mirror of
https://github.com/openssl/openssl.git
synced 2024-12-27 06:21:43 +08:00
5d1bb4fc47
Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19082)
2782 lines
85 KiB
C
2782 lines
85 KiB
C
/*
|
|
* Copyright 2005-2021 The OpenSSL Project Authors. All Rights Reserved.
|
|
*
|
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
* this file except in compliance with the License. You can obtain a copy
|
|
* in the file LICENSE in the source distribution or at
|
|
* https://www.openssl.org/source/license.html
|
|
*/
|
|
|
|
#ifndef _GNU_SOURCE
|
|
# define _GNU_SOURCE
|
|
#endif
|
|
|
|
#include <stdio.h>
|
|
#include <errno.h>
|
|
|
|
#include "internal/time.h"
|
|
#include "bio_local.h"
|
|
#ifndef OPENSSL_NO_DGRAM
|
|
|
|
# ifndef OPENSSL_NO_SCTP
|
|
# include <netinet/sctp.h>
|
|
# include <fcntl.h>
|
|
# define OPENSSL_SCTP_DATA_CHUNK_TYPE 0x00
|
|
# define OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE 0xc0
|
|
# endif
|
|
|
|
# if defined(OPENSSL_SYS_LINUX) && !defined(IP_MTU)
|
|
# define IP_MTU 14 /* linux is lame */
|
|
# endif
|
|
|
|
# if OPENSSL_USE_IPV6 && !defined(IPPROTO_IPV6)
|
|
# define IPPROTO_IPV6 41 /* windows is lame */
|
|
# endif
|
|
|
|
# if defined(__FreeBSD__) && defined(IN6_IS_ADDR_V4MAPPED)
|
|
/* Standard definition causes type-punning problems. */
|
|
# undef IN6_IS_ADDR_V4MAPPED
|
|
# define s6_addr32 __u6_addr.__u6_addr32
|
|
# define IN6_IS_ADDR_V4MAPPED(a) \
|
|
(((a)->s6_addr32[0] == 0) && \
|
|
((a)->s6_addr32[1] == 0) && \
|
|
((a)->s6_addr32[2] == htonl(0x0000ffff)))
|
|
# endif
|
|
|
|
/* Determine what method to use for BIO_sendmmsg and BIO_recvmmsg. */
|
|
# define M_METHOD_NONE 0
|
|
# define M_METHOD_RECVMMSG 1
|
|
# define M_METHOD_RECVMSG 2
|
|
# define M_METHOD_RECVFROM 3
|
|
# define M_METHOD_WSARECVMSG 4
|
|
|
|
# if !defined(M_METHOD)
|
|
# if defined(OPENSSL_SYS_WINDOWS) && defined(BIO_HAVE_WSAMSG) && !defined(NO_WSARECVMSG)
|
|
# define M_METHOD M_METHOD_WSARECVMSG
|
|
# elif !defined(OPENSSL_SYS_WINDOWS) && defined(MSG_WAITFORONE) && !defined(NO_RECVMMSG)
|
|
# define M_METHOD M_METHOD_RECVMMSG
|
|
# elif !defined(OPENSSL_SYS_WINDOWS) && defined(CMSG_LEN) && !defined(NO_RECVMSG)
|
|
# define M_METHOD M_METHOD_RECVMSG
|
|
# elif !defined(NO_RECVFROM)
|
|
# define M_METHOD M_METHOD_RECVFROM
|
|
# else
|
|
# define M_METHOD M_METHOD_NONE
|
|
# endif
|
|
# endif
|
|
|
|
# if defined(OPENSSL_SYS_WINDOWS)
|
|
# define BIO_CMSG_SPACE(x) WSA_CMSG_SPACE(x)
|
|
# define BIO_CMSG_FIRSTHDR(x) WSA_CMSG_FIRSTHDR(x)
|
|
# define BIO_CMSG_NXTHDR(x, y) WSA_CMSG_NXTHDR(x, y)
|
|
# define BIO_CMSG_DATA(x) WSA_CMSG_DATA(x)
|
|
# define BIO_CMSG_LEN(x) WSA_CMSG_LEN(x)
|
|
# define MSGHDR_TYPE WSAMSG
|
|
# define CMSGHDR_TYPE WSACMSGHDR
|
|
# else
|
|
# define MSGHDR_TYPE struct msghdr
|
|
# define CMSGHDR_TYPE struct cmsghdr
|
|
# define BIO_CMSG_SPACE(x) CMSG_SPACE(x)
|
|
# define BIO_CMSG_FIRSTHDR(x) CMSG_FIRSTHDR(x)
|
|
# define BIO_CMSG_NXTHDR(x, y) CMSG_NXTHDR(x, y)
|
|
# define BIO_CMSG_DATA(x) CMSG_DATA(x)
|
|
# define BIO_CMSG_LEN(x) CMSG_LEN(x)
|
|
# endif
|
|
|
|
# if M_METHOD == M_METHOD_RECVMMSG \
|
|
|| M_METHOD == M_METHOD_RECVMSG \
|
|
|| M_METHOD == M_METHOD_WSARECVMSG
|
|
# if defined(__APPLE__)
|
|
/*
|
|
* CMSG_SPACE is not a constant expresson on OSX even though POSIX
|
|
* says it's supposed to be. This should be adequate.
|
|
*/
|
|
# define BIO_CMSG_ALLOC_LEN 64
|
|
# else
|
|
# if defined(IPV6_PKTINFO)
|
|
# define BIO_CMSG_ALLOC_LEN_1 BIO_CMSG_SPACE(sizeof(struct in6_pktinfo))
|
|
# else
|
|
# define BIO_CMSG_ALLOC_LEN_1 0
|
|
# endif
|
|
# if defined(IP_PKTINFO)
|
|
# define BIO_CMSG_ALLOC_LEN_2 BIO_CMSG_SPACE(sizeof(struct in_pktinfo))
|
|
# else
|
|
# define BIO_CMSG_ALLOC_LEN_2 0
|
|
# endif
|
|
# if defined(IP_RECVDSTADDR)
|
|
# define BIO_CMSG_ALLOC_LEN_3 BIO_CMSG_SPACE(sizeof(struct in_addr))
|
|
# else
|
|
# define BIO_CMSG_ALLOC_LEN_3 0
|
|
# endif
|
|
# define BIO_MAX(X,Y) ((X) > (Y) ? (X) : (Y))
|
|
# define BIO_CMSG_ALLOC_LEN \
|
|
BIO_MAX(BIO_CMSG_ALLOC_LEN_1, \
|
|
BIO_MAX(BIO_CMSG_ALLOC_LEN_2, BIO_CMSG_ALLOC_LEN_3))
|
|
# endif
|
|
# if (defined(IP_PKTINFO) || defined(IP_RECVDSTADDR)) && defined(IPV6_RECVPKTINFO)
|
|
# define SUPPORT_LOCAL_ADDR
|
|
# endif
|
|
# endif
|
|
|
|
# define BIO_MSG_N(array, stride, n) (*(BIO_MSG *)((char *)(array) + (n)*(stride)))
|
|
|
|
static int dgram_write(BIO *h, const char *buf, int num);
|
|
static int dgram_read(BIO *h, char *buf, int size);
|
|
static int dgram_puts(BIO *h, const char *str);
|
|
static long dgram_ctrl(BIO *h, int cmd, long arg1, void *arg2);
|
|
static int dgram_new(BIO *h);
|
|
static int dgram_free(BIO *data);
|
|
static int dgram_clear(BIO *bio);
|
|
static int dgram_sendmmsg(BIO *b, BIO_MSG *msg,
|
|
size_t stride, size_t num_msg,
|
|
uint64_t flags, size_t *num_processed);
|
|
static int dgram_recvmmsg(BIO *b, BIO_MSG *msg,
|
|
size_t stride, size_t num_msg,
|
|
uint64_t flags, size_t *num_processed);
|
|
|
|
# ifndef OPENSSL_NO_SCTP
|
|
static int dgram_sctp_write(BIO *h, const char *buf, int num);
|
|
static int dgram_sctp_read(BIO *h, char *buf, int size);
|
|
static int dgram_sctp_puts(BIO *h, const char *str);
|
|
static long dgram_sctp_ctrl(BIO *h, int cmd, long arg1, void *arg2);
|
|
static int dgram_sctp_new(BIO *h);
|
|
static int dgram_sctp_free(BIO *data);
|
|
static int dgram_sctp_wait_for_dry(BIO *b);
|
|
static int dgram_sctp_msg_waiting(BIO *b);
|
|
# ifdef SCTP_AUTHENTICATION_EVENT
|
|
static void dgram_sctp_handle_auth_free_key_event(BIO *b, union sctp_notification
|
|
*snp);
|
|
# endif
|
|
# endif
|
|
|
|
static int BIO_dgram_should_retry(int s);
|
|
|
|
static const BIO_METHOD methods_dgramp = {
|
|
BIO_TYPE_DGRAM,
|
|
"datagram socket",
|
|
bwrite_conv,
|
|
dgram_write,
|
|
bread_conv,
|
|
dgram_read,
|
|
dgram_puts,
|
|
NULL, /* dgram_gets, */
|
|
dgram_ctrl,
|
|
dgram_new,
|
|
dgram_free,
|
|
NULL, /* dgram_callback_ctrl */
|
|
dgram_sendmmsg,
|
|
dgram_recvmmsg,
|
|
};
|
|
|
|
# ifndef OPENSSL_NO_SCTP
|
|
static const BIO_METHOD methods_dgramp_sctp = {
|
|
BIO_TYPE_DGRAM_SCTP,
|
|
"datagram sctp socket",
|
|
bwrite_conv,
|
|
dgram_sctp_write,
|
|
bread_conv,
|
|
dgram_sctp_read,
|
|
dgram_sctp_puts,
|
|
NULL, /* dgram_gets, */
|
|
dgram_sctp_ctrl,
|
|
dgram_sctp_new,
|
|
dgram_sctp_free,
|
|
NULL, /* dgram_callback_ctrl */
|
|
NULL, /* sendmmsg */
|
|
NULL, /* recvmmsg */
|
|
};
|
|
# endif
|
|
|
|
typedef struct bio_dgram_data_st {
|
|
BIO_ADDR peer;
|
|
BIO_ADDR local_addr;
|
|
unsigned int connected;
|
|
unsigned int _errno;
|
|
unsigned int mtu;
|
|
OSSL_TIME next_timeout;
|
|
OSSL_TIME socket_timeout;
|
|
unsigned int peekmode;
|
|
char local_addr_enabled;
|
|
} bio_dgram_data;
|
|
|
|
# ifndef OPENSSL_NO_SCTP
|
|
typedef struct bio_dgram_sctp_save_message_st {
|
|
BIO *bio;
|
|
char *data;
|
|
int length;
|
|
} bio_dgram_sctp_save_message;
|
|
|
|
typedef struct bio_dgram_sctp_data_st {
|
|
BIO_ADDR peer;
|
|
unsigned int connected;
|
|
unsigned int _errno;
|
|
unsigned int mtu;
|
|
struct bio_dgram_sctp_sndinfo sndinfo;
|
|
struct bio_dgram_sctp_rcvinfo rcvinfo;
|
|
struct bio_dgram_sctp_prinfo prinfo;
|
|
BIO_dgram_sctp_notification_handler_fn handle_notifications;
|
|
void *notification_context;
|
|
int in_handshake;
|
|
int ccs_rcvd;
|
|
int ccs_sent;
|
|
int save_shutdown;
|
|
int peer_auth_tested;
|
|
} bio_dgram_sctp_data;
|
|
# endif
|
|
|
|
const BIO_METHOD *BIO_s_datagram(void)
|
|
{
|
|
return &methods_dgramp;
|
|
}
|
|
|
|
BIO *BIO_new_dgram(int fd, int close_flag)
|
|
{
|
|
BIO *ret;
|
|
|
|
ret = BIO_new(BIO_s_datagram());
|
|
if (ret == NULL)
|
|
return NULL;
|
|
BIO_set_fd(ret, fd, close_flag);
|
|
return ret;
|
|
}
|
|
|
|
static int dgram_new(BIO *bi)
|
|
{
|
|
bio_dgram_data *data = OPENSSL_zalloc(sizeof(*data));
|
|
|
|
if (data == NULL)
|
|
return 0;
|
|
bi->ptr = data;
|
|
return 1;
|
|
}
|
|
|
|
static int dgram_free(BIO *a)
|
|
{
|
|
bio_dgram_data *data;
|
|
|
|
if (a == NULL)
|
|
return 0;
|
|
if (!dgram_clear(a))
|
|
return 0;
|
|
|
|
data = (bio_dgram_data *)a->ptr;
|
|
OPENSSL_free(data);
|
|
|
|
return 1;
|
|
}
|
|
|
|
static int dgram_clear(BIO *a)
|
|
{
|
|
if (a == NULL)
|
|
return 0;
|
|
if (a->shutdown) {
|
|
if (a->init) {
|
|
BIO_closesocket(a->num);
|
|
}
|
|
a->init = 0;
|
|
a->flags = 0;
|
|
}
|
|
return 1;
|
|
}
|
|
|
|
static void dgram_adjust_rcv_timeout(BIO *b)
|
|
{
|
|
# if defined(SO_RCVTIMEO)
|
|
bio_dgram_data *data = (bio_dgram_data *)b->ptr;
|
|
OSSL_TIME timeleft;
|
|
|
|
/* Is a timer active? */
|
|
if (!ossl_time_is_zero(data->next_timeout)) {
|
|
/* Read current socket timeout */
|
|
# ifdef OPENSSL_SYS_WINDOWS
|
|
int timeout;
|
|
int sz = sizeof(timeout);
|
|
|
|
if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
|
|
(void *)&timeout, &sz) < 0)
|
|
ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
|
|
"calling getsockopt()");
|
|
else
|
|
data->socket_timeout = ossl_ms2time(timeout);
|
|
# else
|
|
struct timeval tv;
|
|
socklen_t sz = sizeof(tv);
|
|
|
|
if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, &tv, &sz) < 0)
|
|
ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
|
|
"calling getsockopt()");
|
|
else
|
|
data->socket_timeout = ossl_time_from_timeval(tv);
|
|
# endif
|
|
|
|
/* Calculate time left until timer expires */
|
|
timeleft = ossl_time_subtract(data->next_timeout, ossl_time_now());
|
|
if (ossl_time_compare(timeleft, ossl_ticks2time(OSSL_TIME_US)) < 0)
|
|
timeleft = ossl_ticks2time(OSSL_TIME_US);
|
|
|
|
/*
|
|
* Adjust socket timeout if next handshake message timer will expire
|
|
* earlier.
|
|
*/
|
|
if (ossl_time_is_zero(data->socket_timeout)
|
|
|| ossl_time_compare(data->socket_timeout, timeleft) >= 0) {
|
|
# ifdef OPENSSL_SYS_WINDOWS
|
|
timeout = (int)ossl_time2ms(timeleft);
|
|
if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
|
|
(void *)&timeout, sizeof(timeout)) < 0)
|
|
ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
|
|
"calling setsockopt()");
|
|
# else
|
|
tv = ossl_time_to_timeval(timeleft);
|
|
if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, &tv,
|
|
sizeof(tv)) < 0)
|
|
ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
|
|
"calling setsockopt()");
|
|
# endif
|
|
}
|
|
}
|
|
# endif
|
|
}
|
|
|
|
static void dgram_update_local_addr(BIO *b)
|
|
{
|
|
bio_dgram_data *data = (bio_dgram_data *)b->ptr;
|
|
socklen_t addr_len = sizeof(data->local_addr);
|
|
|
|
if (getsockname(b->num, &data->local_addr.sa, &addr_len) < 0)
|
|
/*
|
|
* This should not be possible, but zero-initialize and return
|
|
* anyway.
|
|
*/
|
|
BIO_ADDR_clear(&data->local_addr);
|
|
}
|
|
|
|
# if M_METHOD == M_METHOD_RECVMMSG || M_METHOD == M_METHOD_RECVMSG || M_METHOD == M_METHOD_WSARECVMSG
|
|
static int dgram_get_sock_family(BIO *b)
|
|
{
|
|
bio_dgram_data *data = (bio_dgram_data *)b->ptr;
|
|
return data->local_addr.sa.sa_family;
|
|
}
|
|
# endif
|
|
|
|
static void dgram_reset_rcv_timeout(BIO *b)
|
|
{
|
|
# if defined(SO_RCVTIMEO)
|
|
bio_dgram_data *data = (bio_dgram_data *)b->ptr;
|
|
|
|
/* Is a timer active? */
|
|
if (!ossl_time_is_zero(data->next_timeout)) {
|
|
# ifdef OPENSSL_SYS_WINDOWS
|
|
int timeout = (int)ossl_time2ms(data->socket_timeout);
|
|
|
|
if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
|
|
(void *)&timeout, sizeof(timeout)) < 0)
|
|
ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
|
|
"calling setsockopt()");
|
|
# else
|
|
struct timeval tv = ossl_time_to_timeval(data->socket_timeout);
|
|
|
|
if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, &tv, sizeof(tv)) < 0)
|
|
ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
|
|
"calling setsockopt()");
|
|
# endif
|
|
}
|
|
# endif
|
|
}
|
|
|
|
static int dgram_read(BIO *b, char *out, int outl)
|
|
{
|
|
int ret = 0;
|
|
bio_dgram_data *data = (bio_dgram_data *)b->ptr;
|
|
int flags = 0;
|
|
|
|
BIO_ADDR peer;
|
|
socklen_t len = sizeof(peer);
|
|
|
|
if (out != NULL) {
|
|
clear_socket_error();
|
|
BIO_ADDR_clear(&peer);
|
|
dgram_adjust_rcv_timeout(b);
|
|
if (data->peekmode)
|
|
flags = MSG_PEEK;
|
|
ret = recvfrom(b->num, out, outl, flags,
|
|
BIO_ADDR_sockaddr_noconst(&peer), &len);
|
|
|
|
if (!data->connected && ret >= 0)
|
|
BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, &peer);
|
|
|
|
BIO_clear_retry_flags(b);
|
|
if (ret < 0) {
|
|
if (BIO_dgram_should_retry(ret)) {
|
|
BIO_set_retry_read(b);
|
|
data->_errno = get_last_socket_error();
|
|
}
|
|
}
|
|
|
|
dgram_reset_rcv_timeout(b);
|
|
}
|
|
return ret;
|
|
}
|
|
|
|
static int dgram_write(BIO *b, const char *in, int inl)
|
|
{
|
|
int ret;
|
|
bio_dgram_data *data = (bio_dgram_data *)b->ptr;
|
|
clear_socket_error();
|
|
|
|
if (data->connected)
|
|
ret = writesocket(b->num, in, inl);
|
|
else {
|
|
int peerlen = BIO_ADDR_sockaddr_size(&data->peer);
|
|
|
|
ret = sendto(b->num, in, inl, 0,
|
|
BIO_ADDR_sockaddr(&data->peer), peerlen);
|
|
}
|
|
|
|
BIO_clear_retry_flags(b);
|
|
if (ret <= 0) {
|
|
if (BIO_dgram_should_retry(ret)) {
|
|
BIO_set_retry_write(b);
|
|
data->_errno = get_last_socket_error();
|
|
}
|
|
}
|
|
return ret;
|
|
}
|
|
|
|
static long dgram_get_mtu_overhead(bio_dgram_data *data)
|
|
{
|
|
long ret;
|
|
|
|
switch (BIO_ADDR_family(&data->peer)) {
|
|
case AF_INET:
|
|
/*
|
|
* Assume this is UDP - 20 bytes for IP, 8 bytes for UDP
|
|
*/
|
|
ret = 28;
|
|
break;
|
|
# if OPENSSL_USE_IPV6
|
|
case AF_INET6:
|
|
{
|
|
# ifdef IN6_IS_ADDR_V4MAPPED
|
|
struct in6_addr tmp_addr;
|
|
if (BIO_ADDR_rawaddress(&data->peer, &tmp_addr, NULL)
|
|
&& IN6_IS_ADDR_V4MAPPED(&tmp_addr))
|
|
/*
|
|
* Assume this is UDP - 20 bytes for IP, 8 bytes for UDP
|
|
*/
|
|
ret = 28;
|
|
else
|
|
# endif
|
|
/*
|
|
* Assume this is UDP - 40 bytes for IP, 8 bytes for UDP
|
|
*/
|
|
ret = 48;
|
|
}
|
|
break;
|
|
# endif
|
|
default:
|
|
/* We don't know. Go with the historical default */
|
|
ret = 28;
|
|
break;
|
|
}
|
|
return ret;
|
|
}
|
|
|
|
/* Enables appropriate destination address reception option on the socket. */
|
|
# if defined(SUPPORT_LOCAL_ADDR)
|
|
static int enable_local_addr(BIO *b, int enable) {
|
|
int af = dgram_get_sock_family(b);
|
|
|
|
if (af == AF_INET) {
|
|
# if defined(IP_PKTINFO)
|
|
/* IP_PKTINFO is preferred */
|
|
if (setsockopt(b->num, IPPROTO_IP, IP_PKTINFO,
|
|
(void *)&enable, sizeof(enable)) < 0)
|
|
return 0;
|
|
|
|
return 1;
|
|
|
|
# elif defined(IP_RECVDSTADDR)
|
|
/* Fall back to IP_RECVDSTADDR */
|
|
|
|
if (setsockopt(b->num, IPPROTO_IP, IP_RECVDSTADDR,
|
|
&enable, sizeof(enable)) < 0)
|
|
return 0;
|
|
|
|
return 1;
|
|
# endif
|
|
}
|
|
|
|
# if OPENSSL_USE_IPV6
|
|
if (af == AF_INET6) {
|
|
# if defined(IPV6_RECVPKTINFO)
|
|
if (setsockopt(b->num, IPPROTO_IPV6, IPV6_RECVPKTINFO,
|
|
&enable, sizeof(enable)) < 0)
|
|
return 0;
|
|
|
|
return 1;
|
|
# endif
|
|
}
|
|
# endif
|
|
|
|
return 0;
|
|
}
|
|
# endif
|
|
|
|
static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
|
|
{
|
|
long ret = 1;
|
|
int *ip;
|
|
bio_dgram_data *data = NULL;
|
|
int sockopt_val = 0;
|
|
int d_errno;
|
|
# if defined(OPENSSL_SYS_LINUX) && (defined(IP_MTU_DISCOVER) || defined(IP_MTU))
|
|
socklen_t sockopt_len; /* assume that system supporting IP_MTU is
|
|
* modern enough to define socklen_t */
|
|
socklen_t addr_len;
|
|
BIO_ADDR addr;
|
|
# endif
|
|
|
|
data = (bio_dgram_data *)b->ptr;
|
|
|
|
switch (cmd) {
|
|
case BIO_CTRL_RESET:
|
|
num = 0;
|
|
ret = 0;
|
|
break;
|
|
case BIO_CTRL_INFO:
|
|
ret = 0;
|
|
break;
|
|
case BIO_C_SET_FD:
|
|
dgram_clear(b);
|
|
b->num = *((int *)ptr);
|
|
b->shutdown = (int)num;
|
|
b->init = 1;
|
|
dgram_update_local_addr(b);
|
|
# if defined(SUPPORT_LOCAL_ADDR)
|
|
if (data->local_addr_enabled) {
|
|
if (enable_local_addr(b, 1) < 1)
|
|
data->local_addr_enabled = 0;
|
|
}
|
|
# endif
|
|
break;
|
|
case BIO_C_GET_FD:
|
|
if (b->init) {
|
|
ip = (int *)ptr;
|
|
if (ip != NULL)
|
|
*ip = b->num;
|
|
ret = b->num;
|
|
} else
|
|
ret = -1;
|
|
break;
|
|
case BIO_CTRL_GET_CLOSE:
|
|
ret = b->shutdown;
|
|
break;
|
|
case BIO_CTRL_SET_CLOSE:
|
|
b->shutdown = (int)num;
|
|
break;
|
|
case BIO_CTRL_PENDING:
|
|
case BIO_CTRL_WPENDING:
|
|
ret = 0;
|
|
break;
|
|
case BIO_CTRL_DUP:
|
|
case BIO_CTRL_FLUSH:
|
|
ret = 1;
|
|
break;
|
|
case BIO_CTRL_DGRAM_CONNECT:
|
|
BIO_ADDR_make(&data->peer, BIO_ADDR_sockaddr((BIO_ADDR *)ptr));
|
|
break;
|
|
/* (Linux)kernel sets DF bit on outgoing IP packets */
|
|
case BIO_CTRL_DGRAM_MTU_DISCOVER:
|
|
# if defined(OPENSSL_SYS_LINUX) && defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DO)
|
|
addr_len = (socklen_t) sizeof(addr);
|
|
BIO_ADDR_clear(&addr);
|
|
if (getsockname(b->num, &addr.sa, &addr_len) < 0) {
|
|
ret = 0;
|
|
break;
|
|
}
|
|
switch (addr.sa.sa_family) {
|
|
case AF_INET:
|
|
sockopt_val = IP_PMTUDISC_DO;
|
|
if ((ret = setsockopt(b->num, IPPROTO_IP, IP_MTU_DISCOVER,
|
|
&sockopt_val, sizeof(sockopt_val))) < 0)
|
|
ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
|
|
"calling setsockopt()");
|
|
break;
|
|
# if OPENSSL_USE_IPV6 && defined(IPV6_MTU_DISCOVER) && defined(IPV6_PMTUDISC_DO)
|
|
case AF_INET6:
|
|
sockopt_val = IPV6_PMTUDISC_DO;
|
|
if ((ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_MTU_DISCOVER,
|
|
&sockopt_val, sizeof(sockopt_val))) < 0)
|
|
ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
|
|
"calling setsockopt()");
|
|
break;
|
|
# endif
|
|
default:
|
|
ret = -1;
|
|
break;
|
|
}
|
|
# else
|
|
ret = -1;
|
|
# endif
|
|
break;
|
|
case BIO_CTRL_DGRAM_QUERY_MTU:
|
|
# if defined(OPENSSL_SYS_LINUX) && defined(IP_MTU)
|
|
addr_len = (socklen_t) sizeof(addr);
|
|
BIO_ADDR_clear(&addr);
|
|
if (getsockname(b->num, &addr.sa, &addr_len) < 0) {
|
|
ret = 0;
|
|
break;
|
|
}
|
|
sockopt_len = sizeof(sockopt_val);
|
|
switch (addr.sa.sa_family) {
|
|
case AF_INET:
|
|
if ((ret =
|
|
getsockopt(b->num, IPPROTO_IP, IP_MTU, (void *)&sockopt_val,
|
|
&sockopt_len)) < 0 || sockopt_val < 0) {
|
|
ret = 0;
|
|
} else {
|
|
/*
|
|
* we assume that the transport protocol is UDP and no IP
|
|
* options are used.
|
|
*/
|
|
data->mtu = sockopt_val - 8 - 20;
|
|
ret = data->mtu;
|
|
}
|
|
break;
|
|
# if OPENSSL_USE_IPV6 && defined(IPV6_MTU)
|
|
case AF_INET6:
|
|
if ((ret =
|
|
getsockopt(b->num, IPPROTO_IPV6, IPV6_MTU,
|
|
(void *)&sockopt_val, &sockopt_len)) < 0
|
|
|| sockopt_val < 0) {
|
|
ret = 0;
|
|
} else {
|
|
/*
|
|
* we assume that the transport protocol is UDP and no IPV6
|
|
* options are used.
|
|
*/
|
|
data->mtu = sockopt_val - 8 - 40;
|
|
ret = data->mtu;
|
|
}
|
|
break;
|
|
# endif
|
|
default:
|
|
ret = 0;
|
|
break;
|
|
}
|
|
# else
|
|
ret = 0;
|
|
# endif
|
|
break;
|
|
case BIO_CTRL_DGRAM_GET_FALLBACK_MTU:
|
|
ret = -dgram_get_mtu_overhead(data);
|
|
switch (BIO_ADDR_family(&data->peer)) {
|
|
case AF_INET:
|
|
ret += 576;
|
|
break;
|
|
# if OPENSSL_USE_IPV6
|
|
case AF_INET6:
|
|
{
|
|
# ifdef IN6_IS_ADDR_V4MAPPED
|
|
struct in6_addr tmp_addr;
|
|
if (BIO_ADDR_rawaddress(&data->peer, &tmp_addr, NULL)
|
|
&& IN6_IS_ADDR_V4MAPPED(&tmp_addr))
|
|
ret += 576;
|
|
else
|
|
# endif
|
|
ret += 1280;
|
|
}
|
|
break;
|
|
# endif
|
|
default:
|
|
ret += 576;
|
|
break;
|
|
}
|
|
break;
|
|
case BIO_CTRL_DGRAM_GET_MTU:
|
|
return data->mtu;
|
|
case BIO_CTRL_DGRAM_SET_MTU:
|
|
data->mtu = num;
|
|
ret = num;
|
|
break;
|
|
case BIO_CTRL_DGRAM_SET_CONNECTED:
|
|
if (ptr != NULL) {
|
|
data->connected = 1;
|
|
BIO_ADDR_make(&data->peer, BIO_ADDR_sockaddr((BIO_ADDR *)ptr));
|
|
} else {
|
|
data->connected = 0;
|
|
BIO_ADDR_clear(&data->peer);
|
|
}
|
|
break;
|
|
case BIO_CTRL_DGRAM_GET_PEER:
|
|
ret = BIO_ADDR_sockaddr_size(&data->peer);
|
|
/* FIXME: if num < ret, we will only return part of an address.
|
|
That should bee an error, no? */
|
|
if (num == 0 || num > ret)
|
|
num = ret;
|
|
memcpy(ptr, &data->peer, (ret = num));
|
|
break;
|
|
case BIO_CTRL_DGRAM_SET_PEER:
|
|
BIO_ADDR_make(&data->peer, BIO_ADDR_sockaddr((BIO_ADDR *)ptr));
|
|
break;
|
|
case BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT:
|
|
data->next_timeout = ossl_time_from_timeval(*(struct timeval *)ptr);
|
|
break;
|
|
# if defined(SO_RCVTIMEO)
|
|
case BIO_CTRL_DGRAM_SET_RECV_TIMEOUT:
|
|
# ifdef OPENSSL_SYS_WINDOWS
|
|
{
|
|
struct timeval *tv = (struct timeval *)ptr;
|
|
int timeout = tv->tv_sec * 1000 + tv->tv_usec / 1000;
|
|
|
|
if ((ret = setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
|
|
(void *)&timeout, sizeof(timeout))) < 0)
|
|
ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
|
|
"calling setsockopt()");
|
|
}
|
|
# else
|
|
if ((ret = setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, ptr,
|
|
sizeof(struct timeval))) < 0)
|
|
ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
|
|
"calling setsockopt()");
|
|
# endif
|
|
break;
|
|
case BIO_CTRL_DGRAM_GET_RECV_TIMEOUT:
|
|
{
|
|
# ifdef OPENSSL_SYS_WINDOWS
|
|
int sz = 0;
|
|
int timeout;
|
|
struct timeval *tv = (struct timeval *)ptr;
|
|
|
|
sz = sizeof(timeout);
|
|
if ((ret = getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
|
|
(void *)&timeout, &sz)) < 0) {
|
|
ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
|
|
"calling getsockopt()");
|
|
} else {
|
|
tv->tv_sec = timeout / 1000;
|
|
tv->tv_usec = (timeout % 1000) * 1000;
|
|
ret = sizeof(*tv);
|
|
}
|
|
# else
|
|
socklen_t sz = sizeof(struct timeval);
|
|
if ((ret = getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
|
|
ptr, &sz)) < 0) {
|
|
ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
|
|
"calling getsockopt()");
|
|
} else {
|
|
OPENSSL_assert(sz <= sizeof(struct timeval));
|
|
ret = (int)sz;
|
|
}
|
|
# endif
|
|
}
|
|
break;
|
|
# endif
|
|
# if defined(SO_SNDTIMEO)
|
|
case BIO_CTRL_DGRAM_SET_SEND_TIMEOUT:
|
|
# ifdef OPENSSL_SYS_WINDOWS
|
|
{
|
|
struct timeval *tv = (struct timeval *)ptr;
|
|
int timeout = tv->tv_sec * 1000 + tv->tv_usec / 1000;
|
|
|
|
if ((ret = setsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO,
|
|
(void *)&timeout, sizeof(timeout))) < 0)
|
|
ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
|
|
"calling setsockopt()");
|
|
}
|
|
# else
|
|
if ((ret = setsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, ptr,
|
|
sizeof(struct timeval))) < 0)
|
|
ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
|
|
"calling setsockopt()");
|
|
# endif
|
|
break;
|
|
case BIO_CTRL_DGRAM_GET_SEND_TIMEOUT:
|
|
{
|
|
# ifdef OPENSSL_SYS_WINDOWS
|
|
int sz = 0;
|
|
int timeout;
|
|
struct timeval *tv = (struct timeval *)ptr;
|
|
|
|
sz = sizeof(timeout);
|
|
if ((ret = getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO,
|
|
(void *)&timeout, &sz)) < 0) {
|
|
ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
|
|
"calling getsockopt()");
|
|
} else {
|
|
tv->tv_sec = timeout / 1000;
|
|
tv->tv_usec = (timeout % 1000) * 1000;
|
|
ret = sizeof(*tv);
|
|
}
|
|
# else
|
|
socklen_t sz = sizeof(struct timeval);
|
|
|
|
if ((ret = getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO,
|
|
ptr, &sz)) < 0) {
|
|
ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
|
|
"calling getsockopt()");
|
|
} else {
|
|
OPENSSL_assert(sz <= sizeof(struct timeval));
|
|
ret = (int)sz;
|
|
}
|
|
# endif
|
|
}
|
|
break;
|
|
# endif
|
|
case BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP:
|
|
/* fall-through */
|
|
case BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP:
|
|
# ifdef OPENSSL_SYS_WINDOWS
|
|
d_errno = (data->_errno == WSAETIMEDOUT);
|
|
# else
|
|
d_errno = (data->_errno == EAGAIN);
|
|
# endif
|
|
if (d_errno) {
|
|
ret = 1;
|
|
data->_errno = 0;
|
|
} else
|
|
ret = 0;
|
|
break;
|
|
# ifdef EMSGSIZE
|
|
case BIO_CTRL_DGRAM_MTU_EXCEEDED:
|
|
if (data->_errno == EMSGSIZE) {
|
|
ret = 1;
|
|
data->_errno = 0;
|
|
} else
|
|
ret = 0;
|
|
break;
|
|
# endif
|
|
case BIO_CTRL_DGRAM_SET_DONT_FRAG:
|
|
sockopt_val = num ? 1 : 0;
|
|
|
|
switch (data->peer.sa.sa_family) {
|
|
case AF_INET:
|
|
# if defined(IP_DONTFRAG)
|
|
if ((ret = setsockopt(b->num, IPPROTO_IP, IP_DONTFRAG,
|
|
&sockopt_val, sizeof(sockopt_val))) < 0)
|
|
ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
|
|
"calling setsockopt()");
|
|
# elif defined(OPENSSL_SYS_LINUX) && defined(IP_MTU_DISCOVER) && defined (IP_PMTUDISC_PROBE)
|
|
if ((sockopt_val = num ? IP_PMTUDISC_PROBE : IP_PMTUDISC_DONT),
|
|
(ret = setsockopt(b->num, IPPROTO_IP, IP_MTU_DISCOVER,
|
|
&sockopt_val, sizeof(sockopt_val))) < 0)
|
|
ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
|
|
"calling setsockopt()");
|
|
# elif defined(OPENSSL_SYS_WINDOWS) && defined(IP_DONTFRAGMENT)
|
|
if ((ret = setsockopt(b->num, IPPROTO_IP, IP_DONTFRAGMENT,
|
|
(const char *)&sockopt_val,
|
|
sizeof(sockopt_val))) < 0)
|
|
ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
|
|
"calling setsockopt()");
|
|
# else
|
|
ret = -1;
|
|
# endif
|
|
break;
|
|
# if OPENSSL_USE_IPV6
|
|
case AF_INET6:
|
|
# if defined(IPV6_DONTFRAG)
|
|
if ((ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_DONTFRAG,
|
|
(const void *)&sockopt_val,
|
|
sizeof(sockopt_val))) < 0)
|
|
ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
|
|
"calling setsockopt()");
|
|
|
|
# elif defined(OPENSSL_SYS_LINUX) && defined(IPV6_MTUDISCOVER)
|
|
if ((sockopt_val = num ? IP_PMTUDISC_PROBE : IP_PMTUDISC_DONT),
|
|
(ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_MTU_DISCOVER,
|
|
&sockopt_val, sizeof(sockopt_val))) < 0)
|
|
ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
|
|
"calling setsockopt()");
|
|
# else
|
|
ret = -1;
|
|
# endif
|
|
break;
|
|
# endif
|
|
default:
|
|
ret = -1;
|
|
break;
|
|
}
|
|
break;
|
|
case BIO_CTRL_DGRAM_GET_MTU_OVERHEAD:
|
|
ret = dgram_get_mtu_overhead(data);
|
|
break;
|
|
|
|
/*
|
|
* BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE is used here for compatibility
|
|
* reasons. When BIO_CTRL_DGRAM_SET_PEEK_MODE was first defined its value
|
|
* was incorrectly clashing with BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE. The
|
|
* value has been updated to a non-clashing value. However to preserve
|
|
* binary compatibility we now respond to both the old value and the new one
|
|
*/
|
|
case BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE:
|
|
case BIO_CTRL_DGRAM_SET_PEEK_MODE:
|
|
data->peekmode = (unsigned int)num;
|
|
break;
|
|
|
|
case BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP:
|
|
# if defined(SUPPORT_LOCAL_ADDR)
|
|
ret = 1;
|
|
# else
|
|
ret = 0;
|
|
# endif
|
|
break;
|
|
|
|
case BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE:
|
|
# if defined(SUPPORT_LOCAL_ADDR)
|
|
num = num > 0;
|
|
if (num != data->local_addr_enabled) {
|
|
if (enable_local_addr(b, num) < 1) {
|
|
ret = 0;
|
|
break;
|
|
}
|
|
|
|
data->local_addr_enabled = (char)num;
|
|
}
|
|
# else
|
|
ret = 0;
|
|
# endif
|
|
break;
|
|
|
|
case BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE:
|
|
*(int *)ptr = data->local_addr_enabled;
|
|
break;
|
|
|
|
default:
|
|
ret = 0;
|
|
break;
|
|
}
|
|
/* Normalize if error */
|
|
if (ret < 0)
|
|
ret = -1;
|
|
return ret;
|
|
}
|
|
|
|
static int dgram_puts(BIO *bp, const char *str)
|
|
{
|
|
int n, ret;
|
|
|
|
n = strlen(str);
|
|
ret = dgram_write(bp, str, n);
|
|
return ret;
|
|
}
|
|
|
|
# if M_METHOD == M_METHOD_WSARECVMSG
|
|
static void translate_msg_win(BIO *b, WSAMSG *mh, WSABUF *iov,
|
|
unsigned char *control, BIO_MSG *msg)
|
|
{
|
|
iov->len = msg->data_len;
|
|
iov->buf = msg->data;
|
|
|
|
/* Windows requires namelen to be set exactly */
|
|
mh->name = msg->peer != NULL ? &msg->peer->sa : NULL;
|
|
if (msg->peer != NULL && dgram_get_sock_family(b) == AF_INET)
|
|
mh->namelen = sizeof(struct sockaddr_in);
|
|
# if OPENSSL_USE_IPV6
|
|
else if (msg->peer != NULL && dgram_get_sock_family(b) == AF_INET6)
|
|
mh->namelen = sizeof(struct sockaddr_in6);
|
|
# endif
|
|
else
|
|
mh->namelen = 0;
|
|
|
|
/*
|
|
* When local address reception (IP_PKTINFO, etc.) is enabled, on Windows
|
|
* this causes WSARecvMsg to fail if the control buffer is too small to hold
|
|
* the structure, or if no control buffer is passed. So we need to give it
|
|
* the control buffer even if we aren't actually going to examine the
|
|
* result.
|
|
*/
|
|
mh->lpBuffers = iov;
|
|
mh->dwBufferCount = 1;
|
|
mh->Control.len = BIO_CMSG_ALLOC_LEN;
|
|
mh->Control.buf = control;
|
|
mh->dwFlags = 0;
|
|
}
|
|
# endif
|
|
|
|
# if M_METHOD == M_METHOD_RECVMMSG || M_METHOD == M_METHOD_RECVMSG
|
|
/* Translates a BIO_MSG to a msghdr and iovec. */
|
|
static void translate_msg(BIO *b, struct msghdr *mh, struct iovec *iov,
|
|
unsigned char *control, BIO_MSG *msg)
|
|
{
|
|
iov->iov_base = msg->data;
|
|
iov->iov_len = msg->data_len;
|
|
|
|
/* macOS requires msg_namelen be 0 if msg_name is NULL */
|
|
mh->msg_name = msg->peer != NULL ? &msg->peer->sa : NULL;
|
|
if (msg->peer != NULL && dgram_get_sock_family(b) == AF_INET)
|
|
mh->msg_namelen = sizeof(struct sockaddr_in);
|
|
# if OPENSSL_USE_IPV6
|
|
else if (msg->peer != NULL && dgram_get_sock_family(b) == AF_INET6)
|
|
mh->msg_namelen = sizeof(struct sockaddr_in6);
|
|
# endif
|
|
else
|
|
mh->msg_namelen = 0;
|
|
|
|
mh->msg_iov = iov;
|
|
mh->msg_iovlen = 1;
|
|
mh->msg_control = msg->local != NULL ? control : NULL;
|
|
mh->msg_controllen = msg->local != NULL ? BIO_CMSG_ALLOC_LEN : 0;
|
|
mh->msg_flags = 0;
|
|
}
|
|
# endif
|
|
|
|
# if M_METHOD == M_METHOD_RECVMMSG || M_METHOD == M_METHOD_RECVMSG || M_METHOD == M_METHOD_WSARECVMSG
|
|
/* Extracts destination address from the control buffer. */
|
|
static int extract_local(BIO *b, MSGHDR_TYPE *mh, BIO_ADDR *local) {
|
|
# if defined(IP_PKTINFO) || defined(IP_RECVDSTADDR) || defined(IPV6_PKTINFO)
|
|
CMSGHDR_TYPE *cmsg;
|
|
int af = dgram_get_sock_family(b);
|
|
|
|
for (cmsg = BIO_CMSG_FIRSTHDR(mh); cmsg != NULL;
|
|
cmsg = BIO_CMSG_NXTHDR(mh, cmsg)) {
|
|
if (af == AF_INET) {
|
|
if (cmsg->cmsg_level != IPPROTO_IP)
|
|
continue;
|
|
|
|
# if defined(IP_PKTINFO)
|
|
if (cmsg->cmsg_type != IP_PKTINFO)
|
|
continue;
|
|
|
|
local->s_in.sin_addr =
|
|
((struct in_pktinfo *)BIO_CMSG_DATA(cmsg))->ipi_addr;
|
|
|
|
# elif defined(IP_RECVDSTADDR)
|
|
if (cmsg->cmsg_type != IP_RECVDSTADDR)
|
|
continue;
|
|
|
|
local->s_in.sin_addr = *(struct in_addr *)BIO_CMSG_DATA(cmsg);
|
|
# endif
|
|
|
|
# if defined(IP_PKTINFO) || defined(IP_RECVDSTADDR)
|
|
{
|
|
bio_dgram_data *data = b->ptr;
|
|
|
|
local->s_in.sin_family = AF_INET;
|
|
local->s_in.sin_port = data->local_addr.s_in.sin_port;
|
|
}
|
|
return 1;
|
|
# endif
|
|
}
|
|
# if OPENSSL_USE_IPV6
|
|
else if (af == AF_INET6) {
|
|
if (cmsg->cmsg_level != IPPROTO_IPV6)
|
|
continue;
|
|
|
|
# if defined(IPV6_RECVPKTINFO)
|
|
if (cmsg->cmsg_type != IPV6_PKTINFO)
|
|
continue;
|
|
|
|
{
|
|
bio_dgram_data *data = b->ptr;
|
|
|
|
local->s_in6.sin6_addr =
|
|
((struct in6_pktinfo *)BIO_CMSG_DATA(cmsg))->ipi6_addr;
|
|
local->s_in6.sin6_family = AF_INET6;
|
|
local->s_in6.sin6_port = data->local_addr.s_in6.sin6_port;
|
|
local->s_in6.sin6_scope_id =
|
|
data->local_addr.s_in6.sin6_scope_id;
|
|
local->s_in6.sin6_flowinfo = 0;
|
|
}
|
|
return 1;
|
|
# endif
|
|
}
|
|
# endif
|
|
}
|
|
# endif
|
|
|
|
return 0;
|
|
}
|
|
|
|
static int pack_local(BIO *b, MSGHDR_TYPE *mh, const BIO_ADDR *local) {
|
|
int af = dgram_get_sock_family(b);
|
|
# if defined(IP_PKTINFO) || defined(IP_RECVDSTADDR) || defined(IPV6_PKTINFO)
|
|
CMSGHDR_TYPE *cmsg;
|
|
bio_dgram_data *data = b->ptr;
|
|
# endif
|
|
|
|
if (af == AF_INET) {
|
|
# if defined(IP_PKTINFO)
|
|
struct in_pktinfo *info;
|
|
|
|
# if defined(OPENSSL_SYS_WINDOWS)
|
|
cmsg = (CMSGHDR_TYPE *)mh->Control.buf;
|
|
# else
|
|
cmsg = (CMSGHDR_TYPE *)mh->msg_control;
|
|
# endif
|
|
|
|
cmsg->cmsg_len = BIO_CMSG_LEN(sizeof(struct in_pktinfo));
|
|
cmsg->cmsg_level = IPPROTO_IP;
|
|
cmsg->cmsg_type = IP_PKTINFO;
|
|
|
|
info = (struct in_pktinfo *)BIO_CMSG_DATA(cmsg);
|
|
# if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_CYGWIN)
|
|
info->ipi_spec_dst = local->s_in.sin_addr;
|
|
# endif
|
|
info->ipi_addr.s_addr = 0;
|
|
info->ipi_ifindex = 0;
|
|
|
|
/*
|
|
* We cannot override source port using this API, therefore
|
|
* ensure the application specified a source port of 0
|
|
* or the one we are bound to. (Better to error than silently
|
|
* ignore this.)
|
|
*/
|
|
if (local->s_in.sin_port != 0
|
|
&& data->local_addr.s_in.sin_port != local->s_in.sin_port) {
|
|
ERR_raise(ERR_LIB_BIO, BIO_R_PORT_MISMATCH);
|
|
return 0;
|
|
}
|
|
|
|
# if defined(OPENSSL_SYS_WINDOWS)
|
|
mh->Control.len = BIO_CMSG_SPACE(sizeof(struct in_pktinfo));
|
|
# else
|
|
mh->msg_controllen = BIO_CMSG_SPACE(sizeof(struct in_pktinfo));
|
|
# endif
|
|
return 1;
|
|
|
|
# elif defined(IP_SENDSRCADDR)
|
|
struct in_addr *info;
|
|
|
|
/*
|
|
* At least FreeBSD is very pedantic about using IP_SENDSRCADDR when we
|
|
* are not bound to 0.0.0.0 or ::, even if the address matches what we
|
|
* bound to. Support this by not packing the structure if the address
|
|
* matches our understanding of our local address. IP_SENDSRCADDR is a
|
|
* BSD thing, so we don't need an explicit test for BSD here.
|
|
*/
|
|
if (local->s_in.sin_addr.s_addr == data->local_addr.s_in.sin_addr.s_addr) {
|
|
mh->msg_control = NULL;
|
|
mh->msg_controllen = 0;
|
|
return 1;
|
|
}
|
|
|
|
cmsg = (struct cmsghdr *)mh->msg_control;
|
|
cmsg->cmsg_len = BIO_CMSG_LEN(sizeof(struct in_addr));
|
|
cmsg->cmsg_level = IPPROTO_IP;
|
|
cmsg->cmsg_type = IP_SENDSRCADDR;
|
|
|
|
info = (struct in_addr *)BIO_CMSG_DATA(cmsg);
|
|
*info = local->s_in.sin_addr;
|
|
|
|
/* See comment above. */
|
|
if (local->s_in.sin_port != 0
|
|
&& data->local_addr.s_in.sin_port != local->s_in.sin_port) {
|
|
ERR_raise(ERR_LIB_BIO, BIO_R_PORT_MISMATCH);
|
|
return 0;
|
|
}
|
|
|
|
mh->msg_controllen = BIO_CMSG_SPACE(sizeof(struct in_addr));
|
|
return 1;
|
|
# endif
|
|
}
|
|
# if OPENSSL_USE_IPV6
|
|
else if (af == AF_INET6) {
|
|
# if defined(IPV6_PKTINFO)
|
|
struct in6_pktinfo *info;
|
|
|
|
# if defined(OPENSSL_SYS_WINDOWS)
|
|
cmsg = (CMSGHDR_TYPE *)mh->Control.buf;
|
|
# else
|
|
cmsg = (CMSGHDR_TYPE *)mh->msg_control;
|
|
# endif
|
|
cmsg->cmsg_len = BIO_CMSG_LEN(sizeof(struct in6_pktinfo));
|
|
cmsg->cmsg_level = IPPROTO_IPV6;
|
|
cmsg->cmsg_type = IPV6_PKTINFO;
|
|
|
|
info = (struct in6_pktinfo *)BIO_CMSG_DATA(cmsg);
|
|
info->ipi6_addr = local->s_in6.sin6_addr;
|
|
info->ipi6_ifindex = 0;
|
|
|
|
/*
|
|
* See comment above, but also applies to the other fields
|
|
* in sockaddr_in6.
|
|
*/
|
|
if (local->s_in6.sin6_port != 0
|
|
&& data->local_addr.s_in6.sin6_port != local->s_in6.sin6_port) {
|
|
ERR_raise(ERR_LIB_BIO, BIO_R_PORT_MISMATCH);
|
|
return 0;
|
|
}
|
|
|
|
if (local->s_in6.sin6_scope_id != 0
|
|
&& data->local_addr.s_in6.sin6_scope_id != local->s_in6.sin6_scope_id) {
|
|
ERR_raise(ERR_LIB_BIO, BIO_R_PORT_MISMATCH);
|
|
return 0;
|
|
}
|
|
|
|
# if defined(OPENSSL_SYS_WINDOWS)
|
|
mh->Control.len = BIO_CMSG_SPACE(sizeof(struct in6_pktinfo));
|
|
# else
|
|
mh->msg_controllen = BIO_CMSG_SPACE(sizeof(struct in6_pktinfo));
|
|
# endif
|
|
return 1;
|
|
# endif
|
|
}
|
|
# endif
|
|
|
|
return 0;
|
|
}
|
|
# endif
|
|
|
|
/*
|
|
* Converts flags passed to BIO_sendmmsg or BIO_recvmmsg to syscall flags. You
|
|
* should mask out any system flags returned by this function you cannot support
|
|
* in a particular circumstance. Currently no flags are defined.
|
|
*/
|
|
# if M_METHOD != M_METHOD_NONE
|
|
static int translate_flags(uint64_t flags) {
|
|
return 0;
|
|
}
|
|
# endif
|
|
|
|
static int dgram_sendmmsg(BIO *b, BIO_MSG *msg, size_t stride,
|
|
size_t num_msg, uint64_t flags, size_t *num_processed)
|
|
{
|
|
# if M_METHOD != M_METHOD_NONE && M_METHOD != M_METHOD_RECVMSG
|
|
int ret;
|
|
# endif
|
|
# if M_METHOD == M_METHOD_RECVMMSG
|
|
# define BIO_MAX_MSGS_PER_CALL 64
|
|
int sysflags;
|
|
bio_dgram_data *data = (bio_dgram_data *)b->ptr;
|
|
size_t i;
|
|
struct mmsghdr mh[BIO_MAX_MSGS_PER_CALL];
|
|
struct iovec iov[BIO_MAX_MSGS_PER_CALL];
|
|
unsigned char control[BIO_MAX_MSGS_PER_CALL][BIO_CMSG_ALLOC_LEN];
|
|
int have_local_enabled = data->local_addr_enabled;
|
|
# elif M_METHOD == M_METHOD_RECVMSG
|
|
int sysflags;
|
|
bio_dgram_data *data = (bio_dgram_data *)b->ptr;
|
|
ossl_ssize_t l;
|
|
struct msghdr mh;
|
|
struct iovec iov;
|
|
unsigned char control[BIO_CMSG_ALLOC_LEN];
|
|
int have_local_enabled = data->local_addr_enabled;
|
|
# elif M_METHOD == M_METHOD_WSARECVMSG
|
|
bio_dgram_data *data = (bio_dgram_data *)b->ptr;
|
|
int have_local_enabled = data->local_addr_enabled;
|
|
WSAMSG wmsg;
|
|
WSABUF wbuf;
|
|
DWORD num_bytes_sent = 0;
|
|
unsigned char control[BIO_CMSG_ALLOC_LEN];
|
|
# endif
|
|
# if M_METHOD == M_METHOD_RECVFROM || M_METHOD == M_METHOD_WSARECVMSG
|
|
int sysflags;
|
|
# endif
|
|
|
|
if (num_msg == 0) {
|
|
*num_processed = 0;
|
|
return 1;
|
|
}
|
|
|
|
if (num_msg > OSSL_SSIZE_MAX)
|
|
num_msg = OSSL_SSIZE_MAX;
|
|
|
|
# if M_METHOD != M_METHOD_NONE
|
|
sysflags = translate_flags(flags);
|
|
# endif
|
|
|
|
# if M_METHOD == M_METHOD_RECVMMSG
|
|
/*
|
|
* In the sendmmsg/recvmmsg case, we need to allocate our translated struct
|
|
* msghdr and struct iovec on the stack to support multithreaded use. Thus
|
|
* we place a fixed limit on the number of messages per call, in the
|
|
* expectation that we will be called again if there were more messages to
|
|
* be sent.
|
|
*/
|
|
if (num_msg > BIO_MAX_MSGS_PER_CALL)
|
|
num_msg = BIO_MAX_MSGS_PER_CALL;
|
|
|
|
for (i = 0; i < num_msg; ++i) {
|
|
translate_msg(b, &mh[i].msg_hdr, &iov[i],
|
|
control[i], &BIO_MSG_N(msg, stride, i));
|
|
|
|
/* If local address was requested, it must have been enabled */
|
|
if (BIO_MSG_N(msg, stride, i).local != NULL) {
|
|
if (!have_local_enabled) {
|
|
ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
|
|
*num_processed = 0;
|
|
return 0;
|
|
}
|
|
|
|
if (pack_local(b, &mh[i].msg_hdr,
|
|
BIO_MSG_N(msg, stride, i).local) < 1) {
|
|
ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
|
|
*num_processed = 0;
|
|
return 0;
|
|
}
|
|
}
|
|
}
|
|
|
|
/* Do the batch */
|
|
ret = sendmmsg(b->num, mh, num_msg, sysflags);
|
|
if (ret < 0) {
|
|
ERR_raise(ERR_LIB_SYS, get_last_socket_error());
|
|
*num_processed = 0;
|
|
return 0;
|
|
}
|
|
|
|
for (i = 0; i < (size_t)ret; ++i) {
|
|
BIO_MSG_N(msg, stride, i).data_len = mh[i].msg_len;
|
|
BIO_MSG_N(msg, stride, i).flags = 0;
|
|
}
|
|
|
|
*num_processed = (size_t)ret;
|
|
return 1;
|
|
|
|
# elif M_METHOD == M_METHOD_RECVMSG
|
|
/*
|
|
* If sendmsg is available, use it.
|
|
*/
|
|
translate_msg(b, &mh, &iov, control, msg);
|
|
|
|
if (msg->local != NULL) {
|
|
if (!have_local_enabled) {
|
|
ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
|
|
*num_processed = 0;
|
|
return 0;
|
|
}
|
|
|
|
if (pack_local(b, &mh, msg->local) < 1) {
|
|
ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
|
|
*num_processed = 0;
|
|
return 0;
|
|
}
|
|
}
|
|
|
|
l = sendmsg(b->num, &mh, sysflags);
|
|
if (l < 0) {
|
|
ERR_raise(ERR_LIB_SYS, get_last_socket_error());
|
|
*num_processed = 0;
|
|
return 0;
|
|
}
|
|
|
|
msg->data_len = (size_t)l;
|
|
msg->flags = 0;
|
|
*num_processed = 1;
|
|
return 1;
|
|
|
|
# elif M_METHOD == M_METHOD_WSARECVMSG || M_METHOD == M_METHOD_RECVFROM
|
|
# if M_METHOD == M_METHOD_WSARECVMSG
|
|
if (bio_WSASendMsg != NULL) {
|
|
/* WSASendMsg-based implementation for Windows. */
|
|
translate_msg_win(b, &wmsg, &wbuf, control, msg);
|
|
|
|
if (msg[0].local != NULL) {
|
|
if (!have_local_enabled) {
|
|
ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
|
|
*num_processed = 0;
|
|
return 0;
|
|
}
|
|
|
|
if (pack_local(b, &wmsg, msg[0].local) < 1) {
|
|
ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
|
|
*num_processed = 0;
|
|
return 0;
|
|
}
|
|
}
|
|
|
|
ret = WSASendMsg((SOCKET)b->num, &wmsg, 0, &num_bytes_sent, NULL, NULL);
|
|
if (ret < 0) {
|
|
ERR_raise(ERR_LIB_SYS, get_last_socket_error());
|
|
*num_processed = 0;
|
|
return 0;
|
|
}
|
|
|
|
msg[0].data_len = num_bytes_sent;
|
|
msg[0].flags = 0;
|
|
*num_processed = 1;
|
|
return 1;
|
|
}
|
|
# endif
|
|
|
|
/*
|
|
* Fallback to sendto and send a single message.
|
|
*/
|
|
if (msg[0].local != NULL) {
|
|
/*
|
|
* We cannot set the local address if using sendto
|
|
* so fail in this case
|
|
*/
|
|
ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
|
|
*num_processed = 0;
|
|
return 0;
|
|
}
|
|
|
|
ret = sendto(b->num, msg[0].data,
|
|
# if defined(OPENSSL_SYS_WINDOWS)
|
|
(int)msg[0].data_len,
|
|
# else
|
|
msg[0].data_len,
|
|
# endif
|
|
sysflags,
|
|
msg[0].peer != NULL ? &msg[0].peer->sa : NULL,
|
|
msg[0].peer != NULL ? sizeof(*msg[0].peer) : 0);
|
|
if (ret <= 0) {
|
|
ERR_raise(ERR_LIB_SYS, get_last_socket_error());
|
|
*num_processed = 0;
|
|
return 0;
|
|
}
|
|
|
|
msg[0].data_len = ret;
|
|
msg[0].flags = 0;
|
|
*num_processed = 1;
|
|
return 1;
|
|
|
|
# else
|
|
ERR_raise(ERR_LIB_BIO, BIO_R_UNSUPPORTED_METHOD);
|
|
*num_processed = 0;
|
|
return 0;
|
|
# endif
|
|
}
|
|
|
|
static int dgram_recvmmsg(BIO *b, BIO_MSG *msg,
|
|
size_t stride, size_t num_msg,
|
|
uint64_t flags, size_t *num_processed)
|
|
{
|
|
# if M_METHOD != M_METHOD_NONE && M_METHOD != M_METHOD_RECVMSG
|
|
int ret;
|
|
# endif
|
|
# if M_METHOD == M_METHOD_RECVMMSG
|
|
int sysflags;
|
|
bio_dgram_data *data = (bio_dgram_data *)b->ptr;
|
|
size_t i;
|
|
struct mmsghdr mh[BIO_MAX_MSGS_PER_CALL];
|
|
struct iovec iov[BIO_MAX_MSGS_PER_CALL];
|
|
unsigned char control[BIO_MAX_MSGS_PER_CALL][BIO_CMSG_ALLOC_LEN];
|
|
int have_local_enabled = data->local_addr_enabled;
|
|
# elif M_METHOD == M_METHOD_RECVMSG
|
|
int sysflags;
|
|
bio_dgram_data *data = (bio_dgram_data *)b->ptr;
|
|
ossl_ssize_t l;
|
|
struct msghdr mh;
|
|
struct iovec iov;
|
|
unsigned char control[BIO_CMSG_ALLOC_LEN];
|
|
int have_local_enabled = data->local_addr_enabled;
|
|
# elif M_METHOD == M_METHOD_WSARECVMSG
|
|
bio_dgram_data *data = (bio_dgram_data *)b->ptr;
|
|
int have_local_enabled = data->local_addr_enabled;
|
|
WSAMSG wmsg;
|
|
WSABUF wbuf;
|
|
DWORD num_bytes_received = 0;
|
|
unsigned char control[BIO_CMSG_ALLOC_LEN];
|
|
# endif
|
|
# if M_METHOD == M_METHOD_RECVFROM || M_METHOD == M_METHOD_WSARECVMSG
|
|
int sysflags;
|
|
socklen_t slen;
|
|
# endif
|
|
|
|
if (num_msg == 0) {
|
|
*num_processed = 0;
|
|
return 1;
|
|
}
|
|
|
|
if (num_msg > OSSL_SSIZE_MAX)
|
|
num_msg = OSSL_SSIZE_MAX;
|
|
|
|
# if M_METHOD != M_METHOD_NONE
|
|
sysflags = translate_flags(flags);
|
|
# endif
|
|
|
|
# if M_METHOD == M_METHOD_RECVMMSG
|
|
/*
|
|
* In the sendmmsg/recvmmsg case, we need to allocate our translated struct
|
|
* msghdr and struct iovec on the stack to support multithreaded use. Thus
|
|
* we place a fixed limit on the number of messages per call, in the
|
|
* expectation that we will be called again if there were more messages to
|
|
* be sent.
|
|
*/
|
|
if (num_msg > BIO_MAX_MSGS_PER_CALL)
|
|
num_msg = BIO_MAX_MSGS_PER_CALL;
|
|
|
|
for (i = 0; i < num_msg; ++i) {
|
|
translate_msg(b, &mh[i].msg_hdr, &iov[i],
|
|
control[i], &BIO_MSG_N(msg, stride, i));
|
|
|
|
/* If local address was requested, it must have been enabled */
|
|
if (BIO_MSG_N(msg, stride, i).local != NULL && !have_local_enabled) {
|
|
ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
|
|
*num_processed = 0;
|
|
return 0;
|
|
}
|
|
}
|
|
|
|
/* Do the batch */
|
|
ret = recvmmsg(b->num, mh, num_msg, sysflags, NULL);
|
|
if (ret < 0) {
|
|
ERR_raise(ERR_LIB_SYS, get_last_socket_error());
|
|
*num_processed = 0;
|
|
return 0;
|
|
}
|
|
|
|
for (i = 0; i < (size_t)ret; ++i) {
|
|
BIO_MSG_N(msg, stride, i).data_len = mh[i].msg_len;
|
|
BIO_MSG_N(msg, stride, i).flags = 0;
|
|
/*
|
|
* *(msg->peer) will have been filled in by recvmmsg;
|
|
* for msg->local we parse the control data returned
|
|
*/
|
|
if (BIO_MSG_N(msg, stride, i).local != NULL)
|
|
if (extract_local(b, &mh[i].msg_hdr,
|
|
BIO_MSG_N(msg, stride, i).local) < 1)
|
|
/*
|
|
* It appears BSDs do not support local addresses for
|
|
* loopback sockets. In this case, just clear the local
|
|
* address, as for OS X and Windows in some circumstances
|
|
* (see below).
|
|
*/
|
|
BIO_ADDR_clear(msg->local);
|
|
}
|
|
|
|
*num_processed = (size_t)ret;
|
|
return 1;
|
|
|
|
# elif M_METHOD == M_METHOD_RECVMSG
|
|
/*
|
|
* If recvmsg is available, use it.
|
|
*/
|
|
translate_msg(b, &mh, &iov, control, msg);
|
|
|
|
/* If local address was requested, it must have been enabled */
|
|
if (msg->local != NULL && !have_local_enabled) {
|
|
/*
|
|
* If we have done at least one message, we must return the
|
|
* count; if we haven't done any, we can give an error code
|
|
*/
|
|
ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
|
|
*num_processed = 0;
|
|
return 0;
|
|
}
|
|
|
|
l = recvmsg(b->num, &mh, sysflags);
|
|
if (l < 0) {
|
|
ERR_raise(ERR_LIB_SYS, get_last_socket_error());
|
|
*num_processed = 0;
|
|
return 0;
|
|
}
|
|
|
|
msg->data_len = (size_t)l;
|
|
msg->flags = 0;
|
|
|
|
if (msg->local != NULL)
|
|
if (extract_local(b, &mh, msg->local) < 1)
|
|
/*
|
|
* OS X exhibits odd behaviour where it appears that if a packet is
|
|
* sent before the receiving interface enables IP_PKTINFO, it will
|
|
* sometimes not have any control data returned even if the
|
|
* receiving interface enables IP_PKTINFO before calling recvmsg().
|
|
* This appears to occur non-deterministically. Presumably, OS X
|
|
* handles IP_PKTINFO at the time the packet is enqueued into a
|
|
* socket's receive queue, rather than at the time recvmsg() is
|
|
* called, unlike most other operating systems. Thus (if this
|
|
* hypothesis is correct) there is a race between where IP_PKTINFO
|
|
* is enabled by the process and when the kernel's network stack
|
|
* queues the incoming message.
|
|
*
|
|
* We cannot return the local address if we do not have it, but this
|
|
* is not a caller error either, so just return a zero address
|
|
* structure. This is similar to how we handle Windows loopback
|
|
* interfaces (see below). We enable this workaround for all
|
|
* platforms, not just Apple, as this kind of quirk in OS networking
|
|
* stacks seems to be common enough that failing hard if a local
|
|
* address is not provided appears to be too brittle.
|
|
*/
|
|
BIO_ADDR_clear(msg->local);
|
|
|
|
*num_processed = 1;
|
|
return 1;
|
|
|
|
# elif M_METHOD == M_METHOD_RECVFROM || M_METHOD == M_METHOD_WSARECVMSG
|
|
# if M_METHOD == M_METHOD_WSARECVMSG
|
|
if (bio_WSARecvMsg != NULL) {
|
|
/* WSARecvMsg-based implementation for Windows. */
|
|
translate_msg_win(b, &wmsg, &wbuf, control, msg);
|
|
|
|
/* If local address was requested, it must have been enabled */
|
|
if (msg[0].local != NULL && !have_local_enabled) {
|
|
ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
|
|
*num_processed = 0;
|
|
return 0;
|
|
}
|
|
|
|
ret = WSARecvMsg((SOCKET)b->num, &wmsg, &num_bytes_received, NULL, NULL);
|
|
if (ret < 0) {
|
|
ERR_raise(ERR_LIB_SYS, get_last_socket_error());
|
|
*num_processed = 0;
|
|
return 0;
|
|
}
|
|
|
|
msg[0].data_len = num_bytes_received;
|
|
msg[0].flags = 0;
|
|
if (msg[0].local != NULL)
|
|
if (extract_local(b, &wmsg, msg[0].local) < 1)
|
|
/*
|
|
* On Windows, loopback is not a "proper" interface and it works
|
|
* differently; packets are essentially short-circuited and
|
|
* don't go through all of the normal processing. A consequence
|
|
* of this is that packets sent from the local machine to the
|
|
* local machine _will not have IP_PKTINFO_ even if the
|
|
* IP_PKTINFO socket option is enabled. WSARecvMsg just sets
|
|
* Control.len to 0 on returning.
|
|
*
|
|
* This applies regardless of whether the loopback address,
|
|
* 127.0.0.1 is used, or a local interface address (e.g.
|
|
* 192.168.1.1); in both cases IP_PKTINFO will not be present.
|
|
*
|
|
* We report this condition by setting the local BIO_ADDR's
|
|
* family to 0.
|
|
*/
|
|
BIO_ADDR_clear(msg[0].local);
|
|
|
|
*num_processed = 1;
|
|
return 1;
|
|
}
|
|
# endif
|
|
|
|
/*
|
|
* Fallback to recvfrom and receive a single message.
|
|
*/
|
|
if (msg[0].local != NULL) {
|
|
/*
|
|
* We cannot determine the local address if using recvfrom
|
|
* so fail in this case
|
|
*/
|
|
ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
|
|
*num_processed = 0;
|
|
return 0;
|
|
}
|
|
|
|
slen = sizeof(*msg[0].peer);
|
|
ret = recvfrom(b->num, msg[0].data,
|
|
# if defined(OPENSSL_SYS_WINDOWS)
|
|
(int)msg[0].data_len,
|
|
# else
|
|
msg[0].data_len,
|
|
# endif
|
|
sysflags,
|
|
msg[0].peer != NULL ? &msg[0].peer->sa : NULL,
|
|
msg[0].peer != NULL ? &slen : NULL);
|
|
if (ret <= 0) {
|
|
ERR_raise(ERR_LIB_SYS, get_last_socket_error());
|
|
return 0;
|
|
}
|
|
|
|
msg[0].data_len = ret;
|
|
msg[0].flags = 0;
|
|
*num_processed = 1;
|
|
return 1;
|
|
|
|
# else
|
|
ERR_raise(ERR_LIB_BIO, BIO_R_UNSUPPORTED_METHOD);
|
|
*num_processed = 0;
|
|
return 0;
|
|
# endif
|
|
}
|
|
|
|
# ifndef OPENSSL_NO_SCTP
|
|
const BIO_METHOD *BIO_s_datagram_sctp(void)
|
|
{
|
|
return &methods_dgramp_sctp;
|
|
}
|
|
|
|
BIO *BIO_new_dgram_sctp(int fd, int close_flag)
|
|
{
|
|
BIO *bio;
|
|
int ret, optval = 20000;
|
|
int auth_data = 0, auth_forward = 0;
|
|
unsigned char *p;
|
|
struct sctp_authchunk auth;
|
|
struct sctp_authchunks *authchunks;
|
|
socklen_t sockopt_len;
|
|
# ifdef SCTP_AUTHENTICATION_EVENT
|
|
# ifdef SCTP_EVENT
|
|
struct sctp_event event;
|
|
# else
|
|
struct sctp_event_subscribe event;
|
|
# endif
|
|
# endif
|
|
|
|
bio = BIO_new(BIO_s_datagram_sctp());
|
|
if (bio == NULL)
|
|
return NULL;
|
|
BIO_set_fd(bio, fd, close_flag);
|
|
|
|
/* Activate SCTP-AUTH for DATA and FORWARD-TSN chunks */
|
|
auth.sauth_chunk = OPENSSL_SCTP_DATA_CHUNK_TYPE;
|
|
ret =
|
|
setsockopt(fd, IPPROTO_SCTP, SCTP_AUTH_CHUNK, &auth,
|
|
sizeof(struct sctp_authchunk));
|
|
if (ret < 0) {
|
|
BIO_vfree(bio);
|
|
ERR_raise_data(ERR_LIB_BIO, ERR_R_SYS_LIB,
|
|
"Ensure SCTP AUTH chunks are enabled in kernel");
|
|
return NULL;
|
|
}
|
|
auth.sauth_chunk = OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE;
|
|
ret =
|
|
setsockopt(fd, IPPROTO_SCTP, SCTP_AUTH_CHUNK, &auth,
|
|
sizeof(struct sctp_authchunk));
|
|
if (ret < 0) {
|
|
BIO_vfree(bio);
|
|
ERR_raise_data(ERR_LIB_BIO, ERR_R_SYS_LIB,
|
|
"Ensure SCTP AUTH chunks are enabled in kernel");
|
|
return NULL;
|
|
}
|
|
|
|
/*
|
|
* Test if activation was successful. When using accept(), SCTP-AUTH has
|
|
* to be activated for the listening socket already, otherwise the
|
|
* connected socket won't use it. Similarly with connect(): the socket
|
|
* prior to connection must be activated for SCTP-AUTH
|
|
*/
|
|
sockopt_len = (socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t));
|
|
authchunks = OPENSSL_zalloc(sockopt_len);
|
|
if (authchunks == NULL) {
|
|
BIO_vfree(bio);
|
|
return NULL;
|
|
}
|
|
ret = getsockopt(fd, IPPROTO_SCTP, SCTP_LOCAL_AUTH_CHUNKS, authchunks,
|
|
&sockopt_len);
|
|
if (ret < 0) {
|
|
OPENSSL_free(authchunks);
|
|
BIO_vfree(bio);
|
|
return NULL;
|
|
}
|
|
|
|
for (p = (unsigned char *)authchunks->gauth_chunks;
|
|
p < (unsigned char *)authchunks + sockopt_len;
|
|
p += sizeof(uint8_t)) {
|
|
if (*p == OPENSSL_SCTP_DATA_CHUNK_TYPE)
|
|
auth_data = 1;
|
|
if (*p == OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE)
|
|
auth_forward = 1;
|
|
}
|
|
|
|
OPENSSL_free(authchunks);
|
|
|
|
if (!auth_data || !auth_forward) {
|
|
BIO_vfree(bio);
|
|
ERR_raise_data(ERR_LIB_BIO, ERR_R_SYS_LIB,
|
|
"Ensure SCTP AUTH chunks are enabled on the "
|
|
"underlying socket");
|
|
return NULL;
|
|
}
|
|
|
|
# ifdef SCTP_AUTHENTICATION_EVENT
|
|
# ifdef SCTP_EVENT
|
|
memset(&event, 0, sizeof(event));
|
|
event.se_assoc_id = 0;
|
|
event.se_type = SCTP_AUTHENTICATION_EVENT;
|
|
event.se_on = 1;
|
|
ret =
|
|
setsockopt(fd, IPPROTO_SCTP, SCTP_EVENT, &event,
|
|
sizeof(struct sctp_event));
|
|
if (ret < 0) {
|
|
BIO_vfree(bio);
|
|
return NULL;
|
|
}
|
|
# else
|
|
sockopt_len = (socklen_t) sizeof(struct sctp_event_subscribe);
|
|
ret = getsockopt(fd, IPPROTO_SCTP, SCTP_EVENTS, &event, &sockopt_len);
|
|
if (ret < 0) {
|
|
BIO_vfree(bio);
|
|
return NULL;
|
|
}
|
|
|
|
event.sctp_authentication_event = 1;
|
|
|
|
ret =
|
|
setsockopt(fd, IPPROTO_SCTP, SCTP_EVENTS, &event,
|
|
sizeof(struct sctp_event_subscribe));
|
|
if (ret < 0) {
|
|
BIO_vfree(bio);
|
|
return NULL;
|
|
}
|
|
# endif
|
|
# endif
|
|
|
|
/*
|
|
* Disable partial delivery by setting the min size larger than the max
|
|
* record size of 2^14 + 2048 + 13
|
|
*/
|
|
ret =
|
|
setsockopt(fd, IPPROTO_SCTP, SCTP_PARTIAL_DELIVERY_POINT, &optval,
|
|
sizeof(optval));
|
|
if (ret < 0) {
|
|
BIO_vfree(bio);
|
|
return NULL;
|
|
}
|
|
|
|
return bio;
|
|
}
|
|
|
|
int BIO_dgram_is_sctp(BIO *bio)
|
|
{
|
|
return (BIO_method_type(bio) == BIO_TYPE_DGRAM_SCTP);
|
|
}
|
|
|
|
static int dgram_sctp_new(BIO *bi)
|
|
{
|
|
bio_dgram_sctp_data *data = NULL;
|
|
|
|
bi->init = 0;
|
|
bi->num = 0;
|
|
if ((data = OPENSSL_zalloc(sizeof(*data))) == NULL) {
|
|
ERR_raise(ERR_LIB_BIO, ERR_R_MALLOC_FAILURE);
|
|
return 0;
|
|
}
|
|
# ifdef SCTP_PR_SCTP_NONE
|
|
data->prinfo.pr_policy = SCTP_PR_SCTP_NONE;
|
|
# endif
|
|
bi->ptr = data;
|
|
|
|
bi->flags = 0;
|
|
return 1;
|
|
}
|
|
|
|
static int dgram_sctp_free(BIO *a)
|
|
{
|
|
bio_dgram_sctp_data *data;
|
|
|
|
if (a == NULL)
|
|
return 0;
|
|
if (!dgram_clear(a))
|
|
return 0;
|
|
|
|
data = (bio_dgram_sctp_data *) a->ptr;
|
|
if (data != NULL)
|
|
OPENSSL_free(data);
|
|
|
|
return 1;
|
|
}
|
|
|
|
# ifdef SCTP_AUTHENTICATION_EVENT
|
|
void dgram_sctp_handle_auth_free_key_event(BIO *b,
|
|
union sctp_notification *snp)
|
|
{
|
|
int ret;
|
|
struct sctp_authkey_event *authkeyevent = &snp->sn_auth_event;
|
|
|
|
if (authkeyevent->auth_indication == SCTP_AUTH_FREE_KEY) {
|
|
struct sctp_authkeyid authkeyid;
|
|
|
|
/* delete key */
|
|
authkeyid.scact_keynumber = authkeyevent->auth_keynumber;
|
|
ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_DELETE_KEY,
|
|
&authkeyid, sizeof(struct sctp_authkeyid));
|
|
}
|
|
}
|
|
# endif
|
|
|
|
static int dgram_sctp_read(BIO *b, char *out, int outl)
|
|
{
|
|
int ret = 0, n = 0, i, optval;
|
|
socklen_t optlen;
|
|
bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr;
|
|
struct msghdr msg;
|
|
struct iovec iov;
|
|
struct cmsghdr *cmsg;
|
|
char cmsgbuf[512];
|
|
|
|
if (out != NULL) {
|
|
clear_socket_error();
|
|
|
|
do {
|
|
memset(&data->rcvinfo, 0, sizeof(data->rcvinfo));
|
|
iov.iov_base = out;
|
|
iov.iov_len = outl;
|
|
msg.msg_name = NULL;
|
|
msg.msg_namelen = 0;
|
|
msg.msg_iov = &iov;
|
|
msg.msg_iovlen = 1;
|
|
msg.msg_control = cmsgbuf;
|
|
msg.msg_controllen = 512;
|
|
msg.msg_flags = 0;
|
|
n = recvmsg(b->num, &msg, 0);
|
|
|
|
if (n <= 0) {
|
|
if (n < 0)
|
|
ret = n;
|
|
break;
|
|
}
|
|
|
|
if (msg.msg_controllen > 0) {
|
|
for (cmsg = CMSG_FIRSTHDR(&msg); cmsg;
|
|
cmsg = CMSG_NXTHDR(&msg, cmsg)) {
|
|
if (cmsg->cmsg_level != IPPROTO_SCTP)
|
|
continue;
|
|
# ifdef SCTP_RCVINFO
|
|
if (cmsg->cmsg_type == SCTP_RCVINFO) {
|
|
struct sctp_rcvinfo *rcvinfo;
|
|
|
|
rcvinfo = (struct sctp_rcvinfo *)CMSG_DATA(cmsg);
|
|
data->rcvinfo.rcv_sid = rcvinfo->rcv_sid;
|
|
data->rcvinfo.rcv_ssn = rcvinfo->rcv_ssn;
|
|
data->rcvinfo.rcv_flags = rcvinfo->rcv_flags;
|
|
data->rcvinfo.rcv_ppid = rcvinfo->rcv_ppid;
|
|
data->rcvinfo.rcv_tsn = rcvinfo->rcv_tsn;
|
|
data->rcvinfo.rcv_cumtsn = rcvinfo->rcv_cumtsn;
|
|
data->rcvinfo.rcv_context = rcvinfo->rcv_context;
|
|
}
|
|
# endif
|
|
# ifdef SCTP_SNDRCV
|
|
if (cmsg->cmsg_type == SCTP_SNDRCV) {
|
|
struct sctp_sndrcvinfo *sndrcvinfo;
|
|
|
|
sndrcvinfo =
|
|
(struct sctp_sndrcvinfo *)CMSG_DATA(cmsg);
|
|
data->rcvinfo.rcv_sid = sndrcvinfo->sinfo_stream;
|
|
data->rcvinfo.rcv_ssn = sndrcvinfo->sinfo_ssn;
|
|
data->rcvinfo.rcv_flags = sndrcvinfo->sinfo_flags;
|
|
data->rcvinfo.rcv_ppid = sndrcvinfo->sinfo_ppid;
|
|
data->rcvinfo.rcv_tsn = sndrcvinfo->sinfo_tsn;
|
|
data->rcvinfo.rcv_cumtsn = sndrcvinfo->sinfo_cumtsn;
|
|
data->rcvinfo.rcv_context = sndrcvinfo->sinfo_context;
|
|
}
|
|
# endif
|
|
}
|
|
}
|
|
|
|
if (msg.msg_flags & MSG_NOTIFICATION) {
|
|
union sctp_notification snp;
|
|
|
|
memcpy(&snp, out, sizeof(snp));
|
|
if (snp.sn_header.sn_type == SCTP_SENDER_DRY_EVENT) {
|
|
# ifdef SCTP_EVENT
|
|
struct sctp_event event;
|
|
# else
|
|
struct sctp_event_subscribe event;
|
|
socklen_t eventsize;
|
|
# endif
|
|
|
|
/* disable sender dry event */
|
|
# ifdef SCTP_EVENT
|
|
memset(&event, 0, sizeof(event));
|
|
event.se_assoc_id = 0;
|
|
event.se_type = SCTP_SENDER_DRY_EVENT;
|
|
event.se_on = 0;
|
|
i = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENT, &event,
|
|
sizeof(struct sctp_event));
|
|
if (i < 0) {
|
|
ret = i;
|
|
break;
|
|
}
|
|
# else
|
|
eventsize = sizeof(struct sctp_event_subscribe);
|
|
i = getsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event,
|
|
&eventsize);
|
|
if (i < 0) {
|
|
ret = i;
|
|
break;
|
|
}
|
|
|
|
event.sctp_sender_dry_event = 0;
|
|
|
|
i = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event,
|
|
sizeof(struct sctp_event_subscribe));
|
|
if (i < 0) {
|
|
ret = i;
|
|
break;
|
|
}
|
|
# endif
|
|
}
|
|
# ifdef SCTP_AUTHENTICATION_EVENT
|
|
if (snp.sn_header.sn_type == SCTP_AUTHENTICATION_EVENT)
|
|
dgram_sctp_handle_auth_free_key_event(b, &snp);
|
|
# endif
|
|
|
|
if (data->handle_notifications != NULL)
|
|
data->handle_notifications(b, data->notification_context,
|
|
(void *)out);
|
|
|
|
memset(&snp, 0, sizeof(snp));
|
|
memset(out, 0, outl);
|
|
} else {
|
|
ret += n;
|
|
}
|
|
}
|
|
while ((msg.msg_flags & MSG_NOTIFICATION) && (msg.msg_flags & MSG_EOR)
|
|
&& (ret < outl));
|
|
|
|
if (ret > 0 && !(msg.msg_flags & MSG_EOR)) {
|
|
/* Partial message read, this should never happen! */
|
|
|
|
/*
|
|
* The buffer was too small, this means the peer sent a message
|
|
* that was larger than allowed.
|
|
*/
|
|
if (ret == outl)
|
|
return -1;
|
|
|
|
/*
|
|
* Test if socket buffer can handle max record size (2^14 + 2048
|
|
* + 13)
|
|
*/
|
|
optlen = (socklen_t) sizeof(int);
|
|
ret = getsockopt(b->num, SOL_SOCKET, SO_RCVBUF, &optval, &optlen);
|
|
if (ret >= 0)
|
|
OPENSSL_assert(optval >= 18445);
|
|
|
|
/*
|
|
* Test if SCTP doesn't partially deliver below max record size
|
|
* (2^14 + 2048 + 13)
|
|
*/
|
|
optlen = (socklen_t) sizeof(int);
|
|
ret =
|
|
getsockopt(b->num, IPPROTO_SCTP, SCTP_PARTIAL_DELIVERY_POINT,
|
|
&optval, &optlen);
|
|
if (ret >= 0)
|
|
OPENSSL_assert(optval >= 18445);
|
|
|
|
/*
|
|
* Partially delivered notification??? Probably a bug....
|
|
*/
|
|
OPENSSL_assert(!(msg.msg_flags & MSG_NOTIFICATION));
|
|
|
|
/*
|
|
* Everything seems ok till now, so it's most likely a message
|
|
* dropped by PR-SCTP.
|
|
*/
|
|
memset(out, 0, outl);
|
|
BIO_set_retry_read(b);
|
|
return -1;
|
|
}
|
|
|
|
BIO_clear_retry_flags(b);
|
|
if (ret < 0) {
|
|
if (BIO_dgram_should_retry(ret)) {
|
|
BIO_set_retry_read(b);
|
|
data->_errno = get_last_socket_error();
|
|
}
|
|
}
|
|
|
|
/* Test if peer uses SCTP-AUTH before continuing */
|
|
if (!data->peer_auth_tested) {
|
|
int ii, auth_data = 0, auth_forward = 0;
|
|
unsigned char *p;
|
|
struct sctp_authchunks *authchunks;
|
|
|
|
optlen =
|
|
(socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t));
|
|
authchunks = OPENSSL_malloc(optlen);
|
|
if (authchunks == NULL) {
|
|
ERR_raise(ERR_LIB_BIO, ERR_R_MALLOC_FAILURE);
|
|
return -1;
|
|
}
|
|
memset(authchunks, 0, optlen);
|
|
ii = getsockopt(b->num, IPPROTO_SCTP, SCTP_PEER_AUTH_CHUNKS,
|
|
authchunks, &optlen);
|
|
|
|
if (ii >= 0)
|
|
for (p = (unsigned char *)authchunks->gauth_chunks;
|
|
p < (unsigned char *)authchunks + optlen;
|
|
p += sizeof(uint8_t)) {
|
|
if (*p == OPENSSL_SCTP_DATA_CHUNK_TYPE)
|
|
auth_data = 1;
|
|
if (*p == OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE)
|
|
auth_forward = 1;
|
|
}
|
|
|
|
OPENSSL_free(authchunks);
|
|
|
|
if (!auth_data || !auth_forward) {
|
|
ERR_raise(ERR_LIB_BIO, BIO_R_CONNECT_ERROR);
|
|
return -1;
|
|
}
|
|
|
|
data->peer_auth_tested = 1;
|
|
}
|
|
}
|
|
return ret;
|
|
}
|
|
|
|
/*
|
|
* dgram_sctp_write - send message on SCTP socket
|
|
* @b: BIO to write to
|
|
* @in: data to send
|
|
* @inl: amount of bytes in @in to send
|
|
*
|
|
* Returns -1 on error or the sent amount of bytes on success
|
|
*/
|
|
static int dgram_sctp_write(BIO *b, const char *in, int inl)
|
|
{
|
|
int ret;
|
|
bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr;
|
|
struct bio_dgram_sctp_sndinfo *sinfo = &(data->sndinfo);
|
|
struct bio_dgram_sctp_prinfo *pinfo = &(data->prinfo);
|
|
struct bio_dgram_sctp_sndinfo handshake_sinfo;
|
|
struct iovec iov[1];
|
|
struct msghdr msg;
|
|
struct cmsghdr *cmsg;
|
|
# if defined(SCTP_SNDINFO) && defined(SCTP_PRINFO)
|
|
char cmsgbuf[CMSG_SPACE(sizeof(struct sctp_sndinfo)) +
|
|
CMSG_SPACE(sizeof(struct sctp_prinfo))];
|
|
struct sctp_sndinfo *sndinfo;
|
|
struct sctp_prinfo *prinfo;
|
|
# else
|
|
char cmsgbuf[CMSG_SPACE(sizeof(struct sctp_sndrcvinfo))];
|
|
struct sctp_sndrcvinfo *sndrcvinfo;
|
|
# endif
|
|
|
|
clear_socket_error();
|
|
|
|
/*
|
|
* If we're send anything else than application data, disable all user
|
|
* parameters and flags.
|
|
*/
|
|
if (in[0] != 23) {
|
|
memset(&handshake_sinfo, 0, sizeof(handshake_sinfo));
|
|
# ifdef SCTP_SACK_IMMEDIATELY
|
|
handshake_sinfo.snd_flags = SCTP_SACK_IMMEDIATELY;
|
|
# endif
|
|
sinfo = &handshake_sinfo;
|
|
}
|
|
|
|
/* We can only send a shutdown alert if the socket is dry */
|
|
if (data->save_shutdown) {
|
|
ret = BIO_dgram_sctp_wait_for_dry(b);
|
|
if (ret < 0)
|
|
return -1;
|
|
if (ret == 0) {
|
|
BIO_clear_retry_flags(b);
|
|
BIO_set_retry_write(b);
|
|
return -1;
|
|
}
|
|
}
|
|
|
|
iov[0].iov_base = (char *)in;
|
|
iov[0].iov_len = inl;
|
|
msg.msg_name = NULL;
|
|
msg.msg_namelen = 0;
|
|
msg.msg_iov = iov;
|
|
msg.msg_iovlen = 1;
|
|
msg.msg_control = (caddr_t) cmsgbuf;
|
|
msg.msg_controllen = 0;
|
|
msg.msg_flags = 0;
|
|
# if defined(SCTP_SNDINFO) && defined(SCTP_PRINFO)
|
|
cmsg = (struct cmsghdr *)cmsgbuf;
|
|
cmsg->cmsg_level = IPPROTO_SCTP;
|
|
cmsg->cmsg_type = SCTP_SNDINFO;
|
|
cmsg->cmsg_len = CMSG_LEN(sizeof(struct sctp_sndinfo));
|
|
sndinfo = (struct sctp_sndinfo *)CMSG_DATA(cmsg);
|
|
memset(sndinfo, 0, sizeof(*sndinfo));
|
|
sndinfo->snd_sid = sinfo->snd_sid;
|
|
sndinfo->snd_flags = sinfo->snd_flags;
|
|
sndinfo->snd_ppid = sinfo->snd_ppid;
|
|
sndinfo->snd_context = sinfo->snd_context;
|
|
msg.msg_controllen += CMSG_SPACE(sizeof(struct sctp_sndinfo));
|
|
|
|
cmsg =
|
|
(struct cmsghdr *)&cmsgbuf[CMSG_SPACE(sizeof(struct sctp_sndinfo))];
|
|
cmsg->cmsg_level = IPPROTO_SCTP;
|
|
cmsg->cmsg_type = SCTP_PRINFO;
|
|
cmsg->cmsg_len = CMSG_LEN(sizeof(struct sctp_prinfo));
|
|
prinfo = (struct sctp_prinfo *)CMSG_DATA(cmsg);
|
|
memset(prinfo, 0, sizeof(*prinfo));
|
|
prinfo->pr_policy = pinfo->pr_policy;
|
|
prinfo->pr_value = pinfo->pr_value;
|
|
msg.msg_controllen += CMSG_SPACE(sizeof(struct sctp_prinfo));
|
|
# else
|
|
cmsg = (struct cmsghdr *)cmsgbuf;
|
|
cmsg->cmsg_level = IPPROTO_SCTP;
|
|
cmsg->cmsg_type = SCTP_SNDRCV;
|
|
cmsg->cmsg_len = CMSG_LEN(sizeof(struct sctp_sndrcvinfo));
|
|
sndrcvinfo = (struct sctp_sndrcvinfo *)CMSG_DATA(cmsg);
|
|
memset(sndrcvinfo, 0, sizeof(*sndrcvinfo));
|
|
sndrcvinfo->sinfo_stream = sinfo->snd_sid;
|
|
sndrcvinfo->sinfo_flags = sinfo->snd_flags;
|
|
# ifdef __FreeBSD__
|
|
sndrcvinfo->sinfo_flags |= pinfo->pr_policy;
|
|
# endif
|
|
sndrcvinfo->sinfo_ppid = sinfo->snd_ppid;
|
|
sndrcvinfo->sinfo_context = sinfo->snd_context;
|
|
sndrcvinfo->sinfo_timetolive = pinfo->pr_value;
|
|
msg.msg_controllen += CMSG_SPACE(sizeof(struct sctp_sndrcvinfo));
|
|
# endif
|
|
|
|
ret = sendmsg(b->num, &msg, 0);
|
|
|
|
BIO_clear_retry_flags(b);
|
|
if (ret <= 0) {
|
|
if (BIO_dgram_should_retry(ret)) {
|
|
BIO_set_retry_write(b);
|
|
data->_errno = get_last_socket_error();
|
|
}
|
|
}
|
|
return ret;
|
|
}
|
|
|
|
static long dgram_sctp_ctrl(BIO *b, int cmd, long num, void *ptr)
|
|
{
|
|
long ret = 1;
|
|
bio_dgram_sctp_data *data = NULL;
|
|
socklen_t sockopt_len = 0;
|
|
struct sctp_authkeyid authkeyid;
|
|
struct sctp_authkey *authkey = NULL;
|
|
|
|
data = (bio_dgram_sctp_data *) b->ptr;
|
|
|
|
switch (cmd) {
|
|
case BIO_CTRL_DGRAM_QUERY_MTU:
|
|
/*
|
|
* Set to maximum (2^14) and ignore user input to enable transport
|
|
* protocol fragmentation. Returns always 2^14.
|
|
*/
|
|
data->mtu = 16384;
|
|
ret = data->mtu;
|
|
break;
|
|
case BIO_CTRL_DGRAM_SET_MTU:
|
|
/*
|
|
* Set to maximum (2^14) and ignore input to enable transport
|
|
* protocol fragmentation. Returns always 2^14.
|
|
*/
|
|
data->mtu = 16384;
|
|
ret = data->mtu;
|
|
break;
|
|
case BIO_CTRL_DGRAM_SET_CONNECTED:
|
|
case BIO_CTRL_DGRAM_CONNECT:
|
|
/* Returns always -1. */
|
|
ret = -1;
|
|
break;
|
|
case BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT:
|
|
/*
|
|
* SCTP doesn't need the DTLS timer Returns always 1.
|
|
*/
|
|
break;
|
|
case BIO_CTRL_DGRAM_GET_MTU_OVERHEAD:
|
|
/*
|
|
* We allow transport protocol fragmentation so this is irrelevant
|
|
*/
|
|
ret = 0;
|
|
break;
|
|
case BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE:
|
|
if (num > 0)
|
|
data->in_handshake = 1;
|
|
else
|
|
data->in_handshake = 0;
|
|
|
|
ret =
|
|
setsockopt(b->num, IPPROTO_SCTP, SCTP_NODELAY,
|
|
&data->in_handshake, sizeof(int));
|
|
break;
|
|
case BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY:
|
|
/*
|
|
* New shared key for SCTP AUTH. Returns 0 on success, -1 otherwise.
|
|
*/
|
|
|
|
/* Get active key */
|
|
sockopt_len = sizeof(struct sctp_authkeyid);
|
|
ret =
|
|
getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, &authkeyid,
|
|
&sockopt_len);
|
|
if (ret < 0)
|
|
break;
|
|
|
|
/* Add new key */
|
|
sockopt_len = sizeof(struct sctp_authkey) + 64 * sizeof(uint8_t);
|
|
authkey = OPENSSL_malloc(sockopt_len);
|
|
if (authkey == NULL) {
|
|
ret = -1;
|
|
break;
|
|
}
|
|
memset(authkey, 0, sockopt_len);
|
|
authkey->sca_keynumber = authkeyid.scact_keynumber + 1;
|
|
# ifndef __FreeBSD__
|
|
/*
|
|
* This field is missing in FreeBSD 8.2 and earlier, and FreeBSD 8.3
|
|
* and higher work without it.
|
|
*/
|
|
authkey->sca_keylength = 64;
|
|
# endif
|
|
memcpy(&authkey->sca_key[0], ptr, 64 * sizeof(uint8_t));
|
|
|
|
ret =
|
|
setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_KEY, authkey,
|
|
sockopt_len);
|
|
OPENSSL_free(authkey);
|
|
authkey = NULL;
|
|
if (ret < 0)
|
|
break;
|
|
|
|
/* Reset active key */
|
|
ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY,
|
|
&authkeyid, sizeof(struct sctp_authkeyid));
|
|
if (ret < 0)
|
|
break;
|
|
|
|
break;
|
|
case BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY:
|
|
/* Returns 0 on success, -1 otherwise. */
|
|
|
|
/* Get active key */
|
|
sockopt_len = sizeof(struct sctp_authkeyid);
|
|
ret =
|
|
getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, &authkeyid,
|
|
&sockopt_len);
|
|
if (ret < 0)
|
|
break;
|
|
|
|
/* Set active key */
|
|
authkeyid.scact_keynumber = authkeyid.scact_keynumber + 1;
|
|
ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY,
|
|
&authkeyid, sizeof(struct sctp_authkeyid));
|
|
if (ret < 0)
|
|
break;
|
|
|
|
/*
|
|
* CCS has been sent, so remember that and fall through to check if
|
|
* we need to deactivate an old key
|
|
*/
|
|
data->ccs_sent = 1;
|
|
/* fall-through */
|
|
|
|
case BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD:
|
|
/* Returns 0 on success, -1 otherwise. */
|
|
|
|
/*
|
|
* Has this command really been called or is this just a
|
|
* fall-through?
|
|
*/
|
|
if (cmd == BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD)
|
|
data->ccs_rcvd = 1;
|
|
|
|
/*
|
|
* CSS has been both, received and sent, so deactivate an old key
|
|
*/
|
|
if (data->ccs_rcvd == 1 && data->ccs_sent == 1) {
|
|
/* Get active key */
|
|
sockopt_len = sizeof(struct sctp_authkeyid);
|
|
ret =
|
|
getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY,
|
|
&authkeyid, &sockopt_len);
|
|
if (ret < 0)
|
|
break;
|
|
|
|
/*
|
|
* Deactivate key or delete second last key if
|
|
* SCTP_AUTHENTICATION_EVENT is not available.
|
|
*/
|
|
authkeyid.scact_keynumber = authkeyid.scact_keynumber - 1;
|
|
# ifdef SCTP_AUTH_DEACTIVATE_KEY
|
|
sockopt_len = sizeof(struct sctp_authkeyid);
|
|
ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_DEACTIVATE_KEY,
|
|
&authkeyid, sockopt_len);
|
|
if (ret < 0)
|
|
break;
|
|
# endif
|
|
# ifndef SCTP_AUTHENTICATION_EVENT
|
|
if (authkeyid.scact_keynumber > 0) {
|
|
authkeyid.scact_keynumber = authkeyid.scact_keynumber - 1;
|
|
ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_DELETE_KEY,
|
|
&authkeyid, sizeof(struct sctp_authkeyid));
|
|
if (ret < 0)
|
|
break;
|
|
}
|
|
# endif
|
|
|
|
data->ccs_rcvd = 0;
|
|
data->ccs_sent = 0;
|
|
}
|
|
break;
|
|
case BIO_CTRL_DGRAM_SCTP_GET_SNDINFO:
|
|
/* Returns the size of the copied struct. */
|
|
if (num > (long)sizeof(struct bio_dgram_sctp_sndinfo))
|
|
num = sizeof(struct bio_dgram_sctp_sndinfo);
|
|
|
|
memcpy(ptr, &(data->sndinfo), num);
|
|
ret = num;
|
|
break;
|
|
case BIO_CTRL_DGRAM_SCTP_SET_SNDINFO:
|
|
/* Returns the size of the copied struct. */
|
|
if (num > (long)sizeof(struct bio_dgram_sctp_sndinfo))
|
|
num = sizeof(struct bio_dgram_sctp_sndinfo);
|
|
|
|
memcpy(&(data->sndinfo), ptr, num);
|
|
break;
|
|
case BIO_CTRL_DGRAM_SCTP_GET_RCVINFO:
|
|
/* Returns the size of the copied struct. */
|
|
if (num > (long)sizeof(struct bio_dgram_sctp_rcvinfo))
|
|
num = sizeof(struct bio_dgram_sctp_rcvinfo);
|
|
|
|
memcpy(ptr, &data->rcvinfo, num);
|
|
|
|
ret = num;
|
|
break;
|
|
case BIO_CTRL_DGRAM_SCTP_SET_RCVINFO:
|
|
/* Returns the size of the copied struct. */
|
|
if (num > (long)sizeof(struct bio_dgram_sctp_rcvinfo))
|
|
num = sizeof(struct bio_dgram_sctp_rcvinfo);
|
|
|
|
memcpy(&(data->rcvinfo), ptr, num);
|
|
break;
|
|
case BIO_CTRL_DGRAM_SCTP_GET_PRINFO:
|
|
/* Returns the size of the copied struct. */
|
|
if (num > (long)sizeof(struct bio_dgram_sctp_prinfo))
|
|
num = sizeof(struct bio_dgram_sctp_prinfo);
|
|
|
|
memcpy(ptr, &(data->prinfo), num);
|
|
ret = num;
|
|
break;
|
|
case BIO_CTRL_DGRAM_SCTP_SET_PRINFO:
|
|
/* Returns the size of the copied struct. */
|
|
if (num > (long)sizeof(struct bio_dgram_sctp_prinfo))
|
|
num = sizeof(struct bio_dgram_sctp_prinfo);
|
|
|
|
memcpy(&(data->prinfo), ptr, num);
|
|
break;
|
|
case BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN:
|
|
/* Returns always 1. */
|
|
if (num > 0)
|
|
data->save_shutdown = 1;
|
|
else
|
|
data->save_shutdown = 0;
|
|
break;
|
|
case BIO_CTRL_DGRAM_SCTP_WAIT_FOR_DRY:
|
|
return dgram_sctp_wait_for_dry(b);
|
|
case BIO_CTRL_DGRAM_SCTP_MSG_WAITING:
|
|
return dgram_sctp_msg_waiting(b);
|
|
|
|
default:
|
|
/*
|
|
* Pass to default ctrl function to process SCTP unspecific commands
|
|
*/
|
|
ret = dgram_ctrl(b, cmd, num, ptr);
|
|
break;
|
|
}
|
|
return ret;
|
|
}
|
|
|
|
int BIO_dgram_sctp_notification_cb(BIO *b,
|
|
BIO_dgram_sctp_notification_handler_fn handle_notifications,
|
|
void *context)
|
|
{
|
|
bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr;
|
|
|
|
if (handle_notifications != NULL) {
|
|
data->handle_notifications = handle_notifications;
|
|
data->notification_context = context;
|
|
} else
|
|
return -1;
|
|
|
|
return 0;
|
|
}
|
|
|
|
/*
|
|
* BIO_dgram_sctp_wait_for_dry - Wait for SCTP SENDER_DRY event
|
|
* @b: The BIO to check for the dry event
|
|
*
|
|
* Wait until the peer confirms all packets have been received, and so that
|
|
* our kernel doesn't have anything to send anymore. This is only received by
|
|
* the peer's kernel, not the application.
|
|
*
|
|
* Returns:
|
|
* -1 on error
|
|
* 0 when not dry yet
|
|
* 1 when dry
|
|
*/
|
|
int BIO_dgram_sctp_wait_for_dry(BIO *b)
|
|
{
|
|
return (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SCTP_WAIT_FOR_DRY, 0, NULL);
|
|
}
|
|
|
|
static int dgram_sctp_wait_for_dry(BIO *b)
|
|
{
|
|
int is_dry = 0;
|
|
int sockflags = 0;
|
|
int n, ret;
|
|
union sctp_notification snp;
|
|
struct msghdr msg;
|
|
struct iovec iov;
|
|
# ifdef SCTP_EVENT
|
|
struct sctp_event event;
|
|
# else
|
|
struct sctp_event_subscribe event;
|
|
socklen_t eventsize;
|
|
# endif
|
|
bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr;
|
|
|
|
/* set sender dry event */
|
|
# ifdef SCTP_EVENT
|
|
memset(&event, 0, sizeof(event));
|
|
event.se_assoc_id = 0;
|
|
event.se_type = SCTP_SENDER_DRY_EVENT;
|
|
event.se_on = 1;
|
|
ret =
|
|
setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENT, &event,
|
|
sizeof(struct sctp_event));
|
|
# else
|
|
eventsize = sizeof(struct sctp_event_subscribe);
|
|
ret = getsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, &eventsize);
|
|
if (ret < 0)
|
|
return -1;
|
|
|
|
event.sctp_sender_dry_event = 1;
|
|
|
|
ret =
|
|
setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event,
|
|
sizeof(struct sctp_event_subscribe));
|
|
# endif
|
|
if (ret < 0)
|
|
return -1;
|
|
|
|
/* peek for notification */
|
|
memset(&snp, 0, sizeof(snp));
|
|
iov.iov_base = (char *)&snp;
|
|
iov.iov_len = sizeof(union sctp_notification);
|
|
msg.msg_name = NULL;
|
|
msg.msg_namelen = 0;
|
|
msg.msg_iov = &iov;
|
|
msg.msg_iovlen = 1;
|
|
msg.msg_control = NULL;
|
|
msg.msg_controllen = 0;
|
|
msg.msg_flags = 0;
|
|
|
|
n = recvmsg(b->num, &msg, MSG_PEEK);
|
|
if (n <= 0) {
|
|
if ((n < 0) && (get_last_socket_error() != EAGAIN)
|
|
&& (get_last_socket_error() != EWOULDBLOCK))
|
|
return -1;
|
|
else
|
|
return 0;
|
|
}
|
|
|
|
/* if we find a notification, process it and try again if necessary */
|
|
while (msg.msg_flags & MSG_NOTIFICATION) {
|
|
memset(&snp, 0, sizeof(snp));
|
|
iov.iov_base = (char *)&snp;
|
|
iov.iov_len = sizeof(union sctp_notification);
|
|
msg.msg_name = NULL;
|
|
msg.msg_namelen = 0;
|
|
msg.msg_iov = &iov;
|
|
msg.msg_iovlen = 1;
|
|
msg.msg_control = NULL;
|
|
msg.msg_controllen = 0;
|
|
msg.msg_flags = 0;
|
|
|
|
n = recvmsg(b->num, &msg, 0);
|
|
if (n <= 0) {
|
|
if ((n < 0) && (get_last_socket_error() != EAGAIN)
|
|
&& (get_last_socket_error() != EWOULDBLOCK))
|
|
return -1;
|
|
else
|
|
return is_dry;
|
|
}
|
|
|
|
if (snp.sn_header.sn_type == SCTP_SENDER_DRY_EVENT) {
|
|
is_dry = 1;
|
|
|
|
/* disable sender dry event */
|
|
# ifdef SCTP_EVENT
|
|
memset(&event, 0, sizeof(event));
|
|
event.se_assoc_id = 0;
|
|
event.se_type = SCTP_SENDER_DRY_EVENT;
|
|
event.se_on = 0;
|
|
ret =
|
|
setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENT, &event,
|
|
sizeof(struct sctp_event));
|
|
# else
|
|
eventsize = (socklen_t) sizeof(struct sctp_event_subscribe);
|
|
ret =
|
|
getsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event,
|
|
&eventsize);
|
|
if (ret < 0)
|
|
return -1;
|
|
|
|
event.sctp_sender_dry_event = 0;
|
|
|
|
ret =
|
|
setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event,
|
|
sizeof(struct sctp_event_subscribe));
|
|
# endif
|
|
if (ret < 0)
|
|
return -1;
|
|
}
|
|
# ifdef SCTP_AUTHENTICATION_EVENT
|
|
if (snp.sn_header.sn_type == SCTP_AUTHENTICATION_EVENT)
|
|
dgram_sctp_handle_auth_free_key_event(b, &snp);
|
|
# endif
|
|
|
|
if (data->handle_notifications != NULL)
|
|
data->handle_notifications(b, data->notification_context,
|
|
(void *)&snp);
|
|
|
|
/* found notification, peek again */
|
|
memset(&snp, 0, sizeof(snp));
|
|
iov.iov_base = (char *)&snp;
|
|
iov.iov_len = sizeof(union sctp_notification);
|
|
msg.msg_name = NULL;
|
|
msg.msg_namelen = 0;
|
|
msg.msg_iov = &iov;
|
|
msg.msg_iovlen = 1;
|
|
msg.msg_control = NULL;
|
|
msg.msg_controllen = 0;
|
|
msg.msg_flags = 0;
|
|
|
|
/* if we have seen the dry already, don't wait */
|
|
if (is_dry) {
|
|
sockflags = fcntl(b->num, F_GETFL, 0);
|
|
fcntl(b->num, F_SETFL, O_NONBLOCK);
|
|
}
|
|
|
|
n = recvmsg(b->num, &msg, MSG_PEEK);
|
|
|
|
if (is_dry) {
|
|
fcntl(b->num, F_SETFL, sockflags);
|
|
}
|
|
|
|
if (n <= 0) {
|
|
if ((n < 0) && (get_last_socket_error() != EAGAIN)
|
|
&& (get_last_socket_error() != EWOULDBLOCK))
|
|
return -1;
|
|
else
|
|
return is_dry;
|
|
}
|
|
}
|
|
|
|
/* read anything else */
|
|
return is_dry;
|
|
}
|
|
|
|
int BIO_dgram_sctp_msg_waiting(BIO *b)
|
|
{
|
|
return (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SCTP_MSG_WAITING, 0, NULL);
|
|
}
|
|
|
|
static int dgram_sctp_msg_waiting(BIO *b)
|
|
{
|
|
int n, sockflags;
|
|
union sctp_notification snp;
|
|
struct msghdr msg;
|
|
struct iovec iov;
|
|
bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr;
|
|
|
|
/* Check if there are any messages waiting to be read */
|
|
do {
|
|
memset(&snp, 0, sizeof(snp));
|
|
iov.iov_base = (char *)&snp;
|
|
iov.iov_len = sizeof(union sctp_notification);
|
|
msg.msg_name = NULL;
|
|
msg.msg_namelen = 0;
|
|
msg.msg_iov = &iov;
|
|
msg.msg_iovlen = 1;
|
|
msg.msg_control = NULL;
|
|
msg.msg_controllen = 0;
|
|
msg.msg_flags = 0;
|
|
|
|
sockflags = fcntl(b->num, F_GETFL, 0);
|
|
fcntl(b->num, F_SETFL, O_NONBLOCK);
|
|
n = recvmsg(b->num, &msg, MSG_PEEK);
|
|
fcntl(b->num, F_SETFL, sockflags);
|
|
|
|
/* if notification, process and try again */
|
|
if (n > 0 && (msg.msg_flags & MSG_NOTIFICATION)) {
|
|
# ifdef SCTP_AUTHENTICATION_EVENT
|
|
if (snp.sn_header.sn_type == SCTP_AUTHENTICATION_EVENT)
|
|
dgram_sctp_handle_auth_free_key_event(b, &snp);
|
|
# endif
|
|
|
|
memset(&snp, 0, sizeof(snp));
|
|
iov.iov_base = (char *)&snp;
|
|
iov.iov_len = sizeof(union sctp_notification);
|
|
msg.msg_name = NULL;
|
|
msg.msg_namelen = 0;
|
|
msg.msg_iov = &iov;
|
|
msg.msg_iovlen = 1;
|
|
msg.msg_control = NULL;
|
|
msg.msg_controllen = 0;
|
|
msg.msg_flags = 0;
|
|
n = recvmsg(b->num, &msg, 0);
|
|
|
|
if (data->handle_notifications != NULL)
|
|
data->handle_notifications(b, data->notification_context,
|
|
(void *)&snp);
|
|
}
|
|
|
|
} while (n > 0 && (msg.msg_flags & MSG_NOTIFICATION));
|
|
|
|
/* Return 1 if there is a message to be read, return 0 otherwise. */
|
|
if (n > 0)
|
|
return 1;
|
|
else
|
|
return 0;
|
|
}
|
|
|
|
static int dgram_sctp_puts(BIO *bp, const char *str)
|
|
{
|
|
int n, ret;
|
|
|
|
n = strlen(str);
|
|
ret = dgram_sctp_write(bp, str, n);
|
|
return ret;
|
|
}
|
|
# endif
|
|
|
|
static int BIO_dgram_should_retry(int i)
|
|
{
|
|
int err;
|
|
|
|
if ((i == 0) || (i == -1)) {
|
|
err = get_last_socket_error();
|
|
|
|
# if defined(OPENSSL_SYS_WINDOWS)
|
|
/*
|
|
* If the socket return value (i) is -1 and err is unexpectedly 0 at
|
|
* this point, the error code was overwritten by another system call
|
|
* before this error handling is called.
|
|
*/
|
|
# endif
|
|
|
|
return BIO_dgram_non_fatal_error(err);
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
int BIO_dgram_non_fatal_error(int err)
|
|
{
|
|
switch (err) {
|
|
# if defined(OPENSSL_SYS_WINDOWS)
|
|
# if defined(WSAEWOULDBLOCK)
|
|
case WSAEWOULDBLOCK:
|
|
# endif
|
|
# endif
|
|
|
|
# ifdef EWOULDBLOCK
|
|
# ifdef WSAEWOULDBLOCK
|
|
# if WSAEWOULDBLOCK != EWOULDBLOCK
|
|
case EWOULDBLOCK:
|
|
# endif
|
|
# else
|
|
case EWOULDBLOCK:
|
|
# endif
|
|
# endif
|
|
|
|
# ifdef EINTR
|
|
case EINTR:
|
|
# endif
|
|
|
|
# ifdef EAGAIN
|
|
# if EWOULDBLOCK != EAGAIN
|
|
case EAGAIN:
|
|
# endif
|
|
# endif
|
|
|
|
# ifdef EPROTO
|
|
case EPROTO:
|
|
# endif
|
|
|
|
# ifdef EINPROGRESS
|
|
case EINPROGRESS:
|
|
# endif
|
|
|
|
# ifdef EALREADY
|
|
case EALREADY:
|
|
# endif
|
|
|
|
return 1;
|
|
default:
|
|
break;
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
#endif
|