dgram_gets, */ |
178 | | dgram_ctrl, |
179 | | dgram_new, |
180 | | dgram_free, |
181 | | NULL, /* dgram_callback_ctrl */ |
182 | | dgram_sendmmsg, |
183 | | dgram_recvmmsg, |
184 | | }; |
185 | | |
186 | | # ifndef OPENSSL_NO_SCTP |
187 | | static const BIO_METHOD methods_dgramp_sctp = { |
188 | | BIO_TYPE_DGRAM_SCTP, |
189 | | "datagram sctp socket", |
190 | | bwrite_conv, |
191 | | dgram_sctp_write, |
192 | | bread_conv, |
193 | | dgram_sctp_read, |
194 | | dgram_sctp_puts, |
195 | | NULL, /* dgram_gets, */ |
196 | | dgram_sctp_ctrl, |
197 | | dgram_sctp_new, |
198 | | dgram_sctp_free, |
199 | | NULL, /* dgram_callback_ctrl */ |
200 | | NULL, /* sendmmsg */ |
201 | | NULL, /* recvmmsg */ |
202 | | }; |
203 | | # endif |
204 | | |
205 | | typedef struct bio_dgram_data_st { |
206 | | BIO_ADDR peer; |
207 | | BIO_ADDR local_addr; |
208 | | unsigned int connected; |
209 | | unsigned int _errno; |
210 | | unsigned int mtu; |
211 | | OSSL_TIME next_timeout; |
212 | | OSSL_TIME socket_timeout; |
213 | | unsigned int peekmode; |
214 | | char local_addr_enabled; |
215 | | } bio_dgram_data; |
216 | | |
217 | | # ifndef OPENSSL_NO_SCTP |
218 | | typedef struct bio_dgram_sctp_save_message_st { |
219 | | BIO *bio; |
220 | | char *data; |
221 | | int length; |
222 | | } bio_dgram_sctp_save_message; |
223 | | |
224 | | /* |
225 | | * Note: bio_dgram_data must be first here |
226 | | * as we use dgram_ctrl for underlying dgram operations |
227 | | * which will cast this struct to a bio_dgram_data |
228 | | */ |
229 | | typedef struct bio_dgram_sctp_data_st { |
230 | | bio_dgram_data dgram; |
231 | | struct bio_dgram_sctp_sndinfo sndinfo; |
232 | | struct bio_dgram_sctp_rcvinfo rcvinfo; |
233 | | struct bio_dgram_sctp_prinfo prinfo; |
234 | | BIO_dgram_sctp_notification_handler_fn handle_notifications; |
235 | | void *notification_context; |
236 | | int in_handshake; |
237 | | int ccs_rcvd; |
238 | | int ccs_sent; |
239 | | int save_shutdown; |
240 | | int peer_auth_tested; |
241 | | } bio_dgram_sctp_data; |
242 | | # endif |
243 | | |
244 | | const BIO_METHOD *BIO_s_datagram(void) |
245 | 0 | { |
246 | 0 | return &methods_dgramp; |
247 | 0 | } |
248 | | |
249 | | BIO *BIO_new_dgram(int fd, int close_flag) |
250 | 0 | { |
251 | 0 | BIO *ret; |
252 | |
|
253 | 0 | ret = BIO_new(BIO_s_datagram()); |
254 | 0 | if (ret == NULL) |
255 | 0 | return NULL; |
256 | 0 | BIO_set_fd(ret, fd, close_flag); |
257 | 0 | return ret; |
258 | 0 | } |
259 | | |
260 | | static int dgram_new(BIO *bi) |
261 | 0 | { |
262 | 0 | bio_dgram_data *data = OPENSSL_zalloc(sizeof(*data)); |
263 | |
|
264 | 0 | if (data == NULL) |
265 | 0 | return 0; |
266 | 0 | bi->ptr = data; |
267 | 0 | return 1; |
268 | 0 | } |
269 | | |
270 | | static int dgram_free(BIO *a) |
271 | 0 | { |
272 | 0 | bio_dgram_data *data; |
273 | |
|
274 | 0 | if (a == NULL) |
275 | 0 | return 0; |
276 | 0 | if (!dgram_clear(a)) |
277 | 0 | return 0; |
278 | | |
279 | 0 | data = (bio_dgram_data *)a->ptr; |
280 | 0 | OPENSSL_free(data); |
281 | |
|
282 | 0 | return 1; |
283 | 0 | } |
284 | | |
285 | | static int dgram_clear(BIO *a) |
286 | 0 | { |
287 | 0 | if (a == NULL) |
288 | 0 | return 0; |
289 | 0 | if (a->shutdown) { |
290 | 0 | if (a->init) { |
291 | 0 | BIO_closesocket(a->num); |
292 | 0 | } |
293 | 0 | a->init = 0; |
294 | 0 | a->flags = 0; |
295 | 0 | } |
296 | 0 | return 1; |
297 | 0 | } |
298 | | |
299 | | static void dgram_adjust_rcv_timeout(BIO *b) |
300 | 0 | { |
301 | 0 | # if defined(SO_RCVTIMEO) |
302 | 0 | bio_dgram_data *data = (bio_dgram_data *)b->ptr; |
303 | 0 | OSSL_TIME timeleft; |
304 | | |
305 | | /* Is a timer active? */ |
306 | 0 | if (!ossl_time_is_zero(data->next_timeout)) { |
307 | | /* Read current socket timeout */ |
308 | | # ifdef OPENSSL_SYS_WINDOWS |
309 | | int timeout; |
310 | | int sz = sizeof(timeout); |
311 | | |
312 | | if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, |
313 | | (void *)&timeout, &sz) < 0) |
314 | | ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), |
315 | | "calling getsockopt()"); |
316 | | else |
317 | | data->socket_timeout = ossl_ms2time(timeout); |
318 | | # else |
319 | 0 | struct timeval tv; |
320 | 0 | socklen_t sz = sizeof(tv); |
321 | |
|
322 | 0 | if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, &tv, &sz) < 0) |
323 | 0 | ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), |
324 | 0 | "calling getsockopt()"); |
325 | 0 | else |
326 | 0 | data->socket_timeout = ossl_time_from_timeval(tv); |
327 | 0 | # endif |
328 | | |
329 | | /* Calculate time left until timer expires */ |
330 | 0 | timeleft = ossl_time_subtract(data->next_timeout, ossl_time_now()); |
331 | 0 | if (ossl_time_compare(timeleft, ossl_ticks2time(OSSL_TIME_US)) < 0) |
332 | 0 | timeleft = ossl_ticks2time(OSSL_TIME_US); |
333 | | |
334 | | /* |
335 | | * Adjust socket timeout if next handshake message timer will expire |
336 | | * earlier. |
337 | | */ |
338 | 0 | if (ossl_time_is_zero(data->socket_timeout) |
339 | 0 | || ossl_time_compare(data->socket_timeout, timeleft) >= 0) { |
340 | | # ifdef OPENSSL_SYS_WINDOWS |
341 | | timeout = (int)ossl_time2ms(timeleft); |
342 | | if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, |
343 | | (void *)&timeout, sizeof(timeout)) < 0) |
344 | | ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), |
345 | | "calling setsockopt()"); |
346 | | # else |
347 | 0 | tv = ossl_time_to_timeval(timeleft); |
348 | 0 | if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, &tv, |
349 | 0 | sizeof(tv)) < 0) |
350 | 0 | ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), |
351 | 0 | "calling setsockopt()"); |
352 | 0 | # endif |
353 | 0 | } |
354 | 0 | } |
355 | 0 | # endif |
356 | 0 | } |
357 | | |
358 | | static void dgram_update_local_addr(BIO *b) |
359 | 0 | { |
360 | 0 | bio_dgram_data *data = (bio_dgram_data *)b->ptr; |
361 | 0 | socklen_t addr_len = sizeof(data->local_addr); |
362 | |
|
363 | 0 | if (getsockname(b->num, &data->local_addr.sa, &addr_len) < 0) |
364 | | /* |
365 | | * This should not be possible, but zero-initialize and return |
366 | | * anyway. |
367 | | */ |
368 | 0 | BIO_ADDR_clear(&data->local_addr); |
369 | 0 | } |
370 | | |
371 | | # if M_METHOD == M_METHOD_RECVMMSG || M_METHOD == M_METHOD_RECVMSG || M_METHOD == M_METHOD_WSARECVMSG |
372 | | static int dgram_get_sock_family(BIO *b) |
373 | 0 | { |
374 | 0 | bio_dgram_data *data = (bio_dgram_data *)b->ptr; |
375 | 0 | return data->local_addr.sa.sa_family; |
376 | 0 | } |
377 | | # endif |
378 | | |
379 | | static void dgram_reset_rcv_timeout(BIO *b) |
380 | 0 | { |
381 | 0 | # if defined(SO_RCVTIMEO) |
382 | 0 | bio_dgram_data *data = (bio_dgram_data *)b->ptr; |
383 | | |
384 | | /* Is a timer active? */ |
385 | 0 | if (!ossl_time_is_zero(data->next_timeout)) { |
386 | | # ifdef OPENSSL_SYS_WINDOWS |
387 | | int timeout = (int)ossl_time2ms(data->socket_timeout); |
388 | | |
389 | | if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, |
390 | | (void *)&timeout, sizeof(timeout)) < 0) |
391 | | ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), |
392 | | "calling setsockopt()"); |
393 | | # else |
394 | 0 | struct timeval tv = ossl_time_to_timeval(data->socket_timeout); |
395 | |
|
396 | 0 | if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, &tv, sizeof(tv)) < 0) |
397 | 0 | ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), |
398 | 0 | "calling setsockopt()"); |
399 | 0 | # endif |
400 | 0 | } |
401 | 0 | # endif |
402 | 0 | } |
403 | | |
404 | | static int dgram_read(BIO *b, char *out, int outl) |
405 | 0 | { |
406 | 0 | int ret = 0; |
407 | 0 | bio_dgram_data *data = (bio_dgram_data *)b->ptr; |
408 | 0 | int flags = 0; |
409 | |
|
410 | 0 | BIO_ADDR peer; |
411 | 0 | socklen_t len = sizeof(peer); |
412 | |
|
413 | 0 | if (out != NULL) { |
414 | 0 | clear_socket_error(); |
415 | 0 | BIO_ADDR_clear(&peer); |
416 | 0 | dgram_adjust_rcv_timeout(b); |
417 | 0 | if (data->peekmode) |
418 | 0 | flags = MSG_PEEK; |
419 | 0 | ret = recvfrom(b->num, out, outl, flags, |
420 | 0 | BIO_ADDR_sockaddr_noconst(&peer), &len); |
421 | |
|
422 | 0 | if (!data->connected && ret >= 0) |
423 | 0 | BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, &peer); |
424 | |
|
425 | 0 | BIO_clear_retry_flags(b); |
426 | 0 | if (ret < 0) { |
427 | 0 | if (BIO_dgram_should_retry(ret)) { |
428 | 0 | BIO_set_retry_read(b); |
429 | 0 | data->_errno = get_last_socket_error(); |
430 | 0 | } |
431 | 0 | } |
432 | |
|
433 | 0 | dgram_reset_rcv_timeout(b); |
434 | 0 | } |
435 | 0 | return ret; |
436 | 0 | } |
437 | | |
438 | | static int dgram_write(BIO *b, const char *in, int inl) |
439 | 0 | { |
440 | 0 | int ret; |
441 | 0 | bio_dgram_data *data = (bio_dgram_data *)b->ptr; |
442 | 0 | clear_socket_error(); |
443 | |
|
444 | 0 | if (data->connected) |
445 | 0 | ret = writesocket(b->num, in, inl); |
446 | 0 | else { |
447 | 0 | int peerlen = BIO_ADDR_sockaddr_size(&data->peer); |
448 | |
|
449 | 0 | ret = sendto(b->num, in, inl, 0, |
450 | 0 | BIO_ADDR_sockaddr(&data->peer), peerlen); |
451 | 0 | } |
452 | |
|
453 | 0 | BIO_clear_retry_flags(b); |
454 | 0 | if (ret <= 0) { |
455 | 0 | if (BIO_dgram_should_retry(ret)) { |
456 | 0 | BIO_set_retry_write(b); |
457 | 0 | data->_errno = get_last_socket_error(); |
458 | 0 | } |
459 | 0 | } |
460 | 0 | return ret; |
461 | 0 | } |
462 | | |
463 | | static long dgram_get_mtu_overhead(bio_dgram_data *data) |
464 | 0 | { |
465 | 0 | long ret; |
466 | |
|
467 | 0 | switch (BIO_ADDR_family(&data->peer)) { |
468 | 0 | case AF_INET: |
469 | | /* |
470 | | * Assume this is UDP - 20 bytes for IP, 8 bytes for UDP |
471 | | */ |
472 | 0 | ret = 28; |
473 | 0 | break; |
474 | 0 | # if OPENSSL_USE_IPV6 |
475 | 0 | case AF_INET6: |
476 | 0 | { |
477 | 0 | # ifdef IN6_IS_ADDR_V4MAPPED |
478 | 0 | struct in6_addr tmp_addr; |
479 | 0 | if (BIO_ADDR_rawaddress(&data->peer, &tmp_addr, NULL) |
480 | 0 | && IN6_IS_ADDR_V4MAPPED(&tmp_addr)) |
481 | | /* |
482 | | * Assume this is UDP - 20 bytes for IP, 8 bytes for UDP |
483 | | */ |
484 | 0 | ret = 28; |
485 | 0 | else |
486 | 0 | # endif |
487 | | /* |
488 | | * Assume this is UDP - 40 bytes for IP, 8 bytes for UDP |
489 | | */ |
490 | 0 | ret = 48; |
491 | 0 | } |
492 | 0 | break; |
493 | 0 | # endif |
494 | 0 | default: |
495 | | /* We don't know. Go with the historical default */ |
496 | 0 | ret = 28; |
497 | 0 | break; |
498 | 0 | } |
499 | 0 | return ret; |
500 | 0 | } |
501 | | |
502 | | /* Enables appropriate destination address reception option on the socket. */ |
503 | | # if defined(SUPPORT_LOCAL_ADDR) |
504 | 0 | static int enable_local_addr(BIO *b, int enable) { |
505 | 0 | int af = dgram_get_sock_family(b); |
506 | |
|
507 | 0 | if (af == AF_INET) { |
508 | 0 | # if defined(IP_PKTINFO) |
509 | | /* IP_PKTINFO is preferred */ |
510 | 0 | if (setsockopt(b->num, IPPROTO_IP, IP_PKTINFO, |
511 | 0 | (void *)&enable, sizeof(enable)) < 0) |
512 | 0 | return 0; |
513 | | |
514 | 0 | return 1; |
515 | |
|
516 | | # elif defined(IP_RECVDSTADDR) |
517 | | /* Fall back to IP_RECVDSTADDR */ |
518 | | |
519 | | if (setsockopt(b->num, IPPROTO_IP, IP_RECVDSTADDR, |
520 | | &enable, sizeof(enable)) < 0) |
521 | | return 0; |
522 | | |
523 | | return 1; |
524 | | # endif |
525 | 0 | } |
526 | | |
527 | 0 | # if OPENSSL_USE_IPV6 |
528 | 0 | if (af == AF_INET6) { |
529 | 0 | # if defined(IPV6_RECVPKTINFO) |
530 | 0 | if (setsockopt(b->num, IPPROTO_IPV6, IPV6_RECVPKTINFO, |
531 | 0 | &enable, sizeof(enable)) < 0) |
532 | 0 | return 0; |
533 | | |
534 | 0 | return 1; |
535 | 0 | # endif |
536 | 0 | } |
537 | 0 | # endif |
538 | | |
539 | 0 | return 0; |
540 | 0 | } |
541 | | # endif |
542 | | |
543 | | static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) |
544 | 0 | { |
545 | 0 | long ret = 1; |
546 | 0 | int *ip; |
547 | 0 | bio_dgram_data *data = NULL; |
548 | 0 | # ifndef __DJGPP__ |
549 | | /* There are currently no cases where this is used on djgpp/watt32. */ |
550 | 0 | int sockopt_val = 0; |
551 | 0 | # endif |
552 | 0 | int d_errno; |
553 | 0 | # if defined(OPENSSL_SYS_LINUX) && (defined(IP_MTU_DISCOVER) || defined(IP_MTU)) |
554 | 0 | socklen_t sockopt_len; /* assume that system supporting IP_MTU is |
555 | | * modern enough to define socklen_t */ |
556 | 0 | socklen_t addr_len; |
557 | 0 | BIO_ADDR addr; |
558 | 0 | # endif |
559 | |
|
560 | 0 | data = (bio_dgram_data *)b->ptr; |
561 | |
|
562 | 0 | switch (cmd) { |
563 | 0 | case BIO_CTRL_RESET: |
564 | 0 | num = 0; |
565 | 0 | ret = 0; |
566 | 0 | break; |
567 | 0 | case BIO_CTRL_INFO: |
568 | 0 | ret = 0; |
569 | 0 | break; |
570 | 0 | case BIO_C_SET_FD: |
571 | 0 | dgram_clear(b); |
572 | 0 | b->num = *((int *)ptr); |
573 | 0 | b->shutdown = (int)num; |
574 | 0 | b->init = 1; |
575 | 0 | dgram_update_local_addr(b); |
576 | 0 | # if defined(SUPPORT_LOCAL_ADDR) |
577 | 0 | if (data->local_addr_enabled) { |
578 | 0 | if (enable_local_addr(b, 1) < 1) |
579 | 0 | data->local_addr_enabled = 0; |
580 | 0 | } |
581 | 0 | # endif |
582 | 0 | break; |
583 | 0 | case BIO_C_GET_FD: |
584 | 0 | if (b->init) { |
585 | 0 | ip = (int *)ptr; |
586 | 0 | if (ip != NULL) |
587 | 0 | *ip = b->num; |
588 | 0 | ret = b->num; |
589 | 0 | } else |
590 | 0 | ret = -1; |
591 | 0 | break; |
592 | 0 | case BIO_CTRL_GET_CLOSE: |
593 | 0 | ret = b->shutdown; |
594 | 0 | break; |
595 | 0 | case BIO_CTRL_SET_CLOSE: |
596 | 0 | b->shutdown = (int)num; |
597 | 0 | break; |
598 | 0 | case BIO_CTRL_PENDING: |
599 | 0 | case BIO_CTRL_WPENDING: |
600 | 0 | ret = 0; |
601 | 0 | break; |
602 | 0 | case BIO_CTRL_DUP: |
603 | 0 | case BIO_CTRL_FLUSH: |
604 | 0 | ret = 1; |
605 | 0 | break; |
606 | 0 | case BIO_CTRL_DGRAM_CONNECT: |
607 | 0 | BIO_ADDR_make(&data->peer, BIO_ADDR_sockaddr((BIO_ADDR *)ptr)); |
608 | 0 | break; |
609 | | /* (Linux)kernel sets DF bit on outgoing IP packets */ |
610 | 0 | case BIO_CTRL_DGRAM_MTU_DISCOVER: |
611 | 0 | # if defined(OPENSSL_SYS_LINUX) && defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DO) |
612 | 0 | addr_len = (socklen_t) sizeof(addr); |
613 | 0 | BIO_ADDR_clear(&addr); |
614 | 0 | if (getsockname(b->num, &addr.sa, &addr_len) < 0) { |
615 | 0 | ret = 0; |
616 | 0 | break; |
617 | 0 | } |
618 | 0 | switch (addr.sa.sa_family) { |
619 | 0 | case AF_INET: |
620 | 0 | sockopt_val = IP_PMTUDISC_DO; |
621 | 0 | if ((ret = setsockopt(b->num, IPPROTO_IP, IP_MTU_DISCOVER, |
622 | 0 | &sockopt_val, sizeof(sockopt_val))) < 0) |
623 | 0 | ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), |
624 | 0 | "calling setsockopt()"); |
625 | 0 | break; |
626 | 0 | # if OPENSSL_USE_IPV6 && defined(IPV6_MTU_DISCOVER) && defined(IPV6_PMTUDISC_DO) |
627 | 0 | case AF_INET6: |
628 | 0 | sockopt_val = IPV6_PMTUDISC_DO; |
629 | 0 | if ((ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_MTU_DISCOVER, |
630 | 0 | &sockopt_val, sizeof(sockopt_val))) < 0) |
631 | 0 | ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), |
632 | 0 | "calling setsockopt()"); |
633 | 0 | break; |
634 | 0 | # endif |
635 | 0 | default: |
636 | 0 | ret = -1; |
637 | 0 | break; |
638 | 0 | } |
639 | | # else |
640 | | ret = -1; |
641 | | # endif |
642 | 0 | break; |
643 | 0 | case BIO_CTRL_DGRAM_QUERY_MTU: |
644 | 0 | # if defined(OPENSSL_SYS_LINUX) && defined(IP_MTU) |
645 | 0 | addr_len = (socklen_t) sizeof(addr); |
646 | 0 | BIO_ADDR_clear(&addr); |
647 | 0 | if (getsockname(b->num, &addr.sa, &addr_len) < 0) { |
648 | 0 | ret = 0; |
649 | 0 | break; |
650 | 0 | } |
651 | 0 | sockopt_len = sizeof(sockopt_val); |
652 | 0 | switch (addr.sa.sa_family) { |
653 | 0 | case AF_INET: |
654 | 0 | if ((ret = |
655 | 0 | getsockopt(b->num, IPPROTO_IP, IP_MTU, (void *)&sockopt_val, |
656 | 0 | &sockopt_len)) < 0 || sockopt_val < 0) { |
657 | 0 | ret = 0; |
658 | 0 | } else { |
659 | | /* |
660 | | * we assume that the transport protocol is UDP and no IP |
661 | | * options are used. |
662 | | */ |
663 | 0 | data->mtu = sockopt_val - 8 - 20; |
664 | 0 | ret = data->mtu; |
665 | 0 | } |
666 | 0 | break; |
667 | 0 | # if OPENSSL_USE_IPV6 && defined(IPV6_MTU) |
668 | 0 | case AF_INET6: |
669 | 0 | if ((ret = |
670 | 0 | getsockopt(b->num, IPPROTO_IPV6, IPV6_MTU, |
671 | 0 | (void *)&sockopt_val, &sockopt_len)) < 0 |
672 | 0 | || sockopt_val < 0) { |
673 | 0 | ret = 0; |
674 | 0 | } else { |
675 | | /* |
676 | | * we assume that the transport protocol is UDP and no IPV6 |
677 | | * options are used. |
678 | | */ |
679 | 0 | data->mtu = sockopt_val - 8 - 40; |
680 | 0 | ret = data->mtu; |
681 | 0 | } |
682 | 0 | break; |
683 | 0 | # endif |
684 | 0 | default: |
685 | 0 | ret = 0; |
686 | 0 | break; |
687 | 0 | } |
688 | | # else |
689 | | ret = 0; |
690 | | # endif |
691 | 0 | break; |
692 | 0 | case BIO_CTRL_DGRAM_GET_FALLBACK_MTU: |
693 | 0 | ret = -dgram_get_mtu_overhead(data); |
694 | 0 | switch (BIO_ADDR_family(&data->peer)) { |
695 | 0 | case AF_INET: |
696 | 0 | ret += 576; |
697 | 0 | break; |
698 | 0 | # if OPENSSL_USE_IPV6 |
699 | 0 | case AF_INET6: |
700 | 0 | { |
701 | 0 | # ifdef IN6_IS_ADDR_V4MAPPED |
702 | 0 | struct in6_addr tmp_addr; |
703 | 0 | if (BIO_ADDR_rawaddress(&data->peer, &tmp_addr, NULL) |
704 | 0 | && IN6_IS_ADDR_V4MAPPED(&tmp_addr)) |
705 | 0 | ret += 576; |
706 | 0 | else |
707 | 0 | # endif |
708 | 0 | ret += 1280; |
709 | 0 | } |
710 | 0 | break; |
711 | 0 | # endif |
712 | 0 | default: |
713 | 0 | ret += 576; |
714 | 0 | break; |
715 | 0 | } |
716 | 0 | break; |
717 | 0 | case BIO_CTRL_DGRAM_GET_MTU: |
718 | 0 | return data->mtu; |
719 | 0 | case BIO_CTRL_DGRAM_SET_MTU: |
720 | 0 | data->mtu = num; |
721 | 0 | ret = num; |
722 | 0 | break; |
723 | 0 | case BIO_CTRL_DGRAM_SET_CONNECTED: |
724 | 0 | if (ptr != NULL) { |
725 | 0 | data->connected = 1; |
726 | 0 | BIO_ADDR_make(&data->peer, BIO_ADDR_sockaddr((BIO_ADDR *)ptr)); |
727 | 0 | } else { |
728 | 0 | data->connected = 0; |
729 | 0 | BIO_ADDR_clear(&data->peer); |
730 | 0 | } |
731 | 0 | break; |
732 | 0 | case BIO_CTRL_DGRAM_GET_PEER: |
733 | 0 | ret = BIO_ADDR_sockaddr_size(&data->peer); |
734 | | /* FIXME: if num < ret, we will only return part of an address. |
735 | | That should bee an error, no? */ |
736 | 0 | if (num == 0 || num > ret) |
737 | 0 | num = ret; |
738 | 0 | memcpy(ptr, &data->peer, (ret = num)); |
739 | 0 | break; |
740 | 0 | case BIO_CTRL_DGRAM_SET_PEER: |
741 | 0 | BIO_ADDR_make(&data->peer, BIO_ADDR_sockaddr((BIO_ADDR *)ptr)); |
742 | 0 | break; |
743 | 0 | case BIO_CTRL_DGRAM_DETECT_PEER_ADDR: |
744 | 0 | { |
745 | 0 | BIO_ADDR xaddr, *p = &data->peer; |
746 | 0 | socklen_t xaddr_len = sizeof(xaddr.sa); |
747 | |
|
748 | 0 | if (BIO_ADDR_family(p) == AF_UNSPEC) { |
749 | 0 | if (getpeername(b->num, (void *)&xaddr.sa, &xaddr_len) == 0 |
750 | 0 | && BIO_ADDR_family(&xaddr) != AF_UNSPEC) { |
751 | 0 | p = &xaddr; |
752 | 0 | } else { |
753 | 0 | ret = 0; |
754 | 0 | break; |
755 | 0 | } |
756 | 0 | } |
757 | | |
758 | 0 | ret = BIO_ADDR_sockaddr_size(p); |
759 | 0 | if (num == 0 || num > ret) |
760 | 0 | num = ret; |
761 | |
|
762 | 0 | memcpy(ptr, p, (ret = num)); |
763 | 0 | } |
764 | 0 | break; |
765 | 0 | case BIO_C_SET_NBIO: |
766 | 0 | if (!BIO_socket_nbio(b->num, num != 0)) |
767 | 0 | ret = 0; |
768 | 0 | break; |
769 | 0 | case BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT: |
770 | 0 | data->next_timeout = ossl_time_from_timeval(*(struct timeval *)ptr); |
771 | 0 | break; |
772 | 0 | # if defined(SO_RCVTIMEO) |
773 | 0 | case BIO_CTRL_DGRAM_SET_RECV_TIMEOUT: |
774 | | # ifdef OPENSSL_SYS_WINDOWS |
775 | | { |
776 | | struct timeval *tv = (struct timeval *)ptr; |
777 | | int timeout = tv->tv_sec * 1000 + tv->tv_usec / 1000; |
778 | | |
779 | | if ((ret = setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, |
780 | | (void *)&timeout, sizeof(timeout))) < 0) |
781 | | ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), |
782 | | "calling setsockopt()"); |
783 | | } |
784 | | # else |
785 | 0 | if ((ret = setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, ptr, |
786 | 0 | sizeof(struct timeval))) < 0) |
787 | 0 | ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), |
788 | 0 | "calling setsockopt()"); |
789 | 0 | # endif |
790 | 0 | break; |
791 | 0 | case BIO_CTRL_DGRAM_GET_RECV_TIMEOUT: |
792 | 0 | { |
793 | | # ifdef OPENSSL_SYS_WINDOWS |
794 | | int sz = 0; |
795 | | int timeout; |
796 | | struct timeval *tv = (struct timeval *)ptr; |
797 | | |
798 | | sz = sizeof(timeout); |
799 | | if ((ret = getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, |
800 | | (void *)&timeout, &sz)) < 0) { |
801 | | ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), |
802 | | "calling getsockopt()"); |
803 | | } else { |
804 | | tv->tv_sec = timeout / 1000; |
805 | | tv->tv_usec = (timeout % 1000) * 1000; |
806 | | ret = sizeof(*tv); |
807 | | } |
808 | | # else |
809 | 0 | socklen_t sz = sizeof(struct timeval); |
810 | 0 | if ((ret = getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, |
811 | 0 | ptr, &sz)) < 0) { |
812 | 0 | ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), |
813 | 0 | "calling getsockopt()"); |
814 | 0 | } else { |
815 | 0 | OPENSSL_assert((size_t)sz <= sizeof(struct timeval)); |
816 | 0 | ret = (int)sz; |
817 | 0 | } |
818 | 0 | # endif |
819 | 0 | } |
820 | 0 | break; |
821 | 0 | # endif |
822 | 0 | # if defined(SO_SNDTIMEO) |
823 | 0 | case BIO_CTRL_DGRAM_SET_SEND_TIMEOUT: |
824 | | # ifdef OPENSSL_SYS_WINDOWS |
825 | | { |
826 | | struct timeval *tv = (struct timeval *)ptr; |
827 | | int timeout = tv->tv_sec * 1000 + tv->tv_usec / 1000; |
828 | | |
829 | | if ((ret = setsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, |
830 | | (void *)&timeout, sizeof(timeout))) < 0) |
831 | | ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), |
832 | | "calling setsockopt()"); |
833 | | } |
834 | | # else |
835 | 0 | if ((ret = setsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, ptr, |
836 | 0 | sizeof(struct timeval))) < 0) |
837 | 0 | ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), |
838 | 0 | "calling setsockopt()"); |
839 | 0 | # endif |
840 | 0 | break; |
841 | 0 | case BIO_CTRL_DGRAM_GET_SEND_TIMEOUT: |
842 | 0 | { |
843 | | # ifdef OPENSSL_SYS_WINDOWS |
844 | | int sz = 0; |
845 | | int timeout; |
846 | | struct timeval *tv = (struct timeval *)ptr; |
847 | | |
848 | | sz = sizeof(timeout); |
849 | | if ((ret = getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, |
850 | | (void *)&timeout, &sz)) < 0) { |
851 | | ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), |
852 | | "calling getsockopt()"); |
853 | | } else { |
854 | | tv->tv_sec = timeout / 1000; |
855 | | tv->tv_usec = (timeout % 1000) * 1000; |
856 | | ret = sizeof(*tv); |
857 | | } |
858 | | # else |
859 | 0 | socklen_t sz = sizeof(struct timeval); |
860 | |
|
861 | 0 | if ((ret = getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, |
862 | 0 | ptr, &sz)) < 0) { |
863 | 0 | ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), |
864 | 0 | "calling getsockopt()"); |
865 | 0 | } else { |
866 | 0 | OPENSSL_assert((size_t)sz <= sizeof(struct timeval)); |
867 | 0 | ret = (int)sz; |
868 | 0 | } |
869 | 0 | # endif |
870 | 0 | } |
871 | 0 | break; |
872 | 0 | # endif |
873 | 0 | case BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP: |
874 | | /* fall-through */ |
875 | 0 | case BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP: |
876 | | # ifdef OPENSSL_SYS_WINDOWS |
877 | | d_errno = (data->_errno == WSAETIMEDOUT); |
878 | | # else |
879 | 0 | d_errno = (data->_errno == EAGAIN); |
880 | 0 | # endif |
881 | 0 | if (d_errno) { |
882 | 0 | ret = 1; |
883 | 0 | data->_errno = 0; |
884 | 0 | } else |
885 | 0 | ret = 0; |
886 | 0 | break; |
887 | 0 | # ifdef EMSGSIZE |
888 | 0 | case BIO_CTRL_DGRAM_MTU_EXCEEDED: |
889 | 0 | if (data->_errno == EMSGSIZE) { |
890 | 0 | ret = 1; |
891 | 0 | data->_errno = 0; |
892 | 0 | } else |
893 | 0 | ret = 0; |
894 | 0 | break; |
895 | 0 | # endif |
896 | 0 | case BIO_CTRL_DGRAM_SET_DONT_FRAG: |
897 | 0 | switch (data->peer.sa.sa_family) { |
898 | 0 | case AF_INET: |
899 | | # if defined(IP_DONTFRAG) |
900 | | sockopt_val = num ? 1 : 0; |
901 | | if ((ret = setsockopt(b->num, IPPROTO_IP, IP_DONTFRAG, |
902 | | &sockopt_val, sizeof(sockopt_val))) < 0) |
903 | | ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), |
904 | | "calling setsockopt()"); |
905 | | # elif defined(OPENSSL_SYS_LINUX) && defined(IP_MTU_DISCOVER) && defined (IP_PMTUDISC_PROBE) |
906 | 0 | sockopt_val = num ? IP_PMTUDISC_PROBE : IP_PMTUDISC_DONT; |
907 | 0 | if ((ret = setsockopt(b->num, IPPROTO_IP, IP_MTU_DISCOVER, |
908 | 0 | &sockopt_val, sizeof(sockopt_val))) < 0) |
909 | 0 | ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), |
910 | 0 | "calling setsockopt()"); |
911 | | # elif defined(OPENSSL_SYS_WINDOWS) && defined(IP_DONTFRAGMENT) |
912 | | sockopt_val = num ? 1 : 0; |
913 | | if ((ret = setsockopt(b->num, IPPROTO_IP, IP_DONTFRAGMENT, |
914 | | (const char *)&sockopt_val, |
915 | | sizeof(sockopt_val))) < 0) |
916 | | ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), |
917 | | "calling setsockopt()"); |
918 | | # else |
919 | | ret = -1; |
920 | | # endif |
921 | 0 | break; |
922 | 0 | # if OPENSSL_USE_IPV6 |
923 | 0 | case AF_INET6: |
924 | 0 | # if defined(IPV6_DONTFRAG) |
925 | 0 | sockopt_val = num ? 1 : 0; |
926 | 0 | if ((ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_DONTFRAG, |
927 | 0 | (const void *)&sockopt_val, |
928 | 0 | sizeof(sockopt_val))) < 0) |
929 | 0 | ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), |
930 | 0 | "calling setsockopt()"); |
931 | |
|
932 | | # elif defined(OPENSSL_SYS_LINUX) && defined(IPV6_MTUDISCOVER) |
933 | | sockopt_val = num ? IP_PMTUDISC_PROBE : IP_PMTUDISC_DONT; |
934 | | if ((ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_MTU_DISCOVER, |
935 | | &sockopt_val, sizeof(sockopt_val))) < 0) |
936 | | ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), |
937 | | "calling setsockopt()"); |
938 | | # else |
939 | | ret = -1; |
940 | | # endif |
941 | 0 | break; |
942 | 0 | # endif |
943 | 0 | default: |
944 | 0 | ret = -1; |
945 | 0 | break; |
946 | 0 | } |
947 | 0 | break; |
948 | 0 | case BIO_CTRL_DGRAM_GET_MTU_OVERHEAD: |
949 | 0 | ret = dgram_get_mtu_overhead(data); |
950 | 0 | break; |
951 | | |
952 | | /* |
953 | | * BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE is used here for compatibility |
954 | | * reasons. When BIO_CTRL_DGRAM_SET_PEEK_MODE was first defined its value |
955 | | * was incorrectly clashing with BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE. The |
956 | | * value has been updated to a non-clashing value. However to preserve |
957 | | * binary compatibility we now respond to both the old value and the new one |
958 | | */ |
959 | 0 | case BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE: |
960 | 0 | case BIO_CTRL_DGRAM_SET_PEEK_MODE: |
961 | 0 | data->peekmode = (unsigned int)num; |
962 | 0 | break; |
963 | | |
964 | 0 | case BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP: |
965 | 0 | # if defined(SUPPORT_LOCAL_ADDR) |
966 | 0 | ret = 1; |
967 | | # else |
968 | | ret = 0; |
969 | | # endif |
970 | 0 | break; |
971 | | |
972 | 0 | case BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE: |
973 | 0 | # if defined(SUPPORT_LOCAL_ADDR) |
974 | 0 | num = num > 0; |
975 | 0 | if (num != data->local_addr_enabled) { |
976 | 0 | if (enable_local_addr(b, num) < 1) { |
977 | 0 | ret = 0; |
978 | 0 | break; |
979 | 0 | } |
980 | | |
981 | 0 | data->local_addr_enabled = (char)num; |
982 | 0 | } |
983 | | # else |
984 | | ret = 0; |
985 | | # endif |
986 | 0 | break; |
987 | | |
988 | 0 | case BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE: |
989 | 0 | *(int *)ptr = data->local_addr_enabled; |
990 | 0 | break; |
991 | | |
992 | 0 | case BIO_CTRL_DGRAM_GET_EFFECTIVE_CAPS: |
993 | 0 | ret = (long)(BIO_DGRAM_CAP_HANDLES_DST_ADDR |
994 | 0 | | BIO_DGRAM_CAP_HANDLES_SRC_ADDR |
995 | 0 | | BIO_DGRAM_CAP_PROVIDES_DST_ADDR |
996 | 0 | | BIO_DGRAM_CAP_PROVIDES_SRC_ADDR); |
997 | 0 | break; |
998 | | |
999 | 0 | case BIO_CTRL_GET_RPOLL_DESCRIPTOR: |
1000 | 0 | case BIO_CTRL_GET_WPOLL_DESCRIPTOR: |
1001 | 0 | { |
1002 | 0 | BIO_POLL_DESCRIPTOR *pd = ptr; |
1003 | |
|
1004 | 0 | pd->type = BIO_POLL_DESCRIPTOR_TYPE_SOCK_FD; |
1005 | 0 | pd->value.fd = b->num; |
1006 | 0 | } |
1007 | 0 | break; |
1008 | | |
1009 | 0 | default: |
1010 | 0 | ret = 0; |
1011 | 0 | break; |
1012 | 0 | } |
1013 | | /* Normalize if error */ |
1014 | 0 | if (ret < 0) |
1015 | 0 | ret = -1; |
1016 | 0 | return ret; |
1017 | 0 | } |
1018 | | |
1019 | | static int dgram_puts(BIO *bp, const char *str) |
1020 | 0 | { |
1021 | 0 | int n, ret; |
1022 | |
|
1023 | 0 | n = strlen(str); |
1024 | 0 | ret = dgram_write(bp, str, n); |
1025 | 0 | return ret; |
1026 | 0 | } |
1027 | | |
1028 | | # if M_METHOD == M_METHOD_WSARECVMSG |
1029 | | static void translate_msg_win(BIO *b, WSAMSG *mh, WSABUF *iov, |
1030 | | unsigned char *control, BIO_MSG *msg) |
1031 | | { |
1032 | | iov->len = msg->data_len; |
1033 | | iov->buf = msg->data; |
1034 | | |
1035 | | /* Windows requires namelen to be set exactly */ |
1036 | | mh->name = msg->peer != NULL ? &msg->peer->sa : NULL; |
1037 | | if (msg->peer != NULL && dgram_get_sock_family(b) == AF_INET) |
1038 | | mh->namelen = sizeof(struct sockaddr_in); |
1039 | | # if OPENSSL_USE_IPV6 |
1040 | | else if (msg->peer != NULL && dgram_get_sock_family(b) == AF_INET6) |
1041 | | mh->namelen = sizeof(struct sockaddr_in6); |
1042 | | # endif |
1043 | | else |
1044 | | mh->namelen = 0; |
1045 | | |
1046 | | /* |
1047 | | * When local address reception (IP_PKTINFO, etc.) is enabled, on Windows |
1048 | | * this causes WSARecvMsg to fail if the control buffer is too small to hold |
1049 | | * the structure, or if no control buffer is passed. So we need to give it |
1050 | | * the control buffer even if we aren't actually going to examine the |
1051 | | * result. |
1052 | | */ |
1053 | | mh->lpBuffers = iov; |
1054 | | mh->dwBufferCount = 1; |
1055 | | mh->Control.len = BIO_CMSG_ALLOC_LEN; |
1056 | | mh->Control.buf = control; |
1057 | | mh->dwFlags = 0; |
1058 | | } |
1059 | | # endif |
1060 | | |
1061 | | # if M_METHOD == M_METHOD_RECVMMSG || M_METHOD == M_METHOD_RECVMSG |
1062 | | /* Translates a BIO_MSG to a msghdr and iovec. */ |
1063 | | static void translate_msg(BIO *b, struct msghdr *mh, struct iovec *iov, |
1064 | | unsigned char *control, BIO_MSG *msg) |
1065 | 0 | { |
1066 | 0 | iov->iov_base = msg->data; |
1067 | 0 | iov->iov_len = msg->data_len; |
1068 | | |
1069 | | /* macOS requires msg_namelen be 0 if msg_name is NULL */ |
1070 | 0 | mh->msg_name = msg->peer != NULL ? &msg->peer->sa : NULL; |
1071 | 0 | if (msg->peer != NULL && dgram_get_sock_family(b) == AF_INET) |
1072 | 0 | mh->msg_namelen = sizeof(struct sockaddr_in); |
1073 | 0 | # if OPENSSL_USE_IPV6 |
1074 | 0 | else if (msg->peer != NULL && dgram_get_sock_family(b) == AF_INET6) |
1075 | 0 | mh->msg_namelen = sizeof(struct sockaddr_in6); |
1076 | 0 | # endif |
1077 | 0 | else |
1078 | 0 | mh->msg_namelen = 0; |
1079 | |
|
1080 | 0 | mh->msg_iov = iov; |
1081 | 0 | mh->msg_iovlen = 1; |
1082 | 0 | mh->msg_control = msg->local != NULL ? control : NULL; |
1083 | 0 | mh->msg_controllen = msg->local != NULL ? BIO_CMSG_ALLOC_LEN : 0; |
1084 | 0 | mh->msg_flags = 0; |
1085 | 0 | } |
1086 | | # endif |
1087 | | |
1088 | | # if M_METHOD == M_METHOD_RECVMMSG || M_METHOD == M_METHOD_RECVMSG || M_METHOD == M_METHOD_WSARECVMSG |
1089 | | /* Extracts destination address from the control buffer. */ |
1090 | 0 | static int extract_local(BIO *b, MSGHDR_TYPE *mh, BIO_ADDR *local) { |
1091 | 0 | # if defined(IP_PKTINFO) || defined(IP_RECVDSTADDR) || defined(IPV6_PKTINFO) |
1092 | 0 | CMSGHDR_TYPE *cmsg; |
1093 | 0 | int af = dgram_get_sock_family(b); |
1094 | |
|
1095 | 0 | for (cmsg = BIO_CMSG_FIRSTHDR(mh); cmsg != NULL; |
1096 | 0 | cmsg = BIO_CMSG_NXTHDR(mh, cmsg)) { |
1097 | 0 | if (af == AF_INET) { |
1098 | 0 | if (cmsg->cmsg_level != IPPROTO_IP) |
1099 | 0 | continue; |
1100 | | |
1101 | 0 | # if defined(IP_PKTINFO) |
1102 | 0 | if (cmsg->cmsg_type != IP_PKTINFO) |
1103 | 0 | continue; |
1104 | | |
1105 | 0 | local->s_in.sin_addr = |
1106 | 0 | ((struct in_pktinfo *)BIO_CMSG_DATA(cmsg))->ipi_addr; |
1107 | |
|
1108 | | # elif defined(IP_RECVDSTADDR) |
1109 | | if (cmsg->cmsg_type != IP_RECVDSTADDR) |
1110 | | continue; |
1111 | | |
1112 | | local->s_in.sin_addr = *(struct in_addr *)BIO_CMSG_DATA(cmsg); |
1113 | | # endif |
1114 | |
|
1115 | 0 | # if defined(IP_PKTINFO) || defined(IP_RECVDSTADDR) |
1116 | 0 | { |
1117 | 0 | bio_dgram_data *data = b->ptr; |
1118 | |
|
1119 | 0 | local->s_in.sin_family = AF_INET; |
1120 | 0 | local->s_in.sin_port = data->local_addr.s_in.sin_port; |
1121 | 0 | } |
1122 | 0 | return 1; |
1123 | 0 | # endif |
1124 | 0 | } |
1125 | 0 | # if OPENSSL_USE_IPV6 |
1126 | 0 | else if (af == AF_INET6) { |
1127 | 0 | if (cmsg->cmsg_level != IPPROTO_IPV6) |
1128 | 0 | continue; |
1129 | | |
1130 | 0 | # if defined(IPV6_RECVPKTINFO) |
1131 | 0 | if (cmsg->cmsg_type != IPV6_PKTINFO) |
1132 | 0 | continue; |
1133 | | |
1134 | 0 | { |
1135 | 0 | bio_dgram_data *data = b->ptr; |
1136 | |
|
1137 | 0 | local->s_in6.sin6_addr = |
1138 | 0 | ((struct in6_pktinfo *)BIO_CMSG_DATA(cmsg))->ipi6_addr; |
1139 | 0 | local->s_in6.sin6_family = AF_INET6; |
1140 | 0 | local->s_in6.sin6_port = data->local_addr.s_in6.sin6_port; |
1141 | 0 | local->s_in6.sin6_scope_id = |
1142 | 0 | data->local_addr.s_in6.sin6_scope_id; |
1143 | 0 | local->s_in6.sin6_flowinfo = 0; |
1144 | 0 | } |
1145 | 0 | return 1; |
1146 | 0 | # endif |
1147 | 0 | } |
1148 | 0 | # endif |
1149 | 0 | } |
1150 | 0 | # endif |
1151 | | |
1152 | 0 | return 0; |
1153 | 0 | } |
1154 | | |
1155 | 0 | static int pack_local(BIO *b, MSGHDR_TYPE *mh, const BIO_ADDR *local) { |
1156 | 0 | int af = dgram_get_sock_family(b); |
1157 | 0 | # if defined(IP_PKTINFO) || defined(IP_RECVDSTADDR) || defined(IPV6_PKTINFO) |
1158 | 0 | CMSGHDR_TYPE *cmsg; |
1159 | 0 | bio_dgram_data *data = b->ptr; |
1160 | 0 | # endif |
1161 | |
|
1162 | 0 | if (af == AF_INET) { |
1163 | 0 | # if defined(IP_PKTINFO) |
1164 | 0 | struct in_pktinfo *info; |
1165 | |
|
1166 | | # if defined(OPENSSL_SYS_WINDOWS) |
1167 | | cmsg = (CMSGHDR_TYPE *)mh->Control.buf; |
1168 | | # else |
1169 | 0 | cmsg = (CMSGHDR_TYPE *)mh->msg_control; |
1170 | 0 | # endif |
1171 | |
|
1172 | 0 | cmsg->cmsg_len = BIO_CMSG_LEN(sizeof(struct in_pktinfo)); |
1173 | 0 | cmsg->cmsg_level = IPPROTO_IP; |
1174 | 0 | cmsg->cmsg_type = IP_PKTINFO; |
1175 | |
|
1176 | 0 | info = (struct in_pktinfo *)BIO_CMSG_DATA(cmsg); |
1177 | 0 | # if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_CYGWIN) |
1178 | 0 | info->ipi_spec_dst = local->s_in.sin_addr; |
1179 | 0 | # endif |
1180 | 0 | info->ipi_addr.s_addr = 0; |
1181 | 0 | info->ipi_ifindex = 0; |
1182 | | |
1183 | | /* |
1184 | | * We cannot override source port using this API, therefore |
1185 | | * ensure the application specified a source port of 0 |
1186 | | * or the one we are bound to. (Better to error than silently |
1187 | | * ignore this.) |
1188 | | */ |
1189 | 0 | if (local->s_in.sin_port != 0 |
1190 | 0 | && data->local_addr.s_in.sin_port != local->s_in.sin_port) { |
1191 | 0 | ERR_raise(ERR_LIB_BIO, BIO_R_PORT_MISMATCH); |
1192 | 0 | return 0; |
1193 | 0 | } |
1194 | | |
1195 | | # if defined(OPENSSL_SYS_WINDOWS) |
1196 | | mh->Control.len = BIO_CMSG_SPACE(sizeof(struct in_pktinfo)); |
1197 | | # else |
1198 | 0 | mh->msg_controllen = BIO_CMSG_SPACE(sizeof(struct in_pktinfo)); |
1199 | 0 | # endif |
1200 | 0 | return 1; |
1201 | |
|
1202 | | # elif defined(IP_SENDSRCADDR) |
1203 | | struct in_addr *info; |
1204 | | |
1205 | | /* |
1206 | | * At least FreeBSD is very pedantic about using IP_SENDSRCADDR when we |
1207 | | * are not bound to 0.0.0.0 or ::, even if the address matches what we |
1208 | | * bound to. Support this by not packing the structure if the address |
1209 | | * matches our understanding of our local address. IP_SENDSRCADDR is a |
1210 | | * BSD thing, so we don't need an explicit test for BSD here. |
1211 | | */ |
1212 | | if (local->s_in.sin_addr.s_addr == data->local_addr.s_in.sin_addr.s_addr) { |
1213 | | mh->msg_control = NULL; |
1214 | | mh->msg_controllen = 0; |
1215 | | return 1; |
1216 | | } |
1217 | | |
1218 | | cmsg = (struct cmsghdr *)mh->msg_control; |
1219 | | cmsg->cmsg_len = BIO_CMSG_LEN(sizeof(struct in_addr)); |
1220 | | cmsg->cmsg_level = IPPROTO_IP; |
1221 | | cmsg->cmsg_type = IP_SENDSRCADDR; |
1222 | | |
1223 | | info = (struct in_addr *)BIO_CMSG_DATA(cmsg); |
1224 | | *info = local->s_in.sin_addr; |
1225 | | |
1226 | | /* See comment above. */ |
1227 | | if (local->s_in.sin_port != 0 |
1228 | | && data->local_addr.s_in.sin_port != local->s_in.sin_port) { |
1229 | | ERR_raise(ERR_LIB_BIO, BIO_R_PORT_MISMATCH); |
1230 | | return 0; |
1231 | | } |
1232 | | |
1233 | | mh->msg_controllen = BIO_CMSG_SPACE(sizeof(struct in_addr)); |
1234 | | return 1; |
1235 | | # endif |
1236 | 0 | } |
1237 | 0 | # if OPENSSL_USE_IPV6 |
1238 | 0 | else if (af == AF_INET6) { |
1239 | 0 | # if defined(IPV6_PKTINFO) |
1240 | 0 | struct in6_pktinfo *info; |
1241 | |
|
1242 | | # if defined(OPENSSL_SYS_WINDOWS) |
1243 | | cmsg = (CMSGHDR_TYPE *)mh->Control.buf; |
1244 | | # else |
1245 | 0 | cmsg = (CMSGHDR_TYPE *)mh->msg_control; |
1246 | 0 | # endif |
1247 | 0 | cmsg->cmsg_len = BIO_CMSG_LEN(sizeof(struct in6_pktinfo)); |
1248 | 0 | cmsg->cmsg_level = IPPROTO_IPV6; |
1249 | 0 | cmsg->cmsg_type = IPV6_PKTINFO; |
1250 | |
|
1251 | 0 | info = (struct in6_pktinfo *)BIO_CMSG_DATA(cmsg); |
1252 | 0 | info->ipi6_addr = local->s_in6.sin6_addr; |
1253 | 0 | info->ipi6_ifindex = 0; |
1254 | | |
1255 | | /* |
1256 | | * See comment above, but also applies to the other fields |
1257 | | * in sockaddr_in6. |
1258 | | */ |
1259 | 0 | if (local->s_in6.sin6_port != 0 |
1260 | 0 | && data->local_addr.s_in6.sin6_port != local->s_in6.sin6_port) { |
1261 | 0 | ERR_raise(ERR_LIB_BIO, BIO_R_PORT_MISMATCH); |
1262 | 0 | return 0; |
1263 | 0 | } |
1264 | | |
1265 | 0 | if (local->s_in6.sin6_scope_id != 0 |
1266 | 0 | && data->local_addr.s_in6.sin6_scope_id != local->s_in6.sin6_scope_id) { |
1267 | 0 | ERR_raise(ERR_LIB_BIO, BIO_R_PORT_MISMATCH); |
1268 | 0 | return 0; |
1269 | 0 | } |
1270 | | |
1271 | | # if defined(OPENSSL_SYS_WINDOWS) |
1272 | | mh->Control.len = BIO_CMSG_SPACE(sizeof(struct in6_pktinfo)); |
1273 | | # else |
1274 | 0 | mh->msg_controllen = BIO_CMSG_SPACE(sizeof(struct in6_pktinfo)); |
1275 | 0 | # endif |
1276 | 0 | return 1; |
1277 | 0 | # endif |
1278 | 0 | } |
1279 | 0 | # endif |
1280 | | |
1281 | 0 | return 0; |
1282 | 0 | } |
1283 | | # endif |
1284 | | |
1285 | | /* |
1286 | | * Converts flags passed to BIO_sendmmsg or BIO_recvmmsg to syscall flags. You |
1287 | | * should mask out any system flags returned by this function you cannot support |
1288 | | * in a particular circumstance. Currently no flags are defined. |
1289 | | */ |
1290 | | # if M_METHOD != M_METHOD_NONE |
1291 | 0 | static int translate_flags(uint64_t flags) { |
1292 | 0 | return 0; |
1293 | 0 | } |
1294 | | # endif |
1295 | | |
1296 | | static int dgram_sendmmsg(BIO *b, BIO_MSG *msg, size_t stride, |
1297 | | size_t num_msg, uint64_t flags, size_t *num_processed) |
1298 | 0 | { |
1299 | 0 | # if M_METHOD != M_METHOD_NONE && M_METHOD != M_METHOD_RECVMSG |
1300 | 0 | int ret; |
1301 | 0 | # endif |
1302 | 0 | # if M_METHOD == M_METHOD_RECVMMSG |
1303 | 0 | # define BIO_MAX_MSGS_PER_CALL 64 |
1304 | 0 | int sysflags; |
1305 | 0 | bio_dgram_data *data = (bio_dgram_data *)b->ptr; |
1306 | 0 | size_t i; |
1307 | 0 | struct mmsghdr mh[BIO_MAX_MSGS_PER_CALL]; |
1308 | 0 | struct iovec iov[BIO_MAX_MSGS_PER_CALL]; |
1309 | 0 | unsigned char control[BIO_MAX_MSGS_PER_CALL][BIO_CMSG_ALLOC_LEN]; |
1310 | 0 | int have_local_enabled = data->local_addr_enabled; |
1311 | | # elif M_METHOD == M_METHOD_RECVMSG |
1312 | | int sysflags; |
1313 | | bio_dgram_data *data = (bio_dgram_data *)b->ptr; |
1314 | | ossl_ssize_t l; |
1315 | | struct msghdr mh; |
1316 | | struct iovec iov; |
1317 | | unsigned char control[BIO_CMSG_ALLOC_LEN]; |
1318 | | int have_local_enabled = data->local_addr_enabled; |
1319 | | # elif M_METHOD == M_METHOD_WSARECVMSG |
1320 | | bio_dgram_data *data = (bio_dgram_data *)b->ptr; |
1321 | | int have_local_enabled = data->local_addr_enabled; |
1322 | | WSAMSG wmsg; |
1323 | | WSABUF wbuf; |
1324 | | DWORD num_bytes_sent = 0; |
1325 | | unsigned char control[BIO_CMSG_ALLOC_LEN]; |
1326 | | # endif |
1327 | | # if M_METHOD == M_METHOD_RECVFROM || M_METHOD == M_METHOD_WSARECVMSG |
1328 | | int sysflags; |
1329 | | # endif |
1330 | |
|
1331 | 0 | if (num_msg == 0) { |
1332 | 0 | *num_processed = 0; |
1333 | 0 | return 1; |
1334 | 0 | } |
1335 | | |
1336 | 0 | if (num_msg > OSSL_SSIZE_MAX) |
1337 | 0 | num_msg = OSSL_SSIZE_MAX; |
1338 | |
|
1339 | 0 | # if M_METHOD != M_METHOD_NONE |
1340 | 0 | sysflags = translate_flags(flags); |
1341 | 0 | # endif |
1342 | |
|
1343 | 0 | # if M_METHOD == M_METHOD_RECVMMSG |
1344 | | /* |
1345 | | * In the sendmmsg/recvmmsg case, we need to allocate our translated struct |
1346 | | * msghdr and struct iovec on the stack to support multithreaded use. Thus |
1347 | | * we place a fixed limit on the number of messages per call, in the |
1348 | | * expectation that we will be called again if there were more messages to |
1349 | | * be sent. |
1350 | | */ |
1351 | 0 | if (num_msg > BIO_MAX_MSGS_PER_CALL) |
1352 | 0 | num_msg = BIO_MAX_MSGS_PER_CALL; |
1353 | |
|
1354 | 0 | for (i = 0; i < num_msg; ++i) { |
1355 | 0 | translate_msg(b, &mh[i].msg_hdr, &iov[i], |
1356 | 0 | control[i], &BIO_MSG_N(msg, stride, i)); |
1357 | | |
1358 | | /* If local address was requested, it must have been enabled */ |
1359 | 0 | if (BIO_MSG_N(msg, stride, i).local != NULL) { |
1360 | 0 | if (!have_local_enabled) { |
1361 | 0 | ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE); |
1362 | 0 | *num_processed = 0; |
1363 | 0 | return 0; |
1364 | 0 | } |
1365 | | |
1366 | 0 | if (pack_local(b, &mh[i].msg_hdr, |
1367 | 0 | BIO_MSG_N(msg, stride, i).local) < 1) { |
1368 | 0 | ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE); |
1369 | 0 | *num_processed = 0; |
1370 | 0 | return 0; |
1371 | 0 | } |
1372 | 0 | } |
1373 | 0 | } |
1374 | | |
1375 | | /* Do the batch */ |
1376 | 0 | ret = sendmmsg(b->num, mh, num_msg, sysflags); |
1377 | 0 | if (ret < 0) { |
1378 | 0 | ERR_raise(ERR_LIB_SYS, get_last_socket_error()); |
1379 | 0 | *num_processed = 0; |
1380 | 0 | return 0; |
1381 | 0 | } |
1382 | | |
1383 | 0 | for (i = 0; i < (size_t)ret; ++i) { |
1384 | 0 | BIO_MSG_N(msg, stride, i).data_len = mh[i].msg_len; |
1385 | 0 | BIO_MSG_N(msg, stride, i).flags = 0; |
1386 | 0 | } |
1387 | |
|
1388 | 0 | *num_processed = (size_t)ret; |
1389 | 0 | return 1; |
1390 | |
|
1391 | | # elif M_METHOD == M_METHOD_RECVMSG |
1392 | | /* |
1393 | | * If sendmsg is available, use it. |
1394 | | */ |
1395 | | translate_msg(b, &mh, &iov, control, msg); |
1396 | | |
1397 | | if (msg->local != NULL) { |
1398 | | if (!have_local_enabled) { |
1399 | | ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE); |
1400 | | *num_processed = 0; |
1401 | | return 0; |
1402 | | } |
1403 | | |
1404 | | if (pack_local(b, &mh, msg->local) < 1) { |
1405 | | ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE); |
1406 | | *num_processed = 0; |
1407 | | return 0; |
1408 | | } |
1409 | | } |
1410 | | |
1411 | | l = sendmsg(b->num, &mh, sysflags); |
1412 | | if (l < 0) { |
1413 | | ERR_raise(ERR_LIB_SYS, get_last_socket_error()); |
1414 | | *num_processed = 0; |
1415 | | return 0; |
1416 | | } |
1417 | | |
1418 | | msg->data_len = (size_t)l; |
1419 | | msg->flags = 0; |
1420 | | *num_processed = 1; |
1421 | | return 1; |
1422 | | |
1423 | | # elif M_METHOD == M_METHOD_WSARECVMSG || M_METHOD == M_METHOD_RECVFROM |
1424 | | # if M_METHOD == M_METHOD_WSARECVMSG |
1425 | | if (bio_WSASendMsg != NULL) { |
1426 | | /* WSASendMsg-based implementation for Windows. */ |
1427 | | translate_msg_win(b, &wmsg, &wbuf, control, msg); |
1428 | | |
1429 | | if (msg[0].local != NULL) { |
1430 | | if (!have_local_enabled) { |
1431 | | ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE); |
1432 | | *num_processed = 0; |
1433 | | return 0; |
1434 | | } |
1435 | | |
1436 | | if (pack_local(b, &wmsg, msg[0].local) < 1) { |
1437 | | ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE); |
1438 | | *num_processed = 0; |
1439 | | return 0; |
1440 | | } |
1441 | | } |
1442 | | |
1443 | | ret = WSASendMsg((SOCKET)b->num, &wmsg, 0, &num_bytes_sent, NULL, NULL); |
1444 | | if (ret < 0) { |
1445 | | ERR_raise(ERR_LIB_SYS, get_last_socket_error()); |
1446 | | *num_processed = 0; |
1447 | | return 0; |
1448 | | } |
1449 | | |
1450 | | msg[0].data_len = num_bytes_sent; |
1451 | | msg[0].flags = 0; |
1452 | | *num_processed = 1; |
1453 | | return 1; |
1454 | | } |
1455 | | # endif |
1456 | | |
1457 | | /* |
1458 | | * Fallback to sendto and send a single message. |
1459 | | */ |
1460 | | if (msg[0].local != NULL) { |
1461 | | /* |
1462 | | * We cannot set the local address if using sendto |
1463 | | * so fail in this case |
1464 | | */ |
1465 | | ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE); |
1466 | | *num_processed = 0; |
1467 | | return 0; |
1468 | | } |
1469 | | |
1470 | | ret = sendto(b->num, msg[0].data, |
1471 | | # if defined(OPENSSL_SYS_WINDOWS) |
1472 | | (int)msg[0].data_len, |
1473 | | # else |
1474 | | msg[0].data_len, |
1475 | | # endif |
1476 | | sysflags, |
1477 | | msg[0].peer != NULL ? BIO_ADDR_sockaddr(msg[0].peer) : NULL, |
1478 | | msg[0].peer != NULL ? BIO_ADDR_sockaddr_size(msg[0].peer) : 0); |
1479 | | if (ret <= 0) { |
1480 | | ERR_raise(ERR_LIB_SYS, get_last_socket_error()); |
1481 | | *num_processed = 0; |
1482 | | return 0; |
1483 | | } |
1484 | | |
1485 | | msg[0].data_len = ret; |
1486 | | msg[0].flags = 0; |
1487 | | *num_processed = 1; |
1488 | | return 1; |
1489 | | |
1490 | | # else |
1491 | | ERR_raise(ERR_LIB_BIO, BIO_R_UNSUPPORTED_METHOD); |
1492 | | *num_processed = 0; |
1493 | | return 0; |
1494 | | # endif |
1495 | 0 | } |
1496 | | |
1497 | | static int dgram_recvmmsg(BIO *b, BIO_MSG *msg, |
1498 | | size_t stride, size_t num_msg, |
1499 | | uint64_t flags, size_t *num_processed) |
1500 | 0 | { |
1501 | 0 | # if M_METHOD != M_METHOD_NONE && M_METHOD != M_METHOD_RECVMSG |
1502 | 0 | int ret; |
1503 | 0 | # endif |
1504 | 0 | # if M_METHOD == M_METHOD_RECVMMSG |
1505 | 0 | int sysflags; |
1506 | 0 | bio_dgram_data *data = (bio_dgram_data *)b->ptr; |
1507 | 0 | size_t i; |
1508 | 0 | struct mmsghdr mh[BIO_MAX_MSGS_PER_CALL]; |
1509 | 0 | struct iovec iov[BIO_MAX_MSGS_PER_CALL]; |
1510 | 0 | unsigned char control[BIO_MAX_MSGS_PER_CALL][BIO_CMSG_ALLOC_LEN]; |
1511 | 0 | int have_local_enabled = data->local_addr_enabled; |
1512 | | # elif M_METHOD == M_METHOD_RECVMSG |
1513 | | int sysflags; |
1514 | | bio_dgram_data *data = (bio_dgram_data *)b->ptr; |
1515 | | ossl_ssize_t l; |
1516 | | struct msghdr mh; |
1517 | | struct iovec iov; |
1518 | | unsigned char control[BIO_CMSG_ALLOC_LEN]; |
1519 | | int have_local_enabled = data->local_addr_enabled; |
1520 | | # elif M_METHOD == M_METHOD_WSARECVMSG |
1521 | | bio_dgram_data *data = (bio_dgram_data *)b->ptr; |
1522 | | int have_local_enabled = data->local_addr_enabled; |
1523 | | WSAMSG wmsg; |
1524 | | WSABUF wbuf; |
1525 | | DWORD num_bytes_received = 0; |
1526 | | unsigned char control[BIO_CMSG_ALLOC_LEN]; |
1527 | | # endif |
1528 | | # if M_METHOD == M_METHOD_RECVFROM || M_METHOD == M_METHOD_WSARECVMSG |
1529 | | int sysflags; |
1530 | | socklen_t slen; |
1531 | | # endif |
1532 | |
|
1533 | 0 | if (num_msg == 0) { |
1534 | 0 | *num_processed = 0; |
1535 | 0 | return 1; |
1536 | 0 | } |
1537 | | |
1538 | 0 | if (num_msg > OSSL_SSIZE_MAX) |
1539 | 0 | num_msg = OSSL_SSIZE_MAX; |
1540 | |
|
1541 | 0 | # if M_METHOD != M_METHOD_NONE |
1542 | 0 | sysflags = translate_flags(flags); |
1543 | 0 | # endif |
1544 | |
|
1545 | 0 | # if M_METHOD == M_METHOD_RECVMMSG |
1546 | | /* |
1547 | | * In the sendmmsg/recvmmsg case, we need to allocate our translated struct |
1548 | | * msghdr and struct iovec on the stack to support multithreaded use. Thus |
1549 | | * we place a fixed limit on the number of messages per call, in the |
1550 | | * expectation that we will be called again if there were more messages to |
1551 | | * be sent. |
1552 | | */ |
1553 | 0 | if (num_msg > BIO_MAX_MSGS_PER_CALL) |
1554 | 0 | num_msg = BIO_MAX_MSGS_PER_CALL; |
1555 | |
|
1556 | 0 | for (i = 0; i < num_msg; ++i) { |
1557 | 0 | translate_msg(b, &mh[i].msg_hdr, &iov[i], |
1558 | 0 | control[i], &BIO_MSG_N(msg, stride, i)); |
1559 | | |
1560 | | /* If local address was requested, it must have been enabled */ |
1561 | 0 | if (BIO_MSG_N(msg, stride, i).local != NULL && !have_local_enabled) { |
1562 | 0 | ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE); |
1563 | 0 | *num_processed = 0; |
1564 | 0 | return 0; |
1565 | 0 | } |
1566 | 0 | } |
1567 | | |
1568 | | /* Do the batch */ |
1569 | 0 | ret = recvmmsg(b->num, mh, num_msg, sysflags, NULL); |
1570 | 0 | if (ret < 0) { |
1571 | 0 | ERR_raise(ERR_LIB_SYS, get_last_socket_error()); |
1572 | 0 | *num_processed = 0; |
1573 | 0 | return 0; |
1574 | 0 | } |
1575 | | |
1576 | 0 | for (i = 0; i < (size_t)ret; ++i) { |
1577 | 0 | BIO_MSG_N(msg, stride, i).data_len = mh[i].msg_len; |
1578 | 0 | BIO_MSG_N(msg, stride, i).flags = 0; |
1579 | | /* |
1580 | | * *(msg->peer) will have been filled in by recvmmsg; |
1581 | | * for msg->local we parse the control data returned |
1582 | | */ |
1583 | 0 | if (BIO_MSG_N(msg, stride, i).local != NULL) |
1584 | 0 | if (extract_local(b, &mh[i].msg_hdr, |
1585 | 0 | BIO_MSG_N(msg, stride, i).local) < 1) |
1586 | | /* |
1587 | | * It appears BSDs do not support local addresses for |
1588 | | * loopback sockets. In this case, just clear the local |
1589 | | * address, as for OS X and Windows in some circumstances |
1590 | | * (see below). |
1591 | | */ |
1592 | 0 | BIO_ADDR_clear(msg->local); |
1593 | 0 | } |
1594 | |
|
1595 | 0 | *num_processed = (size_t)ret; |
1596 | 0 | return 1; |
1597 | |
|
1598 | | # elif M_METHOD == M_METHOD_RECVMSG |
1599 | | /* |
1600 | | * If recvmsg is available, use it. |
1601 | | */ |
1602 | | translate_msg(b, &mh, &iov, control, msg); |
1603 | | |
1604 | | /* If local address was requested, it must have been enabled */ |
1605 | | if (msg->local != NULL && !have_local_enabled) { |
1606 | | /* |
1607 | | * If we have done at least one message, we must return the |
1608 | | * count; if we haven't done any, we can give an error code |
1609 | | */ |
1610 | | ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE); |
1611 | | *num_processed = 0; |
1612 | | return 0; |
1613 | | } |
1614 | | |
1615 | | l = recvmsg(b->num, &mh, sysflags); |
1616 | | if (l < 0) { |
1617 | | ERR_raise(ERR_LIB_SYS, get_last_socket_error()); |
1618 | | *num_processed = 0; |
1619 | | return 0; |
1620 | | } |
1621 | | |
1622 | | msg->data_len = (size_t)l; |
1623 | | msg->flags = 0; |
1624 | | |
1625 | | if (msg->local != NULL) |
1626 | | if (extract_local(b, &mh, msg->local) < 1) |
1627 | | /* |
1628 | | * OS X exhibits odd behaviour where it appears that if a packet is |
1629 | | * sent before the receiving interface enables IP_PKTINFO, it will |
1630 | | * sometimes not have any control data returned even if the |
1631 | | * receiving interface enables IP_PKTINFO before calling recvmsg(). |
1632 | | * This appears to occur non-deterministically. Presumably, OS X |
1633 | | * handles IP_PKTINFO at the time the packet is enqueued into a |
1634 | | * socket's receive queue, rather than at the time recvmsg() is |
1635 | | * called, unlike most other operating systems. Thus (if this |
1636 | | * hypothesis is correct) there is a race between where IP_PKTINFO |
1637 | | * is enabled by the process and when the kernel's network stack |
1638 | | * queues the incoming message. |
1639 | | * |
1640 | | * We cannot return the local address if we do not have it, but this |
1641 | | * is not a caller error either, so just return a zero address |
1642 | | * structure. This is similar to how we handle Windows loopback |
1643 | | * interfaces (see below). We enable this workaround for all |
1644 | | * platforms, not just Apple, as this kind of quirk in OS networking |
1645 | | * stacks seems to be common enough that failing hard if a local |
1646 | | * address is not provided appears to be too brittle. |
1647 | | */ |
1648 | | BIO_ADDR_clear(msg->local); |
1649 | | |
1650 | | *num_processed = 1; |
1651 | | return 1; |
1652 | | |
1653 | | # elif M_METHOD == M_METHOD_RECVFROM || M_METHOD == M_METHOD_WSARECVMSG |
1654 | | # if M_METHOD == M_METHOD_WSARECVMSG |
1655 | | if (bio_WSARecvMsg != NULL) { |
1656 | | /* WSARecvMsg-based implementation for Windows. */ |
1657 | | translate_msg_win(b, &wmsg, &wbuf, control, msg); |
1658 | | |
1659 | | /* If local address was requested, it must have been enabled */ |
1660 | | if (msg[0].local != NULL && !have_local_enabled) { |
1661 | | ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE); |
1662 | | *num_processed = 0; |
1663 | | return 0; |
1664 | | } |
1665 | | |
1666 | | ret = WSARecvMsg((SOCKET)b->num, &wmsg, &num_bytes_received, NULL, NULL); |
1667 | | if (ret < 0) { |
1668 | | ERR_raise(ERR_LIB_SYS, get_last_socket_error()); |
1669 | | *num_processed = 0; |
1670 | | return 0; |
1671 | | } |
1672 | | |
1673 | | msg[0].data_len = num_bytes_received; |
1674 | | msg[0].flags = 0; |
1675 | | if (msg[0].local != NULL) |
1676 | | if (extract_local(b, &wmsg, msg[0].local) < 1) |
1677 | | /* |
1678 | | * On Windows, loopback is not a "proper" interface and it works |
1679 | | * differently; packets are essentially short-circuited and |
1680 | | * don't go through all of the normal processing. A consequence |
1681 | | * of this is that packets sent from the local machine to the |
1682 | | * local machine _will not have IP_PKTINFO_ even if the |
1683 | | * IP_PKTINFO socket option is enabled. WSARecvMsg just sets |
1684 | | * Control.len to 0 on returning. |
1685 | | * |
1686 | | * This applies regardless of whether the loopback address, |
1687 | | * 127.0.0.1 is used, or a local interface address (e.g. |
1688 | | * 192.168.1.1); in both cases IP_PKTINFO will not be present. |
1689 | | * |
1690 | | * We report this condition by setting the local BIO_ADDR's |
1691 | | * family to 0. |
1692 | | */ |
1693 | | BIO_ADDR_clear(msg[0].local); |
1694 | | |
1695 | | *num_processed = 1; |
1696 | | return 1; |
1697 | | } |
1698 | | # endif |
1699 | | |
1700 | | /* |
1701 | | * Fallback to recvfrom and receive a single message. |
1702 | | */ |
1703 | | if (msg[0].local != NULL) { |
1704 | | /* |
1705 | | * We cannot determine the local address if using recvfrom |
1706 | | * so fail in this case |
1707 | | */ |
1708 | | ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE); |
1709 | | *num_processed = 0; |
1710 | | return 0; |
1711 | | } |
1712 | | |
1713 | | slen = sizeof(*msg[0].peer); |
1714 | | ret = recvfrom(b->num, msg[0].data, |
1715 | | # if defined(OPENSSL_SYS_WINDOWS) |
1716 | | (int)msg[0].data_len, |
1717 | | # else |
1718 | | msg[0].data_len, |
1719 | | # endif |
1720 | | sysflags, |
1721 | | msg[0].peer != NULL ? &msg[0].peer->sa : NULL, |
1722 | | msg[0].peer != NULL ? &slen : NULL); |
1723 | | if (ret <= 0) { |
1724 | | ERR_raise(ERR_LIB_SYS, get_last_socket_error()); |
1725 | | return 0; |
1726 | | } |
1727 | | |
1728 | | msg[0].data_len = ret; |
1729 | | msg[0].flags = 0; |
1730 | | *num_processed = 1; |
1731 | | return 1; |
1732 | | |
1733 | | # else |
1734 | | ERR_raise(ERR_LIB_BIO, BIO_R_UNSUPPORTED_METHOD); |
1735 | | *num_processed = 0; |
1736 | | return 0; |
1737 | | # endif |
1738 | 0 | } |
1739 | | |
1740 | | # ifndef OPENSSL_NO_SCTP |
1741 | | const BIO_METHOD *BIO_s_datagram_sctp(void) |
1742 | | { |
1743 | | return &methods_dgramp_sctp; |
1744 | | } |
1745 | | |
1746 | | BIO *BIO_new_dgram_sctp(int fd, int close_flag) |
1747 | | { |
1748 | | BIO *bio; |
1749 | | int ret, optval = 20000; |
1750 | | int auth_data = 0, auth_forward = 0; |
1751 | | unsigned char *p; |
1752 | | struct sctp_authchunk auth; |
1753 | | struct sctp_authchunks *authchunks; |
1754 | | socklen_t sockopt_len; |
1755 | | # ifdef SCTP_AUTHENTICATION_EVENT |
1756 | | # ifdef SCTP_EVENT |
1757 | | struct sctp_event event; |
1758 | | # else |
1759 | | struct sctp_event_subscribe event; |
1760 | | # endif |
1761 | | # endif |
1762 | | |
1763 | | bio = BIO_new(BIO_s_datagram_sctp()); |
1764 | | if (bio == NULL) |
1765 | | return NULL; |
1766 | | BIO_set_fd(bio, fd, close_flag); |
1767 | | |
1768 | | /* Activate SCTP-AUTH for DATA and FORWARD-TSN chunks */ |
1769 | | auth.sauth_chunk = OPENSSL_SCTP_DATA_CHUNK_TYPE; |
1770 | | ret = |
1771 | | setsockopt(fd, IPPROTO_SCTP, SCTP_AUTH_CHUNK, &auth, |
1772 | | sizeof(struct sctp_authchunk)); |
1773 | | if (ret < 0) { |
1774 | | BIO_vfree(bio); |
1775 | | ERR_raise_data(ERR_LIB_BIO, ERR_R_SYS_LIB, |
1776 | | "Ensure SCTP AUTH chunks are enabled in kernel"); |
1777 | | return NULL; |
1778 | | } |
1779 | | auth.sauth_chunk = OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE; |
1780 | | ret = |
1781 | | setsockopt(fd, IPPROTO_SCTP, SCTP_AUTH_CHUNK, &auth, |
1782 | | sizeof(struct sctp_authchunk)); |
1783 | | if (ret < 0) { |
1784 | | BIO_vfree(bio); |
1785 | | ERR_raise_data(ERR_LIB_BIO, ERR_R_SYS_LIB, |
1786 | | "Ensure SCTP AUTH chunks are enabled in kernel"); |
1787 | | return NULL; |
1788 | | } |
1789 | | |
1790 | | /* |
1791 | | * Test if activation was successful. When using accept(), SCTP-AUTH has |
1792 | | * to be activated for the listening socket already, otherwise the |
1793 | | * connected socket won't use it. Similarly with connect(): the socket |
1794 | | * prior to connection must be activated for SCTP-AUTH |
1795 | | */ |
1796 | | sockopt_len = (socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t)); |
1797 | | authchunks = OPENSSL_zalloc(sockopt_len); |
1798 | | if (authchunks == NULL) { |
1799 | | BIO_vfree(bio); |
1800 | | return NULL; |
1801 | | } |
1802 | | ret = getsockopt(fd, IPPROTO_SCTP, SCTP_LOCAL_AUTH_CHUNKS, authchunks, |
1803 | | &sockopt_len); |
1804 | | if (ret < 0) { |
1805 | | OPENSSL_free(authchunks); |
1806 | | BIO_vfree(bio); |
1807 | | return NULL; |
1808 | | } |
1809 | | |
1810 | | for (p = (unsigned char *)authchunks->gauth_chunks; |
1811 | | p < (unsigned char *)authchunks + sockopt_len; |
1812 | | p += sizeof(uint8_t)) { |
1813 | | if (*p == OPENSSL_SCTP_DATA_CHUNK_TYPE) |
1814 | | auth_data = 1; |
1815 | | if (*p == OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE) |
1816 | | auth_forward = 1; |
1817 | | } |
1818 | | |
1819 | | OPENSSL_free(authchunks); |
1820 | | |
1821 | | if (!auth_data || !auth_forward) { |
1822 | | BIO_vfree(bio); |
1823 | | ERR_raise_data(ERR_LIB_BIO, ERR_R_SYS_LIB, |
1824 | | "Ensure SCTP AUTH chunks are enabled on the " |
1825 | | "underlying socket"); |
1826 | | return NULL; |
1827 | | } |
1828 | | |
1829 | | # ifdef SCTP_AUTHENTICATION_EVENT |
1830 | | # ifdef SCTP_EVENT |
1831 | | memset(&event, 0, sizeof(event)); |
1832 | | event.se_assoc_id = 0; |
1833 | | event.se_type = SCTP_AUTHENTICATION_EVENT; |
1834 | | event.se_on = 1; |
1835 | | ret = |
1836 | | setsockopt(fd, IPPROTO_SCTP, SCTP_EVENT, &event, |
1837 | | sizeof(struct sctp_event)); |
1838 | | if (ret < 0) { |
1839 | | BIO_vfree(bio); |
1840 | | return NULL; |
1841 | | } |
1842 | | # else |
1843 | | sockopt_len = (socklen_t) sizeof(struct sctp_event_subscribe); |
1844 | | ret = getsockopt(fd, IPPROTO_SCTP, SCTP_EVENTS, &event, &sockopt_len); |
1845 | | if (ret < 0) { |
1846 | | BIO_vfree(bio); |
1847 | | return NULL; |
1848 | | } |
1849 | | |
1850 | | event.sctp_authentication_event = 1; |
1851 | | |
1852 | | ret = |
1853 | | setsockopt(fd, IPPROTO_SCTP, SCTP_EVENTS, &event, |
1854 | | sizeof(struct sctp_event_subscribe)); |
1855 | | if (ret < 0) { |
1856 | | BIO_vfree(bio); |
1857 | | return NULL; |
1858 | | } |
1859 | | # endif |
1860 | | # endif |
1861 | | |
1862 | | /* |
1863 | | * Disable partial delivery by setting the min size larger than the max |
1864 | | * record size of 2^14 + 2048 + 13 |
1865 | | */ |
1866 | | ret = |
1867 | | setsockopt(fd, IPPROTO_SCTP, SCTP_PARTIAL_DELIVERY_POINT, &optval, |
1868 | | sizeof(optval)); |
1869 | | if (ret < 0) { |
1870 | | BIO_vfree(bio); |
1871 | | return NULL; |
1872 | | } |
1873 | | |
1874 | | return bio; |
1875 | | } |
1876 | | |
1877 | | int BIO_dgram_is_sctp(BIO *bio) |
1878 | | { |
1879 | | return (BIO_method_type(bio) == BIO_TYPE_DGRAM_SCTP); |
1880 | | } |
1881 | | |
1882 | | static int dgram_sctp_new(BIO *bi) |
1883 | | { |
1884 | | bio_dgram_sctp_data *data = NULL; |
1885 | | |
1886 | | bi->init = 0; |
1887 | | bi->num = 0; |
1888 | | if ((data = OPENSSL_zalloc(sizeof(*data))) == NULL) |
1889 | | return 0; |
1890 | | # ifdef SCTP_PR_SCTP_NONE |
1891 | | data->prinfo.pr_policy = SCTP_PR_SCTP_NONE; |
1892 | | # endif |
1893 | | bi->ptr = data; |
1894 | | |
1895 | | bi->flags = 0; |
1896 | | return 1; |
1897 | | } |
1898 | | |
1899 | | static int dgram_sctp_free(BIO *a) |
1900 | | { |
1901 | | bio_dgram_sctp_data *data; |
1902 | | |
1903 | | if (a == NULL) |
1904 | | return 0; |
1905 | | if (!dgram_clear(a)) |
1906 | | return 0; |
1907 | | |
1908 | | data = (bio_dgram_sctp_data *) a->ptr; |
1909 | | if (data != NULL) |
1910 | | OPENSSL_free(data); |
1911 | | |
1912 | | return 1; |
1913 | | } |
1914 | | |
1915 | | # ifdef SCTP_AUTHENTICATION_EVENT |
1916 | | void dgram_sctp_handle_auth_free_key_event(BIO *b, |
1917 | | union sctp_notification *snp) |
1918 | | { |
1919 | | int ret; |
1920 | | struct sctp_authkey_event *authkeyevent = &snp->sn_auth_event; |
1921 | | |
1922 | | if (authkeyevent->auth_indication == SCTP_AUTH_FREE_KEY) { |
1923 | | struct sctp_authkeyid authkeyid; |
1924 | | |
1925 | | /* delete key */ |
1926 | | authkeyid.scact_keynumber = authkeyevent->auth_keynumber; |
1927 | | ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_DELETE_KEY, |
1928 | | &authkeyid, sizeof(struct sctp_authkeyid)); |
1929 | | } |
1930 | | } |
1931 | | # endif |
1932 | | |
1933 | | static int dgram_sctp_read(BIO *b, char *out, int outl) |
1934 | | { |
1935 | | int ret = 0, n = 0, i, optval; |
1936 | | socklen_t optlen; |
1937 | | bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr; |
1938 | | struct msghdr msg; |
1939 | | struct iovec iov; |
1940 | | struct cmsghdr *cmsg; |
1941 | | char cmsgbuf[512]; |
1942 | | |
1943 | | if (out != NULL) { |
1944 | | clear_socket_error(); |
1945 | | |
1946 | | do { |
1947 | | memset(&data->rcvinfo, 0, sizeof(data->rcvinfo)); |
1948 | | iov.iov_base = out; |
1949 | | iov.iov_len = outl; |
1950 | | msg.msg_name = NULL; |
1951 | | msg.msg_namelen = 0; |
1952 | | msg.msg_iov = &iov; |
1953 | | msg.msg_iovlen = 1; |
1954 | | msg.msg_control = cmsgbuf; |
1955 | | msg.msg_controllen = 512; |
1956 | | msg.msg_flags = 0; |
1957 | | n = recvmsg(b->num, &msg, 0); |
1958 | | |
1959 | | if (n <= 0) { |
1960 | | if (n < 0) |
1961 | | ret = n; |
1962 | | break; |
1963 | | } |
1964 | | |
1965 | | if (msg.msg_controllen > 0) { |
1966 | | for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; |
1967 | | cmsg = CMSG_NXTHDR(&msg, cmsg)) { |
1968 | | if (cmsg->cmsg_level != IPPROTO_SCTP) |
1969 | | continue; |
1970 | | # ifdef SCTP_RCVINFO |
1971 | | if (cmsg->cmsg_type == SCTP_RCVINFO) { |
1972 | | struct sctp_rcvinfo *rcvinfo; |
1973 | | |
1974 | | rcvinfo = (struct sctp_rcvinfo *)CMSG_DATA(cmsg); |
1975 | | data->rcvinfo.rcv_sid = rcvinfo->rcv_sid; |
1976 | | data->rcvinfo.rcv_ssn = rcvinfo->rcv_ssn; |
1977 | | data->rcvinfo.rcv_flags = rcvinfo->rcv_flags; |
1978 | | data->rcvinfo.rcv_ppid = rcvinfo->rcv_ppid; |
1979 | | data->rcvinfo.rcv_tsn = rcvinfo->rcv_tsn; |
1980 | | data->rcvinfo.rcv_cumtsn = rcvinfo->rcv_cumtsn; |
1981 | | data->rcvinfo.rcv_context = rcvinfo->rcv_context; |
1982 | | } |
1983 | | # endif |
1984 | | # ifdef SCTP_SNDRCV |
1985 | | if (cmsg->cmsg_type == SCTP_SNDRCV) { |
1986 | | struct sctp_sndrcvinfo *sndrcvinfo; |
1987 | | |
1988 | | sndrcvinfo = |
1989 | | (struct sctp_sndrcvinfo *)CMSG_DATA(cmsg); |
1990 | | data->rcvinfo.rcv_sid = sndrcvinfo->sinfo_stream; |
1991 | | data->rcvinfo.rcv_ssn = sndrcvinfo->sinfo_ssn; |
1992 | | data->rcvinfo.rcv_flags = sndrcvinfo->sinfo_flags; |
1993 | | data->rcvinfo.rcv_ppid = sndrcvinfo->sinfo_ppid; |
1994 | | data->rcvinfo.rcv_tsn = sndrcvinfo->sinfo_tsn; |
1995 | | data->rcvinfo.rcv_cumtsn = sndrcvinfo->sinfo_cumtsn; |
1996 | | data->rcvinfo.rcv_context = sndrcvinfo->sinfo_context; |
1997 | | } |
1998 | | # endif |
1999 | | } |
2000 | | } |
2001 | | |
2002 | | if (msg.msg_flags & MSG_NOTIFICATION) { |
2003 | | union sctp_notification snp; |
2004 | | |
2005 | | memcpy(&snp, out, sizeof(snp)); |
2006 | | if (snp.sn_header.sn_type == SCTP_SENDER_DRY_EVENT) { |
2007 | | # ifdef SCTP_EVENT |
2008 | | struct sctp_event event; |
2009 | | # else |
2010 | | struct sctp_event_subscribe event; |
2011 | | socklen_t eventsize; |
2012 | | # endif |
2013 | | |
2014 | | /* disable sender dry event */ |
2015 | | # ifdef SCTP_EVENT |
2016 | | memset(&event, 0, sizeof(event)); |
2017 | | event.se_assoc_id = 0; |
2018 | | event.se_type = SCTP_SENDER_DRY_EVENT; |
2019 | | event.se_on = 0; |
2020 | | i = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENT, &event, |
2021 | | sizeof(struct sctp_event)); |
2022 | | if (i < 0) { |
2023 | | ret = i; |
2024 | | break; |
2025 | | } |
2026 | | # else |
2027 | | eventsize = sizeof(struct sctp_event_subscribe); |
2028 | | i = getsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, |
2029 | | &eventsize); |
2030 | | if (i < 0) { |
2031 | | ret = i; |
2032 | | break; |
2033 | | } |
2034 | | |
2035 | | event.sctp_sender_dry_event = 0; |
2036 | | |
2037 | | i = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, |
2038 | | sizeof(struct sctp_event_subscribe)); |
2039 | | if (i < 0) { |
2040 | | ret = i; |
2041 | | break; |
2042 | | } |
2043 | | # endif |
2044 | | } |
2045 | | # ifdef SCTP_AUTHENTICATION_EVENT |
2046 | | if (snp.sn_header.sn_type == SCTP_AUTHENTICATION_EVENT) |
2047 | | dgram_sctp_handle_auth_free_key_event(b, &snp); |
2048 | | # endif |
2049 | | |
2050 | | if (data->handle_notifications != NULL) |
2051 | | data->handle_notifications(b, data->notification_context, |
2052 | | (void *)out); |
2053 | | |
2054 | | memset(&snp, 0, sizeof(snp)); |
2055 | | memset(out, 0, outl); |
2056 | | } else { |
2057 | | ret += n; |
2058 | | } |
2059 | | } |
2060 | | while ((msg.msg_flags & MSG_NOTIFICATION) && (msg.msg_flags & MSG_EOR) |
2061 | | && (ret < outl)); |
2062 | | |
2063 | | if (ret > 0 && !(msg.msg_flags & MSG_EOR)) { |
2064 | | /* Partial message read, this should never happen! */ |
2065 | | |
2066 | | /* |
2067 | | * The buffer was too small, this means the peer sent a message |
2068 | | * that was larger than allowed. |
2069 | | */ |
2070 | | if (ret == outl) |
2071 | | return -1; |
2072 | | |
2073 | | /* |
2074 | | * Test if socket buffer can handle max record size (2^14 + 2048 |
2075 | | * + 13) |
2076 | | */ |
2077 | | optlen = (socklen_t) sizeof(int); |
2078 | | ret = getsockopt(b->num, SOL_SOCKET, SO_RCVBUF, &optval, &optlen); |
2079 | | if (ret >= 0) |
2080 | | OPENSSL_assert(optval >= 18445); |
2081 | | |
2082 | | /* |
2083 | | * Test if SCTP doesn't partially deliver below max record size |
2084 | | * (2^14 + 2048 + 13) |
2085 | | */ |
2086 | | optlen = (socklen_t) sizeof(int); |
2087 | | ret = |
2088 | | getsockopt(b->num, IPPROTO_SCTP, SCTP_PARTIAL_DELIVERY_POINT, |
2089 | | &optval, &optlen); |
2090 | | if (ret >= 0) |
2091 | | OPENSSL_assert(optval >= 18445); |
2092 | | |
2093 | | /* |
2094 | | * Partially delivered notification??? Probably a bug.... |
2095 | | */ |
2096 | | OPENSSL_assert(!(msg.msg_flags & MSG_NOTIFICATION)); |
2097 | | |
2098 | | /* |
2099 | | * Everything seems ok till now, so it's most likely a message |
2100 | | * dropped by PR-SCTP. |
2101 | | */ |
2102 | | memset(out, 0, outl); |
2103 | | BIO_set_retry_read(b); |
2104 | | return -1; |
2105 | | } |
2106 | | |
2107 | | BIO_clear_retry_flags(b); |
2108 | | if (ret < 0) { |
2109 | | if (BIO_dgram_should_retry(ret)) { |
2110 | | BIO_set_retry_read(b); |
2111 | | data->dgram._errno = get_last_socket_error(); |
2112 | | } |
2113 | | } |
2114 | | |
2115 | | /* Test if peer uses SCTP-AUTH before continuing */ |
2116 | | if (!data->peer_auth_tested) { |
2117 | | int ii, auth_data = 0, auth_forward = 0; |
2118 | | unsigned char *p; |
2119 | | struct sctp_authchunks *authchunks; |
2120 | | |
2121 | | optlen = |
2122 | | (socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t)); |
2123 | | authchunks = OPENSSL_malloc(optlen); |
2124 | | if (authchunks == NULL) |
2125 | | return -1; |
2126 | | memset(authchunks, 0, optlen); |
2127 | | ii = getsockopt(b->num, IPPROTO_SCTP, SCTP_PEER_AUTH_CHUNKS, |
2128 | | authchunks, &optlen); |
2129 | | |
2130 | | if (ii >= 0) |
2131 | | for (p = (unsigned char *)authchunks->gauth_chunks; |
2132 | | p < (unsigned char *)authchunks + optlen; |
2133 | | p += sizeof(uint8_t)) { |
2134 | | if (*p == OPENSSL_SCTP_DATA_CHUNK_TYPE) |
2135 | | auth_data = 1; |
2136 | | if (*p == OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE) |
2137 | | auth_forward = 1; |
2138 | | } |
2139 | | |
2140 | | OPENSSL_free(authchunks); |
2141 | | |
2142 | | if (!auth_data || !auth_forward) { |
2143 | | ERR_raise(ERR_LIB_BIO, BIO_R_CONNECT_ERROR); |
2144 | | return -1; |
2145 | | } |
2146 | | |
2147 | | data->peer_auth_tested = 1; |
2148 | | } |
2149 | | } |
2150 | | return ret; |
2151 | | } |
2152 | | |
2153 | | /* |
2154 | | * dgram_sctp_write - send message on SCTP socket |
2155 | | * @b: BIO to write to |
2156 | | * @in: data to send |
2157 | | * @inl: amount of bytes in @in to send |
2158 | | * |
2159 | | * Returns -1 on error or the sent amount of bytes on success |
2160 | | */ |
2161 | | static int dgram_sctp_write(BIO *b, const char *in, int inl) |
2162 | | { |
2163 | | int ret; |
2164 | | bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr; |
2165 | | struct bio_dgram_sctp_sndinfo *sinfo = &(data->sndinfo); |
2166 | | struct bio_dgram_sctp_prinfo *pinfo = &(data->prinfo); |
2167 | | struct bio_dgram_sctp_sndinfo handshake_sinfo; |
2168 | | struct iovec iov[1]; |
2169 | | struct msghdr msg; |
2170 | | struct cmsghdr *cmsg; |
2171 | | # if defined(SCTP_SNDINFO) && defined(SCTP_PRINFO) |
2172 | | char cmsgbuf[CMSG_SPACE(sizeof(struct sctp_sndinfo)) + |
2173 | | CMSG_SPACE(sizeof(struct sctp_prinfo))]; |
2174 | | struct sctp_sndinfo *sndinfo; |
2175 | | struct sctp_prinfo *prinfo; |
2176 | | # else |
2177 | | char cmsgbuf[CMSG_SPACE(sizeof(struct sctp_sndrcvinfo))]; |
2178 | | struct sctp_sndrcvinfo *sndrcvinfo; |
2179 | | # endif |
2180 | | |
2181 | | clear_socket_error(); |
2182 | | |
2183 | | /* |
2184 | | * If we're send anything else than application data, disable all user |
2185 | | * parameters and flags. |
2186 | | */ |
2187 | | if (in[0] != 23) { |
2188 | | memset(&handshake_sinfo, 0, sizeof(handshake_sinfo)); |
2189 | | # ifdef SCTP_SACK_IMMEDIATELY |
2190 | | handshake_sinfo.snd_flags = SCTP_SACK_IMMEDIATELY; |
2191 | | # endif |
2192 | | sinfo = &handshake_sinfo; |
2193 | | } |
2194 | | |
2195 | | /* We can only send a shutdown alert if the socket is dry */ |
2196 | | if (data->save_shutdown) { |
2197 | | ret = BIO_dgram_sctp_wait_for_dry(b); |
2198 | | if (ret < 0) |
2199 | | return -1; |
2200 | | if (ret == 0) { |
2201 | | BIO_clear_retry_flags(b); |
2202 | | BIO_set_retry_write(b); |
2203 | | return -1; |
2204 | | } |
2205 | | } |
2206 | | |
2207 | | iov[0].iov_base = (char *)in; |
2208 | | iov[0].iov_len = inl; |
2209 | | msg.msg_name = NULL; |
2210 | | msg.msg_namelen = 0; |
2211 | | msg.msg_iov = iov; |
2212 | | msg.msg_iovlen = 1; |
2213 | | msg.msg_control = (caddr_t) cmsgbuf; |
2214 | | msg.msg_controllen = 0; |
2215 | | msg.msg_flags = 0; |
2216 | | # if defined(SCTP_SNDINFO) && defined(SCTP_PRINFO) |
2217 | | cmsg = (struct cmsghdr *)cmsgbuf; |
2218 | | cmsg->cmsg_level = IPPROTO_SCTP; |
2219 | | cmsg->cmsg_type = SCTP_SNDINFO; |
2220 | | cmsg->cmsg_len = CMSG_LEN(sizeof(struct sctp_sndinfo)); |
2221 | | sndinfo = (struct sctp_sndinfo *)CMSG_DATA(cmsg); |
2222 | | memset(sndinfo, 0, sizeof(*sndinfo)); |
2223 | | sndinfo->snd_sid = sinfo->snd_sid; |
2224 | | sndinfo->snd_flags = sinfo->snd_flags; |
2225 | | sndinfo->snd_ppid = sinfo->snd_ppid; |
2226 | | sndinfo->snd_context = sinfo->snd_context; |
2227 | | msg.msg_controllen += CMSG_SPACE(sizeof(struct sctp_sndinfo)); |
2228 | | |
2229 | | cmsg = |
2230 | | (struct cmsghdr *)&cmsgbuf[CMSG_SPACE(sizeof(struct sctp_sndinfo))]; |
2231 | | cmsg->cmsg_level = IPPROTO_SCTP; |
2232 | | cmsg->cmsg_type = SCTP_PRINFO; |
2233 | | cmsg->cmsg_len = CMSG_LEN(sizeof(struct sctp_prinfo)); |
2234 | | prinfo = (struct sctp_prinfo *)CMSG_DATA(cmsg); |
2235 | | memset(prinfo, 0, sizeof(*prinfo)); |
2236 | | prinfo->pr_policy = pinfo->pr_policy; |
2237 | | prinfo->pr_value = pinfo->pr_value; |
2238 | | msg.msg_controllen += CMSG_SPACE(sizeof(struct sctp_prinfo)); |
2239 | | # else |
2240 | | cmsg = (struct cmsghdr *)cmsgbuf; |
2241 | | cmsg->cmsg_level = IPPROTO_SCTP; |
2242 | | cmsg->cmsg_type = SCTP_SNDRCV; |
2243 | | cmsg->cmsg_len = CMSG_LEN(sizeof(struct sctp_sndrcvinfo)); |
2244 | | sndrcvinfo = (struct sctp_sndrcvinfo *)CMSG_DATA(cmsg); |
2245 | | memset(sndrcvinfo, 0, sizeof(*sndrcvinfo)); |
2246 | | sndrcvinfo->sinfo_stream = sinfo->snd_sid; |
2247 | | sndrcvinfo->sinfo_flags = sinfo->snd_flags; |
2248 | | # ifdef __FreeBSD__ |
2249 | | sndrcvinfo->sinfo_flags |= pinfo->pr_policy; |
2250 | | # endif |
2251 | | sndrcvinfo->sinfo_ppid = sinfo->snd_ppid; |
2252 | | sndrcvinfo->sinfo_context = sinfo->snd_context; |
2253 | | sndrcvinfo->sinfo_timetolive = pinfo->pr_value; |
2254 | | msg.msg_controllen += CMSG_SPACE(sizeof(struct sctp_sndrcvinfo)); |
2255 | | # endif |
2256 | | |
2257 | | ret = sendmsg(b->num, &msg, 0); |
2258 | | |
2259 | | BIO_clear_retry_flags(b); |
2260 | | if (ret <= 0) { |
2261 | | if (BIO_dgram_should_retry(ret)) { |
2262 | | BIO_set_retry_write(b); |
2263 | | data->dgram._errno = get_last_socket_error(); |
2264 | | } |
2265 | | } |
2266 | | return ret; |
2267 | | } |
2268 | | |
2269 | | static long dgram_sctp_ctrl(BIO *b, int cmd, long num, void *ptr) |
2270 | | { |
2271 | | long ret = 1; |
2272 | | bio_dgram_sctp_data *data = NULL; |
2273 | | socklen_t sockopt_len = 0; |
2274 | | struct sctp_authkeyid authkeyid; |
2275 | | struct sctp_authkey *authkey = NULL; |
2276 | | |
2277 | | data = (bio_dgram_sctp_data *) b->ptr; |
2278 | | |
2279 | | switch (cmd) { |
2280 | | case BIO_CTRL_DGRAM_QUERY_MTU: |
2281 | | /* |
2282 | | * Set to maximum (2^14) and ignore user input to enable transport |
2283 | | * protocol fragmentation. Returns always 2^14. |
2284 | | */ |
2285 | | data->dgram.mtu = 16384; |
2286 | | ret = data->dgram.mtu; |
2287 | | break; |
2288 | | case BIO_CTRL_DGRAM_SET_MTU: |
2289 | | /* |
2290 | | * Set to maximum (2^14) and ignore input to enable transport |
2291 | | * protocol fragmentation. Returns always 2^14. |
2292 | | */ |
2293 | | data->dgram.mtu = 16384; |
2294 | | ret = data->dgram.mtu; |
2295 | | break; |
2296 | | case BIO_CTRL_DGRAM_SET_CONNECTED: |
2297 | | case BIO_CTRL_DGRAM_CONNECT: |
2298 | | /* Returns always -1. */ |
2299 | | ret = -1; |
2300 | | break; |
2301 | | case BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT: |
2302 | | /* |
2303 | | * SCTP doesn't need the DTLS timer Returns always 1. |
2304 | | */ |
2305 | | break; |
2306 | | case BIO_CTRL_DGRAM_GET_MTU_OVERHEAD: |
2307 | | /* |
2308 | | * We allow transport protocol fragmentation so this is irrelevant |
2309 | | */ |
2310 | | ret = 0; |
2311 | | break; |
2312 | | case BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE: |
2313 | | if (num > 0) |
2314 | | data->in_handshake = 1; |
2315 | | else |
2316 | | data->in_handshake = 0; |
2317 | | |
2318 | | ret = |
2319 | | setsockopt(b->num, IPPROTO_SCTP, SCTP_NODELAY, |
2320 | | &data->in_handshake, sizeof(int)); |
2321 | | break; |
2322 | | case BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY: |
2323 | | /* |
2324 | | * New shared key for SCTP AUTH. Returns 0 on success, -1 otherwise. |
2325 | | */ |
2326 | | |
2327 | | /* Get active key */ |
2328 | | sockopt_len = sizeof(struct sctp_authkeyid); |
2329 | | ret = |
2330 | | getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, &authkeyid, |
2331 | | &sockopt_len); |
2332 | | if (ret < 0) |
2333 | | break; |
2334 | | |
2335 | | /* Add new key */ |
2336 | | sockopt_len = sizeof(struct sctp_authkey) + 64 * sizeof(uint8_t); |
2337 | | authkey = OPENSSL_malloc(sockopt_len); |
2338 | | if (authkey == NULL) { |
2339 | | ret = -1; |
2340 | | break; |
2341 | | } |
2342 | | memset(authkey, 0, sockopt_len); |
2343 | | authkey->sca_keynumber = authkeyid.scact_keynumber + 1; |
2344 | | # ifndef __FreeBSD__ |
2345 | | /* |
2346 | | * This field is missing in FreeBSD 8.2 and earlier, and FreeBSD 8.3 |
2347 | | * and higher work without it. |
2348 | | */ |
2349 | | authkey->sca_keylength = 64; |
2350 | | # endif |
2351 | | memcpy(&authkey->sca_key[0], ptr, 64 * sizeof(uint8_t)); |
2352 | | |
2353 | | ret = |
2354 | | setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_KEY, authkey, |
2355 | | sockopt_len); |
2356 | | OPENSSL_free(authkey); |
2357 | | authkey = NULL; |
2358 | | if (ret < 0) |
2359 | | break; |
2360 | | |
2361 | | /* Reset active key */ |
2362 | | ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, |
2363 | | &authkeyid, sizeof(struct sctp_authkeyid)); |
2364 | | if (ret < 0) |
2365 | | break; |
2366 | | |
2367 | | break; |
2368 | | case BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY: |
2369 | | /* Returns 0 on success, -1 otherwise. */ |
2370 | | |
2371 | | /* Get active key */ |
2372 | | sockopt_len = sizeof(struct sctp_authkeyid); |
2373 | | ret = |
2374 | | getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, &authkeyid, |
2375 | | &sockopt_len); |
2376 | | if (ret < 0) |
2377 | | break; |
2378 | | |
2379 | | /* Set active key */ |
2380 | | authkeyid.scact_keynumber = authkeyid.scact_keynumber + 1; |
2381 | | ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, |
2382 | | &authkeyid, sizeof(struct sctp_authkeyid)); |
2383 | | if (ret < 0) |
2384 | | break; |
2385 | | |
2386 | | /* |
2387 | | * CCS has been sent, so remember that and fall through to check if |
2388 | | * we need to deactivate an old key |
2389 | | */ |
2390 | | data->ccs_sent = 1; |
2391 | | /* fall-through */ |
2392 | | |
2393 | | case BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD: |
2394 | | /* Returns 0 on success, -1 otherwise. */ |
2395 | | |
2396 | | /* |
2397 | | * Has this command really been called or is this just a |
2398 | | * fall-through? |
2399 | | */ |
2400 | | if (cmd == BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD) |
2401 | | data->ccs_rcvd = 1; |
2402 | | |
2403 | | /* |
2404 | | * CSS has been both, received and sent, so deactivate an old key |
2405 | | */ |
2406 | | if (data->ccs_rcvd == 1 && data->ccs_sent == 1) { |
2407 | | /* Get active key */ |
2408 | | sockopt_len = sizeof(struct sctp_authkeyid); |
2409 | | ret = |
2410 | | getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, |
2411 | | &authkeyid, &sockopt_len); |
2412 | | if (ret < 0) |
2413 | | break; |
2414 | | |
2415 | | /* |
2416 | | * Deactivate key or delete second last key if |
2417 | | * SCTP_AUTHENTICATION_EVENT is not available. |
2418 | | */ |
2419 | | authkeyid.scact_keynumber = authkeyid.scact_keynumber - 1; |
2420 | | # ifdef SCTP_AUTH_DEACTIVATE_KEY |
2421 | | sockopt_len = sizeof(struct sctp_authkeyid); |
2422 | | ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_DEACTIVATE_KEY, |
2423 | | &authkeyid, sockopt_len); |
2424 | | if (ret < 0) |
2425 | | break; |
2426 | | # endif |
2427 | | # ifndef SCTP_AUTHENTICATION_EVENT |
2428 | | if (authkeyid.scact_keynumber > 0) { |
2429 | | authkeyid.scact_keynumber = authkeyid.scact_keynumber - 1; |
2430 | | ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_DELETE_KEY, |
2431 | | &authkeyid, sizeof(struct sctp_authkeyid)); |
2432 | | if (ret < 0) |
2433 | | break; |
2434 | | } |
2435 | | # endif |
2436 | | |
2437 | | data->ccs_rcvd = 0; |
2438 | | data->ccs_sent = 0; |
2439 | | } |
2440 | | break; |
2441 | | case BIO_CTRL_DGRAM_SCTP_GET_SNDINFO: |
2442 | | /* Returns the size of the copied struct. */ |
2443 | | if (num > (long)sizeof(struct bio_dgram_sctp_sndinfo)) |
2444 | | num = sizeof(struct bio_dgram_sctp_sndinfo); |
2445 | | |
2446 | | memcpy(ptr, &(data->sndinfo), num); |
2447 | | ret = num; |
2448 | | break; |
2449 | | case BIO_CTRL_DGRAM_SCTP_SET_SNDINFO: |
2450 | | /* Returns the size of the copied struct. */ |
2451 | | if (num > (long)sizeof(struct bio_dgram_sctp_sndinfo)) |
2452 | | num = sizeof(struct bio_dgram_sctp_sndinfo); |
2453 | | |
2454 | | memcpy(&(data->sndinfo), ptr, num); |
2455 | | break; |
2456 | | case BIO_CTRL_DGRAM_SCTP_GET_RCVINFO: |
2457 | | /* Returns the size of the copied struct. */ |
2458 | | if (num > (long)sizeof(struct bio_dgram_sctp_rcvinfo)) |
2459 | | num = sizeof(struct bio_dgram_sctp_rcvinfo); |
2460 | | |
2461 | | memcpy(ptr, &data->rcvinfo, num); |
2462 | | |
2463 | | ret = num; |
2464 | | break; |
2465 | | case BIO_CTRL_DGRAM_SCTP_SET_RCVINFO: |
2466 | | /* Returns the size of the copied struct. */ |
2467 | | if (num > (long)sizeof(struct bio_dgram_sctp_rcvinfo)) |
2468 | | num = sizeof(struct bio_dgram_sctp_rcvinfo); |
2469 | | |
2470 | | memcpy(&(data->rcvinfo), ptr, num); |
2471 | | break; |
2472 | | case BIO_CTRL_DGRAM_SCTP_GET_PRINFO: |
2473 | | /* Returns the size of the copied struct. */ |
2474 | | if (num > (long)sizeof(struct bio_dgram_sctp_prinfo)) |
2475 | | num = sizeof(struct bio_dgram_sctp_prinfo); |
2476 | | |
2477 | | memcpy(ptr, &(data->prinfo), num); |
2478 | | ret = num; |
2479 | | break; |
2480 | | case BIO_CTRL_DGRAM_SCTP_SET_PRINFO: |
2481 | | /* Returns the size of the copied struct. */ |
2482 | | if (num > (long)sizeof(struct bio_dgram_sctp_prinfo)) |
2483 | | num = sizeof(struct bio_dgram_sctp_prinfo); |
2484 | | |
2485 | | memcpy(&(data->prinfo), ptr, num); |
2486 | | break; |
2487 | | case BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN: |
2488 | | /* Returns always 1. */ |
2489 | | if (num > 0) |
2490 | | data->save_shutdown = 1; |
2491 | | else |
2492 | | data->save_shutdown = 0; |
2493 | | break; |
2494 | | case BIO_CTRL_DGRAM_SCTP_WAIT_FOR_DRY: |
2495 | | return dgram_sctp_wait_for_dry(b); |
2496 | | case BIO_CTRL_DGRAM_SCTP_MSG_WAITING: |
2497 | | return dgram_sctp_msg_waiting(b); |
2498 | | |
2499 | | default: |
2500 | | /* |
2501 | | * Pass to default ctrl function to process SCTP unspecific commands |
2502 | | */ |
2503 | | ret = dgram_ctrl(b, cmd, num, ptr); |
2504 | | break; |
2505 | | } |
2506 | | return ret; |
2507 | | } |
2508 | | |
2509 | | int BIO_dgram_sctp_notification_cb(BIO *b, |
2510 | | BIO_dgram_sctp_notification_handler_fn handle_notifications, |
2511 | | void *context) |
2512 | | { |
2513 | | bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr; |
2514 | | |
2515 | | if (handle_notifications != NULL) { |
2516 | | data->handle_notifications = handle_notifications; |
2517 | | data->notification_context = context; |
2518 | | } else |
2519 | | return -1; |
2520 | | |
2521 | | return 0; |
2522 | | } |
2523 | | |
2524 | | /* |
2525 | | * BIO_dgram_sctp_wait_for_dry - Wait for SCTP SENDER_DRY event |
2526 | | * @b: The BIO to check for the dry event |
2527 | | * |
2528 | | * Wait until the peer confirms all packets have been received, and so that |
2529 | | * our kernel doesn't have anything to send anymore. This is only received by |
2530 | | * the peer's kernel, not the application. |
2531 | | * |
2532 | | * Returns: |
2533 | | * -1 on error |
2534 | | * 0 when not dry yet |
2535 | | * 1 when dry |
2536 | | */ |
2537 | | int BIO_dgram_sctp_wait_for_dry(BIO *b) |
2538 | | { |
2539 | | return (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SCTP_WAIT_FOR_DRY, 0, NULL); |
2540 | | } |
2541 | | |
2542 | | static int dgram_sctp_wait_for_dry(BIO *b) |
2543 | | { |
2544 | | int is_dry = 0; |
2545 | | int sockflags = 0; |
2546 | | int n, ret; |
2547 | | union sctp_notification snp; |
2548 | | struct msghdr msg; |
2549 | | struct iovec iov; |
2550 | | # ifdef SCTP_EVENT |
2551 | | struct sctp_event event; |
2552 | | # else |
2553 | | struct sctp_event_subscribe event; |
2554 | | socklen_t eventsize; |
2555 | | # endif |
2556 | | bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr; |
2557 | | |
2558 | | /* set sender dry event */ |
2559 | | # ifdef SCTP_EVENT |
2560 | | memset(&event, 0, sizeof(event)); |
2561 | | event.se_assoc_id = 0; |
2562 | | event.se_type = SCTP_SENDER_DRY_EVENT; |
2563 | | event.se_on = 1; |
2564 | | ret = |
2565 | | setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENT, &event, |
2566 | | sizeof(struct sctp_event)); |
2567 | | # else |
2568 | | eventsize = sizeof(struct sctp_event_subscribe); |
2569 | | ret = getsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, &eventsize); |
2570 | | if (ret < 0) |
2571 | | return -1; |
2572 | | |
2573 | | event.sctp_sender_dry_event = 1; |
2574 | | |
2575 | | ret = |
2576 | | setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, |
2577 | | sizeof(struct sctp_event_subscribe)); |
2578 | | # endif |
2579 | | if (ret < 0) |
2580 | | return -1; |
2581 | | |
2582 | | /* peek for notification */ |
2583 | | memset(&snp, 0, sizeof(snp)); |
2584 | | iov.iov_base = (char *)&snp; |
2585 | | iov.iov_len = sizeof(union sctp_notification); |
2586 | | msg.msg_name = NULL; |
2587 | | msg.msg_namelen = 0; |
2588 | | msg.msg_iov = &iov; |
2589 | | msg.msg_iovlen = 1; |
2590 | | msg.msg_control = NULL; |
2591 | | msg.msg_controllen = 0; |
2592 | | msg.msg_flags = 0; |
2593 | | |
2594 | | n = recvmsg(b->num, &msg, MSG_PEEK); |
2595 | | if (n <= 0) { |
2596 | | if ((n < 0) && (get_last_socket_error() != EAGAIN) |
2597 | | && (get_last_socket_error() != EWOULDBLOCK)) |
2598 | | return -1; |
2599 | | else |
2600 | | return 0; |
2601 | | } |
2602 | | |
2603 | | /* if we find a notification, process it and try again if necessary */ |
2604 | | while (msg.msg_flags & MSG_NOTIFICATION) { |
2605 | | memset(&snp, 0, sizeof(snp)); |
2606 | | iov.iov_base = (char *)&snp; |
2607 | | iov.iov_len = sizeof(union sctp_notification); |
2608 | | msg.msg_name = NULL; |
2609 | | msg.msg_namelen = 0; |
2610 | | msg.msg_iov = &iov; |
2611 | | msg.msg_iovlen = 1; |
2612 | | msg.msg_control = NULL; |
2613 | | msg.msg_controllen = 0; |
2614 | | msg.msg_flags = 0; |
2615 | | |
2616 | | n = recvmsg(b->num, &msg, 0); |
2617 | | if (n <= 0) { |
2618 | | if ((n < 0) && (get_last_socket_error() != EAGAIN) |
2619 | | && (get_last_socket_error() != EWOULDBLOCK)) |
2620 | | return -1; |
2621 | | else |
2622 | | return is_dry; |
2623 | | } |
2624 | | |
2625 | | if (snp.sn_header.sn_type == SCTP_SENDER_DRY_EVENT) { |
2626 | | is_dry = 1; |
2627 | | |
2628 | | /* disable sender dry event */ |
2629 | | # ifdef SCTP_EVENT |
2630 | | memset(&event, 0, sizeof(event)); |
2631 | | event.se_assoc_id = 0; |
2632 | | event.se_type = SCTP_SENDER_DRY_EVENT; |
2633 | | event.se_on = 0; |
2634 | | ret = |
2635 | | setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENT, &event, |
2636 | | sizeof(struct sctp_event)); |
2637 | | # else |
2638 | | eventsize = (socklen_t) sizeof(struct sctp_event_subscribe); |
2639 | | ret = |
2640 | | getsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, |
2641 | | &eventsize); |
2642 | | if (ret < 0) |
2643 | | return -1; |
2644 | | |
2645 | | event.sctp_sender_dry_event = 0; |
2646 | | |
2647 | | ret = |
2648 | | setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, |
2649 | | sizeof(struct sctp_event_subscribe)); |
2650 | | # endif |
2651 | | if (ret < 0) |
2652 | | return -1; |
2653 | | } |
2654 | | # ifdef SCTP_AUTHENTICATION_EVENT |
2655 | | if (snp.sn_header.sn_type == SCTP_AUTHENTICATION_EVENT) |
2656 | | dgram_sctp_handle_auth_free_key_event(b, &snp); |
2657 | | # endif |
2658 | | |
2659 | | if (data->handle_notifications != NULL) |
2660 | | data->handle_notifications(b, data->notification_context, |
2661 | | (void *)&snp); |
2662 | | |
2663 | | /* found notification, peek again */ |
2664 | | memset(&snp, 0, sizeof(snp)); |
2665 | | iov.iov_base = (char *)&snp; |
2666 | | iov.iov_len = sizeof(union sctp_notification); |
2667 | | msg.msg_name = NULL; |
2668 | | msg.msg_namelen = 0; |
2669 | | msg.msg_iov = &iov; |
2670 | | msg.msg_iovlen = 1; |
2671 | | msg.msg_control = NULL; |
2672 | | msg.msg_controllen = 0; |
2673 | | msg.msg_flags = 0; |
2674 | | |
2675 | | /* if we have seen the dry already, don't wait */ |
2676 | | if (is_dry) { |
2677 | | sockflags = fcntl(b->num, F_GETFL, 0); |
2678 | | fcntl(b->num, F_SETFL, O_NONBLOCK); |
2679 | | } |
2680 | | |
2681 | | n = recvmsg(b->num, &msg, MSG_PEEK); |
2682 | | |
2683 | | if (is_dry) { |
2684 | | fcntl(b->num, F_SETFL, sockflags); |
2685 | | } |
2686 | | |
2687 | | if (n <= 0) { |
2688 | | if ((n < 0) && (get_last_socket_error() != EAGAIN) |
2689 | | && (get_last_socket_error() != EWOULDBLOCK)) |
2690 | | return -1; |
2691 | | else |
2692 | | return is_dry; |
2693 | | } |
2694 | | } |
2695 | | |
2696 | | /* read anything else */ |
2697 | | return is_dry; |
2698 | | } |
2699 | | |
2700 | | int BIO_dgram_sctp_msg_waiting(BIO *b) |
2701 | | { |
2702 | | return (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SCTP_MSG_WAITING, 0, NULL); |
2703 | | } |
2704 | | |
2705 | | static int dgram_sctp_msg_waiting(BIO *b) |
2706 | | { |
2707 | | int n, sockflags; |
2708 | | union sctp_notification snp; |
2709 | | struct msghdr msg; |
2710 | | struct iovec iov; |
2711 | | bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr; |
2712 | | |
2713 | | /* Check if there are any messages waiting to be read */ |
2714 | | do { |
2715 | | memset(&snp, 0, sizeof(snp)); |
2716 | | iov.iov_base = (char *)&snp; |
2717 | | iov.iov_len = sizeof(union sctp_notification); |
2718 | | msg.msg_name = NULL; |
2719 | | msg.msg_namelen = 0; |
2720 | | msg.msg_iov = &iov; |
2721 | | msg.msg_iovlen = 1; |
2722 | | msg.msg_control = NULL; |
2723 | | msg.msg_controllen = 0; |
2724 | | msg.msg_flags = 0; |
2725 | | |
2726 | | sockflags = fcntl(b->num, F_GETFL, 0); |
2727 | | fcntl(b->num, F_SETFL, O_NONBLOCK); |
2728 | | n = recvmsg(b->num, &msg, MSG_PEEK); |
2729 | | fcntl(b->num, F_SETFL, sockflags); |
2730 | | |
2731 | | /* if notification, process and try again */ |
2732 | | if (n > 0 && (msg.msg_flags & MSG_NOTIFICATION)) { |
2733 | | # ifdef SCTP_AUTHENTICATION_EVENT |
2734 | | if (snp.sn_header.sn_type == SCTP_AUTHENTICATION_EVENT) |
2735 | | dgram_sctp_handle_auth_free_key_event(b, &snp); |
2736 | | # endif |
2737 | | |
2738 | | memset(&snp, 0, sizeof(snp)); |
2739 | | iov.iov_base = (char *)&snp; |
2740 | | iov.iov_len = sizeof(union sctp_notification); |
2741 | | msg.msg_name = NULL; |
2742 | | msg.msg_namelen = 0; |
2743 | | msg.msg_iov = &iov; |
2744 | | msg.msg_iovlen = 1; |
2745 | | msg.msg_control = NULL; |
2746 | | msg.msg_controllen = 0; |
2747 | | msg.msg_flags = 0; |
2748 | | n = recvmsg(b->num, &msg, 0); |
2749 | | |
2750 | | if (data->handle_notifications != NULL) |
2751 | | data->handle_notifications(b, data->notification_context, |
2752 | | (void *)&snp); |
2753 | | } |
2754 | | |
2755 | | } while (n > 0 && (msg.msg_flags & MSG_NOTIFICATION)); |
2756 | | |
2757 | | /* Return 1 if there is a message to be read, return 0 otherwise. */ |
2758 | | if (n > 0) |
2759 | | return 1; |
2760 | | else |
2761 | | return 0; |
2762 | | } |
2763 | | |
2764 | | static int dgram_sctp_puts(BIO *bp, const char *str) |
2765 | | { |
2766 | | int n, ret; |
2767 | | |
2768 | | n = strlen(str); |
2769 | | ret = dgram_sctp_write(bp, str, n); |
2770 | | return ret; |
2771 | | } |
2772 | | # endif |
2773 | | |
2774 | | static int BIO_dgram_should_retry(int i) |
2775 | 0 | { |
2776 | 0 | int err; |
2777 | |
|
2778 | 0 | if ((i == 0) || (i == -1)) { |
2779 | 0 | err = get_last_socket_error(); |
2780 | |
|
2781 | | # if defined(OPENSSL_SYS_WINDOWS) |
2782 | | /* |
2783 | | * If the socket return value (i) is -1 and err is unexpectedly 0 at |
2784 | | * this point, the error code was overwritten by another system call |
2785 | | * before this error handling is called. |
2786 | | */ |
2787 | | # endif |
2788 | |
|
2789 | 0 | return BIO_dgram_non_fatal_error(err); |
2790 | 0 | } |
2791 | 0 | return 0; |
2792 | 0 | } |
2793 | | |
2794 | | int BIO_dgram_non_fatal_error(int err) |
2795 | 0 | { |
2796 | 0 | switch (err) { |
2797 | | # if defined(OPENSSL_SYS_WINDOWS) |
2798 | | # if defined(WSAEWOULDBLOCK) |
2799 | | case WSAEWOULDBLOCK: |
2800 | | # endif |
2801 | | # endif |
2802 | | |
2803 | 0 | # ifdef EWOULDBLOCK |
2804 | | # ifdef WSAEWOULDBLOCK |
2805 | | # if WSAEWOULDBLOCK != EWOULDBLOCK |
2806 | | case EWOULDBLOCK: |
2807 | | # endif |
2808 | | # else |
2809 | 0 | case EWOULDBLOCK: |
2810 | 0 | # endif |
2811 | 0 | # endif |
2812 | |
|
2813 | 0 | # ifdef EINTR |
2814 | 0 | case EINTR: |
2815 | 0 | # endif |
2816 | |
|
2817 | 0 | # ifdef EAGAIN |
2818 | | # if EWOULDBLOCK != EAGAIN |
2819 | | case EAGAIN: |
2820 | | # endif |
2821 | 0 | # endif |
2822 | |
|
2823 | 0 | # ifdef EPROTO |
2824 | 0 | case EPROTO: |
2825 | 0 | # endif |
2826 | |
|
2827 | 0 | # ifdef EINPROGRESS |
2828 | 0 | case EINPROGRESS: |
2829 | 0 | # endif |
2830 | |
|
2831 | 0 | # ifdef EALREADY |
2832 | 0 | case EALREADY: |
2833 | 0 | # endif |
2834 | |
|
2835 | 0 | return 1; |
2836 | 0 | default: |
2837 | 0 | break; |
2838 | 0 | } |
2839 | 0 | return 0; |
2840 | 0 | } |
2841 | | |
2842 | | #endif |