1 /*
2 * Copyright 2005-2026 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #ifndef _GNU_SOURCE
11 #define _GNU_SOURCE
12 #endif
13
14 #include <stdio.h>
15 #include <errno.h>
16
17 #include "internal/time.h"
18 #include "bio_local.h"
19 #ifndef OPENSSL_NO_DGRAM
20
21 #ifndef OPENSSL_NO_SCTP
22 #include <netinet/sctp.h>
23 #include <fcntl.h>
24 #define OPENSSL_SCTP_DATA_CHUNK_TYPE 0x00
25 #define OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE 0xc0
26 #endif
27
28 #if defined(OPENSSL_SYS_LINUX) && !defined(IP_MTU)
29 #define IP_MTU 14 /* linux is lame */
30 #endif
31
32 #if OPENSSL_USE_IPV6 && !defined(IPPROTO_IPV6)
33 #define IPPROTO_IPV6 41 /* windows is lame */
34 #endif
35
36 #if defined(__FreeBSD__) && defined(IN6_IS_ADDR_V4MAPPED)
37 /* Standard definition causes type-punning problems. */
38 #undef IN6_IS_ADDR_V4MAPPED
39 #define s6_addr32 __u6_addr.__u6_addr32
40 #define IN6_IS_ADDR_V4MAPPED(a) \
41 (((a)->s6_addr32[0] == 0) && ((a)->s6_addr32[1] == 0) && ((a)->s6_addr32[2] == htonl(0x0000ffff)))
42 #endif
43
44 /* Determine what method to use for BIO_sendmmsg and BIO_recvmmsg. */
45 #define M_METHOD_NONE 0
46 #define M_METHOD_RECVMMSG 1
47 #define M_METHOD_RECVMSG 2
48 #define M_METHOD_RECVFROM 3
49 #define M_METHOD_WSARECVMSG 4
50
51 #if defined(__GLIBC__) && defined(__GLIBC_PREREQ)
52 #if !(__GLIBC_PREREQ(2, 14))
53 #undef NO_RECVMMSG
54 /*
55 * Some old glibc versions may have recvmmsg and MSG_WAITFORONE flag, but
56 * not sendmmsg. We need both so force this to be disabled on these old
57 * versions
58 */
59 #define NO_RECVMMSG
60 #endif
61 #endif
62 #if defined(__GNU__)
63 /* GNU/Hurd does not have IP_PKTINFO yet */
64 #undef NO_RECVMSG
65 #define NO_RECVMSG
66 #endif
67 #if (defined(__ANDROID_API__) && __ANDROID_API__ < 21)
68 #undef NO_RECVMMSG
69 #define NO_RECVMMSG
70 #endif
71 #if defined(_AIX) && !defined(_AIX72)
72 /* AIX >= 7.2 provides sendmmsg() and recvmmsg(). */
73 #undef NO_RECVMMSG
74 #define NO_RECVMMSG
75 #endif
76 #if !defined(M_METHOD)
77 #if defined(OPENSSL_SYS_WINDOWS) && defined(BIO_HAVE_WSAMSG) && !defined(NO_WSARECVMSG)
78 #define M_METHOD M_METHOD_WSARECVMSG
79 #elif !defined(OPENSSL_SYS_WINDOWS) && defined(MSG_WAITFORONE) && !defined(NO_RECVMMSG)
80 #define M_METHOD M_METHOD_RECVMMSG
81 #elif !defined(OPENSSL_SYS_WINDOWS) && defined(CMSG_LEN) && !defined(NO_RECVMSG)
82 #define M_METHOD M_METHOD_RECVMSG
83 #elif !defined(NO_RECVFROM)
84 #define M_METHOD M_METHOD_RECVFROM
85 #else
86 #define M_METHOD M_METHOD_NONE
87 #endif
88 #endif
89
90 #if defined(OPENSSL_SYS_WINDOWS)
91 #define BIO_CMSG_SPACE(x) WSA_CMSG_SPACE(x)
92 #define BIO_CMSG_FIRSTHDR(x) WSA_CMSG_FIRSTHDR(x)
93 #define BIO_CMSG_NXTHDR(x, y) WSA_CMSG_NXTHDR(x, y)
94 #define BIO_CMSG_DATA(x) WSA_CMSG_DATA(x)
95 #define BIO_CMSG_LEN(x) WSA_CMSG_LEN(x)
96 #define MSGHDR_TYPE WSAMSG
97 #define CMSGHDR_TYPE WSACMSGHDR
98 #else
99 #define MSGHDR_TYPE struct msghdr
100 #define CMSGHDR_TYPE struct cmsghdr
101 #define BIO_CMSG_SPACE(x) CMSG_SPACE(x)
102 #define BIO_CMSG_FIRSTHDR(x) CMSG_FIRSTHDR(x)
103 #define BIO_CMSG_NXTHDR(x, y) CMSG_NXTHDR(x, y)
104 #define BIO_CMSG_DATA(x) CMSG_DATA(x)
105 #define BIO_CMSG_LEN(x) CMSG_LEN(x)
106 #endif
107
108 #if M_METHOD == M_METHOD_RECVMMSG \
109 || M_METHOD == M_METHOD_RECVMSG \
110 || M_METHOD == M_METHOD_WSARECVMSG
111 #if defined(__APPLE__)
112 /*
113 * CMSG_SPACE is not a constant expression on OSX even though POSIX
114 * says it's supposed to be. This should be adequate.
115 */
116 #define BIO_CMSG_ALLOC_LEN 64
117 #else
118 #if defined(IPV6_PKTINFO)
119 #define BIO_CMSG_ALLOC_LEN_1 BIO_CMSG_SPACE(sizeof(struct in6_pktinfo))
120 #else
121 #define BIO_CMSG_ALLOC_LEN_1 0
122 #endif
123 #if defined(IP_PKTINFO)
124 #define BIO_CMSG_ALLOC_LEN_2 BIO_CMSG_SPACE(sizeof(struct in_pktinfo))
125 #else
126 #define BIO_CMSG_ALLOC_LEN_2 0
127 #endif
128 #if defined(IP_RECVDSTADDR)
129 #define BIO_CMSG_ALLOC_LEN_3 BIO_CMSG_SPACE(sizeof(struct in_addr))
130 #else
131 #define BIO_CMSG_ALLOC_LEN_3 0
132 #endif
133 #define BIO_MAX(X, Y) ((X) > (Y) ? (X) : (Y))
134 #define BIO_CMSG_ALLOC_LEN \
135 BIO_MAX(BIO_CMSG_ALLOC_LEN_1, \
136 BIO_MAX(BIO_CMSG_ALLOC_LEN_2, BIO_CMSG_ALLOC_LEN_3))
137 #endif
138 /*
139 * Although AIX defines IP_RECVDSTADDR and IPV6_RECVPKTINFO, the
140 * implementation requires IP_PKTINFO to be available for AF_INET.
141 * For AF_INET6 there seem to be limitations how local addresses
142 * are handled on AIX. So, disable the support for now.
143 */
144 #if (defined(IP_PKTINFO) || defined(IP_RECVDSTADDR)) && defined(IPV6_RECVPKTINFO) \
145 && !defined(_AIX)
146 #define SUPPORT_LOCAL_ADDR
147 #endif
148 #endif
149
150 #define BIO_MSG_N(array, stride, n) (*(BIO_MSG *)((char *)(array) + (n) * (stride)))
151
152 static int dgram_write(BIO *h, const char *buf, int num);
153 static int dgram_read(BIO *h, char *buf, int size);
154 static int dgram_puts(BIO *h, const char *str);
155 static long dgram_ctrl(BIO *h, int cmd, long arg1, void *arg2);
156 static int dgram_new(BIO *h);
157 static int dgram_free(BIO *data);
158 static int dgram_clear(BIO *bio);
159 static int dgram_sendmmsg(BIO *b, BIO_MSG *msg,
160 size_t stride, size_t num_msg,
161 uint64_t flags, size_t *num_processed);
162 static int dgram_recvmmsg(BIO *b, BIO_MSG *msg,
163 size_t stride, size_t num_msg,
164 uint64_t flags, size_t *num_processed);
165
166 #ifndef OPENSSL_NO_SCTP
167 static int dgram_sctp_write(BIO *h, const char *buf, int num);
168 static int dgram_sctp_read(BIO *h, char *buf, int size);
169 static int dgram_sctp_puts(BIO *h, const char *str);
170 static long dgram_sctp_ctrl(BIO *h, int cmd, long arg1, void *arg2);
171 static int dgram_sctp_new(BIO *h);
172 static int dgram_sctp_free(BIO *data);
173 static int dgram_sctp_wait_for_dry(BIO *b);
174 static int dgram_sctp_msg_waiting(BIO *b);
175 #ifdef SCTP_AUTHENTICATION_EVENT
176 static void dgram_sctp_handle_auth_free_key_event(BIO *b, union sctp_notification *snp);
177 #endif
178 #endif
179
180 static int BIO_dgram_should_retry(int s);
181
182 static const BIO_METHOD methods_dgramp = {
183 BIO_TYPE_DGRAM,
184 "datagram socket",
185 bwrite_conv,
186 dgram_write,
187 bread_conv,
188 dgram_read,
189 dgram_puts,
190 NULL, /* dgram_gets, */
191 dgram_ctrl,
192 dgram_new,
193 dgram_free,
194 NULL, /* dgram_callback_ctrl */
195 dgram_sendmmsg,
196 dgram_recvmmsg,
197 };
198
199 #ifndef OPENSSL_NO_SCTP
200 static const BIO_METHOD methods_dgramp_sctp = {
201 BIO_TYPE_DGRAM_SCTP,
202 "datagram sctp socket",
203 bwrite_conv,
204 dgram_sctp_write,
205 bread_conv,
206 dgram_sctp_read,
207 dgram_sctp_puts,
208 NULL, /* dgram_gets, */
209 dgram_sctp_ctrl,
210 dgram_sctp_new,
211 dgram_sctp_free,
212 NULL, /* dgram_callback_ctrl */
213 NULL, /* sendmmsg */
214 NULL, /* recvmmsg */
215 };
216 #endif
217
218 typedef struct bio_dgram_data_st {
219 BIO_ADDR peer;
220 BIO_ADDR local_addr;
221 unsigned int connected;
222 unsigned int _errno;
223 unsigned int mtu;
224 OSSL_TIME next_timeout;
225 OSSL_TIME socket_timeout;
226 unsigned int peekmode;
227 char local_addr_enabled;
228 } bio_dgram_data;
229
230 #ifndef OPENSSL_NO_SCTP
231 typedef struct bio_dgram_sctp_save_message_st {
232 BIO *bio;
233 char *data;
234 int length;
235 } bio_dgram_sctp_save_message;
236
237 /*
238 * Note: bio_dgram_data must be first here
239 * as we use dgram_ctrl for underlying dgram operations
240 * which will cast this struct to a bio_dgram_data
241 */
242 typedef struct bio_dgram_sctp_data_st {
243 bio_dgram_data dgram;
244 struct bio_dgram_sctp_sndinfo sndinfo;
245 struct bio_dgram_sctp_rcvinfo rcvinfo;
246 struct bio_dgram_sctp_prinfo prinfo;
247 BIO_dgram_sctp_notification_handler_fn handle_notifications;
248 void *notification_context;
249 int in_handshake;
250 int ccs_rcvd;
251 int ccs_sent;
252 int save_shutdown;
253 int peer_auth_tested;
254 } bio_dgram_sctp_data;
255 #endif
256
BIO_s_datagram(void)257 const BIO_METHOD *BIO_s_datagram(void)
258 {
259 return &methods_dgramp;
260 }
261
BIO_new_dgram(int fd,int close_flag)262 BIO *BIO_new_dgram(int fd, int close_flag)
263 {
264 BIO *ret;
265
266 ret = BIO_new(BIO_s_datagram());
267 if (ret == NULL)
268 return NULL;
269 BIO_set_fd(ret, fd, close_flag);
270 return ret;
271 }
272
dgram_new(BIO * bi)273 static int dgram_new(BIO *bi)
274 {
275 bio_dgram_data *data = OPENSSL_zalloc(sizeof(*data));
276
277 if (data == NULL)
278 return 0;
279 bi->ptr = data;
280 return 1;
281 }
282
dgram_free(BIO * a)283 static int dgram_free(BIO *a)
284 {
285 bio_dgram_data *data;
286
287 if (a == NULL)
288 return 0;
289 if (!dgram_clear(a))
290 return 0;
291
292 data = (bio_dgram_data *)a->ptr;
293 OPENSSL_free(data);
294
295 return 1;
296 }
297
dgram_clear(BIO * a)298 static int dgram_clear(BIO *a)
299 {
300 if (a == NULL)
301 return 0;
302 if (a->shutdown) {
303 if (a->init) {
304 BIO_closesocket(a->num);
305 }
306 a->init = 0;
307 a->flags = 0;
308 }
309 return 1;
310 }
311
dgram_adjust_rcv_timeout(BIO * b)312 static void dgram_adjust_rcv_timeout(BIO *b)
313 {
314 #if defined(SO_RCVTIMEO)
315 bio_dgram_data *data = (bio_dgram_data *)b->ptr;
316 OSSL_TIME timeleft;
317
318 /* Is a timer active? */
319 if (!ossl_time_is_zero(data->next_timeout)) {
320 /* Read current socket timeout */
321 #ifdef OPENSSL_SYS_WINDOWS
322 int timeout;
323 int sz = sizeof(timeout);
324
325 if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
326 (void *)&timeout, &sz)
327 < 0)
328 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
329 "calling getsockopt()");
330 else
331 data->socket_timeout = ossl_ms2time(timeout);
332 #else
333 struct timeval tv;
334 socklen_t sz = sizeof(tv);
335
336 if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, &tv, &sz) < 0)
337 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
338 "calling getsockopt()");
339 else
340 data->socket_timeout = ossl_time_from_timeval(tv);
341 #endif
342
343 /* Calculate time left until timer expires */
344 timeleft = ossl_time_subtract(data->next_timeout, ossl_time_now());
345 if (ossl_time_compare(timeleft, ossl_ticks2time(OSSL_TIME_US)) < 0)
346 timeleft = ossl_ticks2time(OSSL_TIME_US);
347
348 /*
349 * Adjust socket timeout if next handshake message timer will expire
350 * earlier.
351 */
352 if (ossl_time_is_zero(data->socket_timeout)
353 || ossl_time_compare(data->socket_timeout, timeleft) >= 0) {
354 #ifdef OPENSSL_SYS_WINDOWS
355 timeout = (int)ossl_time2ms(timeleft);
356 if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
357 (void *)&timeout, sizeof(timeout))
358 < 0)
359 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
360 "calling setsockopt()");
361 #else
362 tv = ossl_time_to_timeval(timeleft);
363 if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, &tv,
364 sizeof(tv))
365 < 0)
366 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
367 "calling setsockopt()");
368 #endif
369 }
370 }
371 #endif
372 }
373
dgram_update_local_addr(BIO * b)374 static void dgram_update_local_addr(BIO *b)
375 {
376 bio_dgram_data *data = (bio_dgram_data *)b->ptr;
377 socklen_t addr_len = sizeof(data->local_addr);
378
379 if (getsockname(b->num, &data->local_addr.sa, &addr_len) < 0)
380 /*
381 * This should not be possible, but zero-initialize and return
382 * anyway.
383 */
384 BIO_ADDR_clear(&data->local_addr);
385 }
386
387 #if M_METHOD == M_METHOD_RECVMMSG || M_METHOD == M_METHOD_RECVMSG || M_METHOD == M_METHOD_WSARECVMSG
dgram_get_sock_family(BIO * b)388 static int dgram_get_sock_family(BIO *b)
389 {
390 bio_dgram_data *data = (bio_dgram_data *)b->ptr;
391 return data->local_addr.sa.sa_family;
392 }
393 #endif
394
dgram_reset_rcv_timeout(BIO * b)395 static void dgram_reset_rcv_timeout(BIO *b)
396 {
397 #if defined(SO_RCVTIMEO)
398 bio_dgram_data *data = (bio_dgram_data *)b->ptr;
399
400 /* Is a timer active? */
401 if (!ossl_time_is_zero(data->next_timeout)) {
402 #ifdef OPENSSL_SYS_WINDOWS
403 int timeout = (int)ossl_time2ms(data->socket_timeout);
404
405 if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
406 (void *)&timeout, sizeof(timeout))
407 < 0)
408 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
409 "calling setsockopt()");
410 #else
411 struct timeval tv = ossl_time_to_timeval(data->socket_timeout);
412
413 if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, &tv, sizeof(tv)) < 0)
414 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
415 "calling setsockopt()");
416 #endif
417 }
418 #endif
419 }
420
dgram_read(BIO * b,char * out,int outl)421 static int dgram_read(BIO *b, char *out, int outl)
422 {
423 int ret = 0;
424 bio_dgram_data *data = (bio_dgram_data *)b->ptr;
425 int flags = 0;
426
427 BIO_ADDR peer;
428 socklen_t len = sizeof(peer);
429
430 if (out != NULL) {
431 clear_socket_error();
432 BIO_ADDR_clear(&peer);
433 dgram_adjust_rcv_timeout(b);
434 if (data->peekmode)
435 flags = MSG_PEEK;
436 ret = recvfrom(b->num, out, outl, flags,
437 BIO_ADDR_sockaddr_noconst(&peer), &len);
438
439 if (!data->connected && ret >= 0)
440 BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, &peer);
441
442 BIO_clear_retry_flags(b);
443 if (ret < 0) {
444 if (BIO_dgram_should_retry(ret)) {
445 BIO_set_retry_read(b);
446 data->_errno = get_last_socket_error();
447 }
448 }
449
450 dgram_reset_rcv_timeout(b);
451 }
452 return ret;
453 }
454
dgram_write(BIO * b,const char * in,int inl)455 static int dgram_write(BIO *b, const char *in, int inl)
456 {
457 int ret;
458 bio_dgram_data *data = (bio_dgram_data *)b->ptr;
459 clear_socket_error();
460
461 if (data->connected)
462 ret = writesocket(b->num, in, inl);
463 else {
464 int peerlen = BIO_ADDR_sockaddr_size(&data->peer);
465
466 ret = sendto(b->num, in, inl, 0,
467 BIO_ADDR_sockaddr(&data->peer), peerlen);
468 }
469
470 BIO_clear_retry_flags(b);
471 if (ret <= 0) {
472 if (BIO_dgram_should_retry(ret)) {
473 BIO_set_retry_write(b);
474 data->_errno = get_last_socket_error();
475 }
476 }
477 return ret;
478 }
479
dgram_get_mtu_overhead(BIO_ADDR * addr)480 static long dgram_get_mtu_overhead(BIO_ADDR *addr)
481 {
482 long ret;
483
484 switch (BIO_ADDR_family(addr)) {
485 case AF_INET:
486 /*
487 * Assume this is UDP - 20 bytes for IP, 8 bytes for UDP
488 */
489 ret = 28;
490 break;
491 #if OPENSSL_USE_IPV6
492 case AF_INET6: {
493 #ifdef IN6_IS_ADDR_V4MAPPED
494 struct in6_addr tmp_addr;
495
496 if (BIO_ADDR_rawaddress(addr, &tmp_addr, NULL)
497 && IN6_IS_ADDR_V4MAPPED(&tmp_addr))
498 /*
499 * Assume this is UDP - 20 bytes for IP, 8 bytes for UDP
500 */
501 ret = 28;
502 else
503 #endif
504 /*
505 * Assume this is UDP - 40 bytes for IP, 8 bytes for UDP
506 */
507 ret = 48;
508 } break;
509 #endif
510 default:
511 /* We don't know. Go with the historical default */
512 ret = 28;
513 break;
514 }
515 return ret;
516 }
517
518 /* Enables appropriate destination address reception option on the socket. */
519 #if defined(SUPPORT_LOCAL_ADDR)
enable_local_addr(BIO * b,int enable)520 static int enable_local_addr(BIO *b, int enable)
521 {
522 int af = dgram_get_sock_family(b);
523
524 if (af == AF_INET) {
525 #if defined(IP_PKTINFO)
526 /* IP_PKTINFO is preferred */
527 if (setsockopt(b->num, IPPROTO_IP, IP_PKTINFO,
528 (void *)&enable, sizeof(enable))
529 < 0)
530 return 0;
531
532 return 1;
533
534 #elif defined(IP_RECVDSTADDR)
535 /* Fall back to IP_RECVDSTADDR */
536
537 if (setsockopt(b->num, IPPROTO_IP, IP_RECVDSTADDR,
538 &enable, sizeof(enable))
539 < 0)
540 return 0;
541
542 return 1;
543 #endif
544 }
545
546 #if OPENSSL_USE_IPV6
547 if (af == AF_INET6) {
548 #if defined(IPV6_RECVPKTINFO)
549 if (setsockopt(b->num, IPPROTO_IPV6, IPV6_RECVPKTINFO,
550 &enable, sizeof(enable))
551 < 0)
552 return 0;
553
554 return 1;
555 #endif
556 }
557 #endif
558
559 return 0;
560 }
561 #endif
562
dgram_ctrl(BIO * b,int cmd,long num,void * ptr)563 static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
564 {
565 long ret = 1;
566 int *ip;
567 bio_dgram_data *data = NULL;
568 #ifndef __DJGPP__
569 /* There are currently no cases where this is used on djgpp/watt32. */
570 int sockopt_val = 0;
571 #endif
572 int d_errno;
573 #if defined(OPENSSL_SYS_LINUX) && (defined(IP_MTU_DISCOVER) || defined(IP_MTU))
574 socklen_t sockopt_len; /* assume that system supporting IP_MTU is
575 * modern enough to define socklen_t */
576 socklen_t addr_len;
577 BIO_ADDR addr;
578 #endif
579 struct sockaddr_storage ss;
580 socklen_t ss_len = sizeof(ss);
581
582 data = (bio_dgram_data *)b->ptr;
583
584 switch (cmd) {
585 case BIO_CTRL_RESET:
586 num = 0;
587 ret = 0;
588 break;
589 case BIO_CTRL_INFO:
590 ret = 0;
591 break;
592 case BIO_C_SET_FD:
593 dgram_clear(b);
594 b->num = *((int *)ptr);
595 b->shutdown = (int)num;
596 b->init = 1;
597 dgram_update_local_addr(b);
598 if (getpeername(b->num, (struct sockaddr *)&ss, &ss_len) == 0) {
599 BIO_ADDR_make(&data->peer, BIO_ADDR_sockaddr((BIO_ADDR *)&ss));
600 data->connected = 1;
601 }
602 #if defined(SUPPORT_LOCAL_ADDR)
603 if (data->local_addr_enabled) {
604 if (enable_local_addr(b, 1) < 1)
605 data->local_addr_enabled = 0;
606 }
607 #endif
608 break;
609 case BIO_C_GET_FD:
610 if (b->init) {
611 ip = (int *)ptr;
612 if (ip != NULL)
613 *ip = b->num;
614 ret = b->num;
615 } else
616 ret = -1;
617 break;
618 case BIO_CTRL_GET_CLOSE:
619 ret = b->shutdown;
620 break;
621 case BIO_CTRL_SET_CLOSE:
622 b->shutdown = (int)num;
623 break;
624 case BIO_CTRL_PENDING:
625 case BIO_CTRL_WPENDING:
626 ret = 0;
627 break;
628 case BIO_CTRL_DUP:
629 case BIO_CTRL_FLUSH:
630 ret = 1;
631 break;
632 case BIO_CTRL_DGRAM_CONNECT:
633 BIO_ADDR_make(&data->peer, BIO_ADDR_sockaddr((BIO_ADDR *)ptr));
634 break;
635 /* (Linux)kernel sets DF bit on outgoing IP packets */
636 case BIO_CTRL_DGRAM_MTU_DISCOVER:
637 #if defined(OPENSSL_SYS_LINUX) && defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DO)
638 addr_len = (socklen_t)sizeof(addr);
639 BIO_ADDR_clear(&addr);
640 if (getsockname(b->num, &addr.sa, &addr_len) < 0) {
641 ret = 0;
642 break;
643 }
644 switch (addr.sa.sa_family) {
645 case AF_INET:
646 sockopt_val = IP_PMTUDISC_DO;
647 if ((ret = setsockopt(b->num, IPPROTO_IP, IP_MTU_DISCOVER,
648 &sockopt_val, sizeof(sockopt_val)))
649 < 0)
650 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
651 "calling setsockopt()");
652 break;
653 #if OPENSSL_USE_IPV6 && defined(IPV6_MTU_DISCOVER) && defined(IPV6_PMTUDISC_DO)
654 case AF_INET6:
655 sockopt_val = IPV6_PMTUDISC_DO;
656 if ((ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_MTU_DISCOVER,
657 &sockopt_val, sizeof(sockopt_val)))
658 < 0)
659 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
660 "calling setsockopt()");
661 break;
662 #endif
663 default:
664 ret = -1;
665 break;
666 }
667 #else
668 ret = -1;
669 #endif
670 break;
671 case BIO_CTRL_DGRAM_QUERY_MTU:
672 #if defined(OPENSSL_SYS_LINUX) && defined(IP_MTU)
673 addr_len = (socklen_t)sizeof(addr);
674 BIO_ADDR_clear(&addr);
675 if (getsockname(b->num, &addr.sa, &addr_len) < 0) {
676 ret = 0;
677 break;
678 }
679 sockopt_len = sizeof(sockopt_val);
680 switch (addr.sa.sa_family) {
681 case AF_INET:
682 if ((ret = getsockopt(b->num, IPPROTO_IP, IP_MTU, (void *)&sockopt_val,
683 &sockopt_len))
684 < 0
685 || sockopt_val < 0) {
686 ret = 0;
687 } else {
688 data->mtu = sockopt_val - dgram_get_mtu_overhead(&addr);
689 ret = data->mtu;
690 }
691 break;
692 #if OPENSSL_USE_IPV6 && defined(IPV6_MTU)
693 case AF_INET6:
694 if ((ret = getsockopt(b->num, IPPROTO_IPV6, IPV6_MTU,
695 (void *)&sockopt_val, &sockopt_len))
696 < 0
697 || sockopt_val < 0) {
698 ret = 0;
699 } else {
700 data->mtu = sockopt_val - dgram_get_mtu_overhead(&addr);
701 ret = data->mtu;
702 }
703 break;
704 #endif
705 default:
706 ret = 0;
707 break;
708 }
709 #else
710 ret = 0;
711 #endif
712 break;
713 case BIO_CTRL_DGRAM_GET_FALLBACK_MTU:
714 ret = -dgram_get_mtu_overhead(&data->peer);
715 switch (BIO_ADDR_family(&data->peer)) {
716 case AF_INET:
717 ret += 576;
718 break;
719 #if OPENSSL_USE_IPV6
720 case AF_INET6: {
721 #ifdef IN6_IS_ADDR_V4MAPPED
722 struct in6_addr tmp_addr;
723 if (BIO_ADDR_rawaddress(&data->peer, &tmp_addr, NULL)
724 && IN6_IS_ADDR_V4MAPPED(&tmp_addr))
725 ret += 576;
726 else
727 #endif
728 ret += 1280;
729 } break;
730 #endif
731 default:
732 ret += 576;
733 break;
734 }
735 break;
736 case BIO_CTRL_DGRAM_GET_MTU:
737 return data->mtu;
738 case BIO_CTRL_DGRAM_SET_MTU:
739 data->mtu = num;
740 ret = num;
741 break;
742 case BIO_CTRL_DGRAM_SET_CONNECTED:
743 if (ptr != NULL) {
744 data->connected = 1;
745 BIO_ADDR_make(&data->peer, BIO_ADDR_sockaddr((BIO_ADDR *)ptr));
746 } else {
747 data->connected = 0;
748 BIO_ADDR_clear(&data->peer);
749 }
750 break;
751 case BIO_CTRL_DGRAM_GET_PEER:
752 ret = BIO_ADDR_sockaddr_size(&data->peer);
753 /* FIXME: if num < ret, we will only return part of an address.
754 That should bee an error, no? */
755 if (num == 0 || num > ret)
756 num = ret;
757 memcpy(ptr, &data->peer, (ret = num));
758 break;
759 case BIO_CTRL_DGRAM_SET_PEER:
760 BIO_ADDR_make(&data->peer, BIO_ADDR_sockaddr((BIO_ADDR *)ptr));
761 break;
762 case BIO_CTRL_DGRAM_DETECT_PEER_ADDR: {
763 BIO_ADDR xaddr, *p = &data->peer;
764 socklen_t xaddr_len = sizeof(xaddr.sa);
765
766 if (BIO_ADDR_family(p) == AF_UNSPEC) {
767 if (getpeername(b->num, (void *)&xaddr.sa, &xaddr_len) == 0
768 && BIO_ADDR_family(&xaddr) != AF_UNSPEC) {
769 p = &xaddr;
770 } else {
771 ret = 0;
772 break;
773 }
774 }
775
776 ret = BIO_ADDR_sockaddr_size(p);
777 if (num == 0 || num > ret)
778 num = ret;
779
780 memcpy(ptr, p, (ret = num));
781 } break;
782 case BIO_C_SET_NBIO:
783 if (!BIO_socket_nbio(b->num, num != 0))
784 ret = 0;
785 break;
786 case BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT:
787 data->next_timeout = ossl_time_from_timeval(*(struct timeval *)ptr);
788 break;
789 #if defined(SO_RCVTIMEO)
790 case BIO_CTRL_DGRAM_SET_RECV_TIMEOUT:
791 #ifdef OPENSSL_SYS_WINDOWS
792 {
793 struct timeval *tv = (struct timeval *)ptr;
794 int timeout = tv->tv_sec * 1000 + tv->tv_usec / 1000;
795
796 if ((ret = setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
797 (void *)&timeout, sizeof(timeout)))
798 < 0)
799 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
800 "calling setsockopt()");
801 }
802 #else
803 if ((ret = setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, ptr,
804 sizeof(struct timeval)))
805 < 0)
806 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
807 "calling setsockopt()");
808 #endif
809 break;
810 case BIO_CTRL_DGRAM_GET_RECV_TIMEOUT: {
811 #ifdef OPENSSL_SYS_WINDOWS
812 int sz = 0;
813 int timeout;
814 struct timeval *tv = (struct timeval *)ptr;
815
816 sz = sizeof(timeout);
817 if ((ret = getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
818 (void *)&timeout, &sz))
819 < 0) {
820 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
821 "calling getsockopt()");
822 } else {
823 tv->tv_sec = timeout / 1000;
824 tv->tv_usec = (timeout % 1000) * 1000;
825 ret = sizeof(*tv);
826 }
827 #else
828 socklen_t sz = sizeof(struct timeval);
829
830 if ((ret = getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
831 ptr, &sz))
832 < 0) {
833 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
834 "calling getsockopt()");
835 } else if (!ossl_assert((size_t)sz == sizeof(struct timeval))) {
836 ERR_raise_data(ERR_LIB_BIO, ERR_R_INTERNAL_ERROR,
837 "Unexpected getsockopt(SO_RCVTIMEO) return size");
838 ret = -1;
839 } else {
840 ret = (int)sz;
841 }
842 #endif
843 } break;
844 #endif
845 #if defined(SO_SNDTIMEO)
846 case BIO_CTRL_DGRAM_SET_SEND_TIMEOUT:
847 #ifdef OPENSSL_SYS_WINDOWS
848 {
849 struct timeval *tv = (struct timeval *)ptr;
850 int timeout = tv->tv_sec * 1000 + tv->tv_usec / 1000;
851
852 if ((ret = setsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO,
853 (void *)&timeout, sizeof(timeout)))
854 < 0)
855 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
856 "calling setsockopt()");
857 }
858 #else
859 if ((ret = setsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, ptr,
860 sizeof(struct timeval)))
861 < 0)
862 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
863 "calling setsockopt()");
864 #endif
865 break;
866 case BIO_CTRL_DGRAM_GET_SEND_TIMEOUT: {
867 #ifdef OPENSSL_SYS_WINDOWS
868 int sz = 0;
869 int timeout;
870 struct timeval *tv = (struct timeval *)ptr;
871
872 sz = sizeof(timeout);
873 if ((ret = getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO,
874 (void *)&timeout, &sz))
875 < 0) {
876 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
877 "calling getsockopt()");
878 } else {
879 tv->tv_sec = timeout / 1000;
880 tv->tv_usec = (timeout % 1000) * 1000;
881 ret = sizeof(*tv);
882 }
883 #else
884 socklen_t sz = sizeof(struct timeval);
885
886 if ((ret = getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO,
887 ptr, &sz))
888 < 0) {
889 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
890 "calling getsockopt()");
891 } else if (!ossl_assert((size_t)sz == sizeof(struct timeval))) {
892 ERR_raise_data(ERR_LIB_BIO, ERR_R_INTERNAL_ERROR,
893 "Unexpected getsockopt(SO_SNDTIMEO) return size");
894 ret = -1;
895 } else {
896 ret = (int)sz;
897 }
898 #endif
899 } break;
900 #endif
901 case BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP:
902 /* fall-through */
903 case BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP:
904 #ifdef OPENSSL_SYS_WINDOWS
905 d_errno = (data->_errno == WSAETIMEDOUT);
906 #else
907 d_errno = (data->_errno == EAGAIN);
908 #endif
909 if (d_errno) {
910 ret = 1;
911 data->_errno = 0;
912 } else
913 ret = 0;
914 break;
915 #ifdef EMSGSIZE
916 case BIO_CTRL_DGRAM_MTU_EXCEEDED:
917 if (data->_errno == EMSGSIZE) {
918 ret = 1;
919 data->_errno = 0;
920 } else
921 ret = 0;
922 break;
923 #endif
924 case BIO_CTRL_DGRAM_SET_DONT_FRAG:
925 switch (data->peer.sa.sa_family) {
926 case AF_INET:
927 #if defined(IP_DONTFRAG)
928 sockopt_val = num ? 1 : 0;
929 if ((ret = setsockopt(b->num, IPPROTO_IP, IP_DONTFRAG,
930 &sockopt_val, sizeof(sockopt_val)))
931 < 0)
932 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
933 "calling setsockopt()");
934 #elif defined(OPENSSL_SYS_LINUX) && defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_PROBE)
935 sockopt_val = num ? IP_PMTUDISC_PROBE : IP_PMTUDISC_DONT;
936 if ((ret = setsockopt(b->num, IPPROTO_IP, IP_MTU_DISCOVER,
937 &sockopt_val, sizeof(sockopt_val)))
938 < 0)
939 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
940 "calling setsockopt()");
941 #elif defined(OPENSSL_SYS_WINDOWS) && defined(IP_DONTFRAGMENT)
942 sockopt_val = num ? 1 : 0;
943 if ((ret = setsockopt(b->num, IPPROTO_IP, IP_DONTFRAGMENT,
944 (const char *)&sockopt_val,
945 sizeof(sockopt_val)))
946 < 0)
947 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
948 "calling setsockopt()");
949 #else
950 ret = -1;
951 #endif
952 break;
953 #if OPENSSL_USE_IPV6
954 case AF_INET6:
955 #if defined(IPV6_DONTFRAG)
956 sockopt_val = num ? 1 : 0;
957 if ((ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_DONTFRAG,
958 (const void *)&sockopt_val,
959 sizeof(sockopt_val)))
960 < 0)
961 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
962 "calling setsockopt()");
963
964 #elif defined(OPENSSL_SYS_LINUX) && defined(IPV6_MTU_DISCOVER) && defined(IPV6_PMTUDISC_PROBE)
965 sockopt_val = num ? IPV6_PMTUDISC_PROBE : IPV6_PMTUDISC_DONT;
966 if ((ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_MTU_DISCOVER,
967 &sockopt_val, sizeof(sockopt_val)))
968 < 0)
969 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
970 "calling setsockopt()");
971 #else
972 ret = -1;
973 #endif
974 break;
975 #endif
976 default:
977 ret = -1;
978 break;
979 }
980 break;
981 case BIO_CTRL_DGRAM_GET_MTU_OVERHEAD:
982 ret = dgram_get_mtu_overhead(&data->peer);
983 break;
984
985 /*
986 * BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE is used here for compatibility
987 * reasons. When BIO_CTRL_DGRAM_SET_PEEK_MODE was first defined its value
988 * was incorrectly clashing with BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE. The
989 * value has been updated to a non-clashing value. However to preserve
990 * binary compatibility we now respond to both the old value and the new one
991 */
992 case BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE:
993 case BIO_CTRL_DGRAM_SET_PEEK_MODE:
994 data->peekmode = (unsigned int)num;
995 break;
996
997 case BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP:
998 #if defined(SUPPORT_LOCAL_ADDR)
999 ret = 1;
1000 #else
1001 ret = 0;
1002 #endif
1003 break;
1004
1005 case BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE:
1006 #if defined(SUPPORT_LOCAL_ADDR)
1007 num = num > 0;
1008 if (num != data->local_addr_enabled) {
1009 if (enable_local_addr(b, num) < 1) {
1010 ret = 0;
1011 break;
1012 }
1013
1014 data->local_addr_enabled = (char)num;
1015 }
1016 #else
1017 ret = 0;
1018 #endif
1019 break;
1020
1021 case BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE:
1022 *(int *)ptr = data->local_addr_enabled;
1023 break;
1024
1025 case BIO_CTRL_DGRAM_GET_EFFECTIVE_CAPS:
1026 ret = (long)(BIO_DGRAM_CAP_HANDLES_DST_ADDR
1027 | BIO_DGRAM_CAP_HANDLES_SRC_ADDR
1028 | BIO_DGRAM_CAP_PROVIDES_DST_ADDR
1029 | BIO_DGRAM_CAP_PROVIDES_SRC_ADDR);
1030 break;
1031
1032 case BIO_CTRL_GET_RPOLL_DESCRIPTOR:
1033 case BIO_CTRL_GET_WPOLL_DESCRIPTOR: {
1034 BIO_POLL_DESCRIPTOR *pd = ptr;
1035
1036 pd->type = BIO_POLL_DESCRIPTOR_TYPE_SOCK_FD;
1037 pd->value.fd = b->num;
1038 } break;
1039
1040 default:
1041 ret = 0;
1042 break;
1043 }
1044 /* Normalize if error */
1045 if (ret < 0)
1046 ret = -1;
1047 return ret;
1048 }
1049
dgram_puts(BIO * bp,const char * str)1050 static int dgram_puts(BIO *bp, const char *str)
1051 {
1052 int n, ret;
1053
1054 n = strlen(str);
1055 ret = dgram_write(bp, str, n);
1056 return ret;
1057 }
1058
1059 #if M_METHOD == M_METHOD_WSARECVMSG
translate_msg_win(BIO * b,WSAMSG * mh,WSABUF * iov,unsigned char * control,BIO_MSG * msg)1060 static void translate_msg_win(BIO *b, WSAMSG *mh, WSABUF *iov,
1061 unsigned char *control, BIO_MSG *msg)
1062 {
1063 iov->len = msg->data_len;
1064 iov->buf = msg->data;
1065
1066 /* Windows requires namelen to be set exactly */
1067 mh->name = msg->peer != NULL ? &msg->peer->sa : NULL;
1068 if (msg->peer != NULL && dgram_get_sock_family(b) == AF_INET)
1069 mh->namelen = sizeof(struct sockaddr_in);
1070 #if OPENSSL_USE_IPV6
1071 else if (msg->peer != NULL && dgram_get_sock_family(b) == AF_INET6)
1072 mh->namelen = sizeof(struct sockaddr_in6);
1073 #endif
1074 else
1075 mh->namelen = 0;
1076
1077 /*
1078 * When local address reception (IP_PKTINFO, etc.) is enabled, on Windows
1079 * this causes WSARecvMsg to fail if the control buffer is too small to hold
1080 * the structure, or if no control buffer is passed. So we need to give it
1081 * the control buffer even if we aren't actually going to examine the
1082 * result.
1083 */
1084 mh->lpBuffers = iov;
1085 mh->dwBufferCount = 1;
1086 mh->Control.len = BIO_CMSG_ALLOC_LEN;
1087 mh->Control.buf = control;
1088 mh->dwFlags = 0;
1089 }
1090 #endif
1091
1092 #if M_METHOD == M_METHOD_RECVMMSG || M_METHOD == M_METHOD_RECVMSG
1093 /* Translates a BIO_MSG to a msghdr and iovec. */
translate_msg(BIO * b,struct msghdr * mh,struct iovec * iov,unsigned char * control,BIO_MSG * msg)1094 static void translate_msg(BIO *b, struct msghdr *mh, struct iovec *iov,
1095 unsigned char *control, BIO_MSG *msg)
1096 {
1097 bio_dgram_data *data;
1098
1099 iov->iov_base = msg->data;
1100 iov->iov_len = msg->data_len;
1101
1102 data = (bio_dgram_data *)b->ptr;
1103 if (data->connected == 0) {
1104 /* macOS requires msg_namelen be 0 if msg_name is NULL */
1105 mh->msg_name = msg->peer != NULL ? &msg->peer->sa : NULL;
1106 if (msg->peer != NULL && dgram_get_sock_family(b) == AF_INET)
1107 mh->msg_namelen = sizeof(struct sockaddr_in);
1108 #if OPENSSL_USE_IPV6
1109 else if (msg->peer != NULL && dgram_get_sock_family(b) == AF_INET6)
1110 mh->msg_namelen = sizeof(struct sockaddr_in6);
1111 #endif
1112 else
1113 mh->msg_namelen = 0;
1114 } else {
1115 mh->msg_name = NULL;
1116 mh->msg_namelen = 0;
1117 }
1118
1119 mh->msg_iov = iov;
1120 mh->msg_iovlen = 1;
1121 mh->msg_control = msg->local != NULL ? control : NULL;
1122 mh->msg_controllen = msg->local != NULL ? BIO_CMSG_ALLOC_LEN : 0;
1123 mh->msg_flags = 0;
1124 }
1125 #endif
1126
1127 #if M_METHOD == M_METHOD_RECVMMSG || M_METHOD == M_METHOD_RECVMSG || M_METHOD == M_METHOD_WSARECVMSG
1128 /* Extracts destination address from the control buffer. */
extract_local(BIO * b,MSGHDR_TYPE * mh,BIO_ADDR * local)1129 static int extract_local(BIO *b, MSGHDR_TYPE *mh, BIO_ADDR *local)
1130 {
1131 #if defined(IP_PKTINFO) || defined(IP_RECVDSTADDR) || defined(IPV6_PKTINFO)
1132 CMSGHDR_TYPE *cmsg;
1133 int af = dgram_get_sock_family(b);
1134
1135 for (cmsg = BIO_CMSG_FIRSTHDR(mh); cmsg != NULL;
1136 cmsg = BIO_CMSG_NXTHDR(mh, cmsg)) {
1137 if (af == AF_INET) {
1138 if (cmsg->cmsg_level != IPPROTO_IP)
1139 continue;
1140
1141 #if defined(IP_PKTINFO)
1142 if (cmsg->cmsg_type != IP_PKTINFO)
1143 continue;
1144
1145 local->s_in.sin_addr = ((struct in_pktinfo *)BIO_CMSG_DATA(cmsg))->ipi_addr;
1146
1147 #elif defined(IP_RECVDSTADDR)
1148 if (cmsg->cmsg_type != IP_RECVDSTADDR)
1149 continue;
1150
1151 local->s_in.sin_addr = *(struct in_addr *)BIO_CMSG_DATA(cmsg);
1152 #endif
1153
1154 #if defined(IP_PKTINFO) || defined(IP_RECVDSTADDR)
1155 {
1156 bio_dgram_data *data = b->ptr;
1157
1158 local->s_in.sin_family = AF_INET;
1159 local->s_in.sin_port = data->local_addr.s_in.sin_port;
1160 }
1161 return 1;
1162 #endif
1163 }
1164 #if OPENSSL_USE_IPV6
1165 else if (af == AF_INET6) {
1166 if (cmsg->cmsg_level != IPPROTO_IPV6)
1167 continue;
1168
1169 #if defined(IPV6_RECVPKTINFO)
1170 if (cmsg->cmsg_type != IPV6_PKTINFO)
1171 continue;
1172
1173 {
1174 bio_dgram_data *data = b->ptr;
1175
1176 local->s_in6.sin6_addr = ((struct in6_pktinfo *)BIO_CMSG_DATA(cmsg))->ipi6_addr;
1177 local->s_in6.sin6_family = AF_INET6;
1178 local->s_in6.sin6_port = data->local_addr.s_in6.sin6_port;
1179 local->s_in6.sin6_scope_id = data->local_addr.s_in6.sin6_scope_id;
1180 local->s_in6.sin6_flowinfo = 0;
1181 }
1182 return 1;
1183 #endif
1184 }
1185 #endif
1186 }
1187 #endif
1188
1189 return 0;
1190 }
1191
pack_local(BIO * b,MSGHDR_TYPE * mh,const BIO_ADDR * local)1192 static int pack_local(BIO *b, MSGHDR_TYPE *mh, const BIO_ADDR *local)
1193 {
1194 int af = dgram_get_sock_family(b);
1195 #if defined(IP_PKTINFO) || defined(IP_RECVDSTADDR) || defined(IPV6_PKTINFO)
1196 CMSGHDR_TYPE *cmsg;
1197 bio_dgram_data *data = b->ptr;
1198 #endif
1199
1200 if (af == AF_INET) {
1201 #if defined(IP_PKTINFO)
1202 struct in_pktinfo *info;
1203
1204 #if defined(OPENSSL_SYS_WINDOWS)
1205 cmsg = (CMSGHDR_TYPE *)mh->Control.buf;
1206 #else
1207 cmsg = (CMSGHDR_TYPE *)mh->msg_control;
1208 #endif
1209
1210 cmsg->cmsg_len = BIO_CMSG_LEN(sizeof(struct in_pktinfo));
1211 cmsg->cmsg_level = IPPROTO_IP;
1212 cmsg->cmsg_type = IP_PKTINFO;
1213
1214 info = (struct in_pktinfo *)BIO_CMSG_DATA(cmsg);
1215 #if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_CYGWIN) && !defined(__FreeBSD__) && !defined(__QNX__)
1216 info->ipi_spec_dst = local->s_in.sin_addr;
1217 #endif
1218 info->ipi_addr.s_addr = 0;
1219 info->ipi_ifindex = 0;
1220
1221 /*
1222 * We cannot override source port using this API, therefore
1223 * ensure the application specified a source port of 0
1224 * or the one we are bound to. (Better to error than silently
1225 * ignore this.)
1226 */
1227 if (local->s_in.sin_port != 0
1228 && data->local_addr.s_in.sin_port != local->s_in.sin_port) {
1229 ERR_raise(ERR_LIB_BIO, BIO_R_PORT_MISMATCH);
1230 return 0;
1231 }
1232
1233 #if defined(OPENSSL_SYS_WINDOWS)
1234 mh->Control.len = BIO_CMSG_SPACE(sizeof(struct in_pktinfo));
1235 #else
1236 mh->msg_controllen = BIO_CMSG_SPACE(sizeof(struct in_pktinfo));
1237 #endif
1238 return 1;
1239
1240 #elif defined(IP_SENDSRCADDR)
1241 struct in_addr *info;
1242
1243 /*
1244 * At least FreeBSD is very pedantic about using IP_SENDSRCADDR when we
1245 * are not bound to 0.0.0.0 or ::, even if the address matches what we
1246 * bound to. Support this by not packing the structure if the address
1247 * matches our understanding of our local address. IP_SENDSRCADDR is a
1248 * BSD thing, so we don't need an explicit test for BSD here.
1249 */
1250 if (local->s_in.sin_addr.s_addr == data->local_addr.s_in.sin_addr.s_addr) {
1251 mh->msg_control = NULL;
1252 mh->msg_controllen = 0;
1253 return 1;
1254 }
1255
1256 cmsg = (struct cmsghdr *)mh->msg_control;
1257 cmsg->cmsg_len = BIO_CMSG_LEN(sizeof(struct in_addr));
1258 cmsg->cmsg_level = IPPROTO_IP;
1259 cmsg->cmsg_type = IP_SENDSRCADDR;
1260
1261 info = (struct in_addr *)BIO_CMSG_DATA(cmsg);
1262 *info = local->s_in.sin_addr;
1263
1264 /* See comment above. */
1265 if (local->s_in.sin_port != 0
1266 && data->local_addr.s_in.sin_port != local->s_in.sin_port) {
1267 ERR_raise(ERR_LIB_BIO, BIO_R_PORT_MISMATCH);
1268 return 0;
1269 }
1270
1271 mh->msg_controllen = BIO_CMSG_SPACE(sizeof(struct in_addr));
1272 return 1;
1273 #endif
1274 }
1275 #if OPENSSL_USE_IPV6
1276 else if (af == AF_INET6) {
1277 #if defined(IPV6_PKTINFO)
1278 struct in6_pktinfo *info;
1279
1280 #if defined(OPENSSL_SYS_WINDOWS)
1281 cmsg = (CMSGHDR_TYPE *)mh->Control.buf;
1282 #else
1283 cmsg = (CMSGHDR_TYPE *)mh->msg_control;
1284 #endif
1285 cmsg->cmsg_len = BIO_CMSG_LEN(sizeof(struct in6_pktinfo));
1286 cmsg->cmsg_level = IPPROTO_IPV6;
1287 cmsg->cmsg_type = IPV6_PKTINFO;
1288
1289 info = (struct in6_pktinfo *)BIO_CMSG_DATA(cmsg);
1290 info->ipi6_addr = local->s_in6.sin6_addr;
1291 info->ipi6_ifindex = 0;
1292
1293 /*
1294 * See comment above, but also applies to the other fields
1295 * in sockaddr_in6.
1296 */
1297 if (local->s_in6.sin6_port != 0
1298 && data->local_addr.s_in6.sin6_port != local->s_in6.sin6_port) {
1299 ERR_raise(ERR_LIB_BIO, BIO_R_PORT_MISMATCH);
1300 return 0;
1301 }
1302
1303 if (local->s_in6.sin6_scope_id != 0
1304 && data->local_addr.s_in6.sin6_scope_id != local->s_in6.sin6_scope_id) {
1305 ERR_raise(ERR_LIB_BIO, BIO_R_PORT_MISMATCH);
1306 return 0;
1307 }
1308
1309 #if defined(OPENSSL_SYS_WINDOWS)
1310 mh->Control.len = BIO_CMSG_SPACE(sizeof(struct in6_pktinfo));
1311 #else
1312 mh->msg_controllen = BIO_CMSG_SPACE(sizeof(struct in6_pktinfo));
1313 #endif
1314 return 1;
1315 #endif
1316 }
1317 #endif
1318
1319 return 0;
1320 }
1321 #endif
1322
1323 /*
1324 * Converts flags passed to BIO_sendmmsg or BIO_recvmmsg to syscall flags. You
1325 * should mask out any system flags returned by this function you cannot support
1326 * in a particular circumstance. Currently no flags are defined.
1327 */
1328 #if M_METHOD != M_METHOD_NONE
translate_flags(uint64_t flags)1329 static int translate_flags(uint64_t flags)
1330 {
1331 return 0;
1332 }
1333 #endif
1334
dgram_sendmmsg(BIO * b,BIO_MSG * msg,size_t stride,size_t num_msg,uint64_t flags,size_t * num_processed)1335 static int dgram_sendmmsg(BIO *b, BIO_MSG *msg, size_t stride,
1336 size_t num_msg, uint64_t flags, size_t *num_processed)
1337 {
1338 #if M_METHOD != M_METHOD_NONE && M_METHOD != M_METHOD_RECVMSG
1339 int ret;
1340 #endif
1341 #if M_METHOD == M_METHOD_RECVMMSG
1342 #define BIO_MAX_MSGS_PER_CALL 64
1343 int sysflags;
1344 bio_dgram_data *data = (bio_dgram_data *)b->ptr;
1345 size_t i;
1346 struct mmsghdr mh[BIO_MAX_MSGS_PER_CALL];
1347 struct iovec iov[BIO_MAX_MSGS_PER_CALL];
1348 unsigned char control[BIO_MAX_MSGS_PER_CALL][BIO_CMSG_ALLOC_LEN];
1349 int have_local_enabled = data->local_addr_enabled;
1350 #elif M_METHOD == M_METHOD_RECVMSG
1351 int sysflags;
1352 bio_dgram_data *data = (bio_dgram_data *)b->ptr;
1353 ossl_ssize_t l;
1354 struct msghdr mh;
1355 struct iovec iov;
1356 unsigned char control[BIO_CMSG_ALLOC_LEN];
1357 int have_local_enabled = data->local_addr_enabled;
1358 #elif M_METHOD == M_METHOD_WSARECVMSG
1359 bio_dgram_data *data = (bio_dgram_data *)b->ptr;
1360 int have_local_enabled = data->local_addr_enabled;
1361 WSAMSG wmsg;
1362 WSABUF wbuf;
1363 DWORD num_bytes_sent = 0;
1364 unsigned char control[BIO_CMSG_ALLOC_LEN];
1365 #endif
1366 #if M_METHOD == M_METHOD_RECVFROM || M_METHOD == M_METHOD_WSARECVMSG
1367 int sysflags;
1368 #endif
1369
1370 if (num_msg == 0) {
1371 *num_processed = 0;
1372 return 1;
1373 }
1374
1375 if (num_msg > OSSL_SSIZE_MAX)
1376 num_msg = OSSL_SSIZE_MAX;
1377
1378 #if M_METHOD != M_METHOD_NONE
1379 sysflags = translate_flags(flags);
1380 #endif
1381
1382 #if M_METHOD == M_METHOD_RECVMMSG
1383 /*
1384 * In the sendmmsg/recvmmsg case, we need to allocate our translated struct
1385 * msghdr and struct iovec on the stack to support multithreaded use. Thus
1386 * we place a fixed limit on the number of messages per call, in the
1387 * expectation that we will be called again if there were more messages to
1388 * be sent.
1389 */
1390 if (num_msg > BIO_MAX_MSGS_PER_CALL)
1391 num_msg = BIO_MAX_MSGS_PER_CALL;
1392
1393 for (i = 0; i < num_msg; ++i) {
1394 translate_msg(b, &mh[i].msg_hdr, &iov[i],
1395 control[i], &BIO_MSG_N(msg, stride, i));
1396
1397 /* If local address was requested, it must have been enabled */
1398 if (BIO_MSG_N(msg, stride, i).local != NULL) {
1399 if (!have_local_enabled) {
1400 ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
1401 *num_processed = 0;
1402 return 0;
1403 }
1404
1405 if (pack_local(b, &mh[i].msg_hdr,
1406 BIO_MSG_N(msg, stride, i).local)
1407 < 1) {
1408 ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
1409 *num_processed = 0;
1410 return 0;
1411 }
1412 }
1413 }
1414
1415 /* Do the batch */
1416 ret = sendmmsg(b->num, mh, num_msg, sysflags);
1417 if (ret < 0) {
1418 ERR_raise(ERR_LIB_SYS, get_last_socket_error());
1419 *num_processed = 0;
1420 return 0;
1421 }
1422
1423 for (i = 0; i < (size_t)ret; ++i) {
1424 BIO_MSG_N(msg, stride, i).data_len = mh[i].msg_len;
1425 BIO_MSG_N(msg, stride, i).flags = 0;
1426 }
1427
1428 *num_processed = (size_t)ret;
1429 return 1;
1430
1431 #elif M_METHOD == M_METHOD_RECVMSG
1432 /*
1433 * If sendmsg is available, use it.
1434 */
1435 translate_msg(b, &mh, &iov, control, msg);
1436
1437 if (msg->local != NULL) {
1438 if (!have_local_enabled) {
1439 ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
1440 *num_processed = 0;
1441 return 0;
1442 }
1443
1444 if (pack_local(b, &mh, msg->local) < 1) {
1445 ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
1446 *num_processed = 0;
1447 return 0;
1448 }
1449 }
1450
1451 l = sendmsg(b->num, &mh, sysflags);
1452 if (l < 0) {
1453 ERR_raise(ERR_LIB_SYS, get_last_socket_error());
1454 *num_processed = 0;
1455 return 0;
1456 }
1457
1458 msg->data_len = (size_t)l;
1459 msg->flags = 0;
1460 *num_processed = 1;
1461 return 1;
1462
1463 #elif M_METHOD == M_METHOD_WSARECVMSG || M_METHOD == M_METHOD_RECVFROM
1464 #if M_METHOD == M_METHOD_WSARECVMSG
1465 if (bio_WSASendMsg != NULL) {
1466 /* WSASendMsg-based implementation for Windows. */
1467 translate_msg_win(b, &wmsg, &wbuf, control, msg);
1468
1469 if (msg[0].local != NULL) {
1470 if (!have_local_enabled) {
1471 ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
1472 *num_processed = 0;
1473 return 0;
1474 }
1475
1476 if (pack_local(b, &wmsg, msg[0].local) < 1) {
1477 ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
1478 *num_processed = 0;
1479 return 0;
1480 }
1481 }
1482
1483 ret = WSASendMsg((SOCKET)b->num, &wmsg, 0, &num_bytes_sent, NULL, NULL);
1484 if (ret < 0) {
1485 ERR_raise(ERR_LIB_SYS, get_last_socket_error());
1486 *num_processed = 0;
1487 return 0;
1488 }
1489
1490 msg[0].data_len = num_bytes_sent;
1491 msg[0].flags = 0;
1492 *num_processed = 1;
1493 return 1;
1494 }
1495 #endif
1496
1497 /*
1498 * Fallback to sendto and send a single message.
1499 */
1500 if (msg[0].local != NULL) {
1501 /*
1502 * We cannot set the local address if using sendto
1503 * so fail in this case
1504 */
1505 ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
1506 *num_processed = 0;
1507 return 0;
1508 }
1509
1510 ret = sendto(b->num, msg[0].data,
1511 #if defined(OPENSSL_SYS_WINDOWS)
1512 (int)msg[0].data_len,
1513 #else
1514 msg[0].data_len,
1515 #endif
1516 sysflags,
1517 msg[0].peer != NULL ? BIO_ADDR_sockaddr(msg[0].peer) : NULL,
1518 msg[0].peer != NULL ? BIO_ADDR_sockaddr_size(msg[0].peer) : 0);
1519 if (ret <= 0) {
1520 ERR_raise(ERR_LIB_SYS, get_last_socket_error());
1521 *num_processed = 0;
1522 return 0;
1523 }
1524
1525 msg[0].data_len = ret;
1526 msg[0].flags = 0;
1527 *num_processed = 1;
1528 return 1;
1529
1530 #else
1531 ERR_raise(ERR_LIB_BIO, BIO_R_UNSUPPORTED_METHOD);
1532 *num_processed = 0;
1533 return 0;
1534 #endif
1535 }
1536
dgram_recvmmsg(BIO * b,BIO_MSG * msg,size_t stride,size_t num_msg,uint64_t flags,size_t * num_processed)1537 static int dgram_recvmmsg(BIO *b, BIO_MSG *msg,
1538 size_t stride, size_t num_msg,
1539 uint64_t flags, size_t *num_processed)
1540 {
1541 #if M_METHOD != M_METHOD_NONE && M_METHOD != M_METHOD_RECVMSG
1542 int ret;
1543 #endif
1544 #if M_METHOD == M_METHOD_RECVMMSG
1545 int sysflags;
1546 bio_dgram_data *data = (bio_dgram_data *)b->ptr;
1547 size_t i;
1548 struct mmsghdr mh[BIO_MAX_MSGS_PER_CALL];
1549 struct iovec iov[BIO_MAX_MSGS_PER_CALL];
1550 unsigned char control[BIO_MAX_MSGS_PER_CALL][BIO_CMSG_ALLOC_LEN];
1551 int have_local_enabled = data->local_addr_enabled;
1552 #elif M_METHOD == M_METHOD_RECVMSG
1553 int sysflags;
1554 bio_dgram_data *data = (bio_dgram_data *)b->ptr;
1555 ossl_ssize_t l;
1556 struct msghdr mh;
1557 struct iovec iov;
1558 unsigned char control[BIO_CMSG_ALLOC_LEN];
1559 int have_local_enabled = data->local_addr_enabled;
1560 #elif M_METHOD == M_METHOD_WSARECVMSG
1561 bio_dgram_data *data = (bio_dgram_data *)b->ptr;
1562 int have_local_enabled = data->local_addr_enabled;
1563 WSAMSG wmsg;
1564 WSABUF wbuf;
1565 DWORD num_bytes_received = 0;
1566 unsigned char control[BIO_CMSG_ALLOC_LEN];
1567 #endif
1568 #if M_METHOD == M_METHOD_RECVFROM || M_METHOD == M_METHOD_WSARECVMSG
1569 int sysflags;
1570 socklen_t slen;
1571 #endif
1572
1573 if (num_msg == 0) {
1574 *num_processed = 0;
1575 return 1;
1576 }
1577
1578 if (num_msg > OSSL_SSIZE_MAX)
1579 num_msg = OSSL_SSIZE_MAX;
1580
1581 #if M_METHOD != M_METHOD_NONE
1582 sysflags = translate_flags(flags);
1583 #endif
1584
1585 #if M_METHOD == M_METHOD_RECVMMSG
1586 /*
1587 * In the sendmmsg/recvmmsg case, we need to allocate our translated struct
1588 * msghdr and struct iovec on the stack to support multithreaded use. Thus
1589 * we place a fixed limit on the number of messages per call, in the
1590 * expectation that we will be called again if there were more messages to
1591 * be sent.
1592 */
1593 if (num_msg > BIO_MAX_MSGS_PER_CALL)
1594 num_msg = BIO_MAX_MSGS_PER_CALL;
1595
1596 for (i = 0; i < num_msg; ++i) {
1597 translate_msg(b, &mh[i].msg_hdr, &iov[i],
1598 control[i], &BIO_MSG_N(msg, stride, i));
1599
1600 /* If local address was requested, it must have been enabled */
1601 if (BIO_MSG_N(msg, stride, i).local != NULL && !have_local_enabled) {
1602 ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
1603 *num_processed = 0;
1604 return 0;
1605 }
1606 }
1607
1608 /* Do the batch */
1609 ret = recvmmsg(b->num, mh, num_msg, sysflags, NULL);
1610 if (ret < 0) {
1611 ERR_raise(ERR_LIB_SYS, get_last_socket_error());
1612 *num_processed = 0;
1613 return 0;
1614 }
1615
1616 for (i = 0; i < (size_t)ret; ++i) {
1617 BIO_MSG_N(msg, stride, i).data_len = mh[i].msg_len;
1618 BIO_MSG_N(msg, stride, i).flags = 0;
1619 /*
1620 * *(msg->peer) will have been filled in by recvmmsg;
1621 * for msg->local we parse the control data returned
1622 */
1623 if (BIO_MSG_N(msg, stride, i).local != NULL)
1624 if (extract_local(b, &mh[i].msg_hdr,
1625 BIO_MSG_N(msg, stride, i).local)
1626 < 1)
1627 /*
1628 * It appears BSDs do not support local addresses for
1629 * loopback sockets. In this case, just clear the local
1630 * address, as for OS X and Windows in some circumstances
1631 * (see below).
1632 */
1633 BIO_ADDR_clear(BIO_MSG_N(msg, stride, i).local);
1634 }
1635
1636 *num_processed = (size_t)ret;
1637 return 1;
1638
1639 #elif M_METHOD == M_METHOD_RECVMSG
1640 /*
1641 * If recvmsg is available, use it.
1642 */
1643 translate_msg(b, &mh, &iov, control, msg);
1644
1645 /* If local address was requested, it must have been enabled */
1646 if (msg->local != NULL && !have_local_enabled) {
1647 /*
1648 * If we have done at least one message, we must return the
1649 * count; if we haven't done any, we can give an error code
1650 */
1651 ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
1652 *num_processed = 0;
1653 return 0;
1654 }
1655
1656 l = recvmsg(b->num, &mh, sysflags);
1657 if (l < 0) {
1658 ERR_raise(ERR_LIB_SYS, get_last_socket_error());
1659 *num_processed = 0;
1660 return 0;
1661 }
1662
1663 msg->data_len = (size_t)l;
1664 msg->flags = 0;
1665
1666 if (msg->local != NULL)
1667 if (extract_local(b, &mh, msg->local) < 1)
1668 /*
1669 * OS X exhibits odd behaviour where it appears that if a packet is
1670 * sent before the receiving interface enables IP_PKTINFO, it will
1671 * sometimes not have any control data returned even if the
1672 * receiving interface enables IP_PKTINFO before calling recvmsg().
1673 * This appears to occur non-deterministically. Presumably, OS X
1674 * handles IP_PKTINFO at the time the packet is enqueued into a
1675 * socket's receive queue, rather than at the time recvmsg() is
1676 * called, unlike most other operating systems. Thus (if this
1677 * hypothesis is correct) there is a race between where IP_PKTINFO
1678 * is enabled by the process and when the kernel's network stack
1679 * queues the incoming message.
1680 *
1681 * We cannot return the local address if we do not have it, but this
1682 * is not a caller error either, so just return a zero address
1683 * structure. This is similar to how we handle Windows loopback
1684 * interfaces (see below). We enable this workaround for all
1685 * platforms, not just Apple, as this kind of quirk in OS networking
1686 * stacks seems to be common enough that failing hard if a local
1687 * address is not provided appears to be too brittle.
1688 */
1689 BIO_ADDR_clear(msg->local);
1690
1691 *num_processed = 1;
1692 return 1;
1693
1694 #elif M_METHOD == M_METHOD_RECVFROM || M_METHOD == M_METHOD_WSARECVMSG
1695 #if M_METHOD == M_METHOD_WSARECVMSG
1696 if (bio_WSARecvMsg != NULL) {
1697 /* WSARecvMsg-based implementation for Windows. */
1698 translate_msg_win(b, &wmsg, &wbuf, control, msg);
1699
1700 /* If local address was requested, it must have been enabled */
1701 if (msg[0].local != NULL && !have_local_enabled) {
1702 ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
1703 *num_processed = 0;
1704 return 0;
1705 }
1706
1707 ret = WSARecvMsg((SOCKET)b->num, &wmsg, &num_bytes_received, NULL, NULL);
1708 if (ret < 0) {
1709 ERR_raise(ERR_LIB_SYS, get_last_socket_error());
1710 *num_processed = 0;
1711 return 0;
1712 }
1713
1714 msg[0].data_len = num_bytes_received;
1715 msg[0].flags = 0;
1716 if (msg[0].local != NULL)
1717 if (extract_local(b, &wmsg, msg[0].local) < 1)
1718 /*
1719 * On Windows, loopback is not a "proper" interface and it works
1720 * differently; packets are essentially short-circuited and
1721 * don't go through all of the normal processing. A consequence
1722 * of this is that packets sent from the local machine to the
1723 * local machine _will not have IP_PKTINFO_ even if the
1724 * IP_PKTINFO socket option is enabled. WSARecvMsg just sets
1725 * Control.len to 0 on returning.
1726 *
1727 * This applies regardless of whether the loopback address,
1728 * 127.0.0.1 is used, or a local interface address (e.g.
1729 * 192.168.1.1); in both cases IP_PKTINFO will not be present.
1730 *
1731 * We report this condition by setting the local BIO_ADDR's
1732 * family to 0.
1733 */
1734 BIO_ADDR_clear(msg[0].local);
1735
1736 *num_processed = 1;
1737 return 1;
1738 }
1739 #endif
1740
1741 /*
1742 * Fallback to recvfrom and receive a single message.
1743 */
1744 if (msg[0].local != NULL) {
1745 /*
1746 * We cannot determine the local address if using recvfrom
1747 * so fail in this case
1748 */
1749 ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
1750 *num_processed = 0;
1751 return 0;
1752 }
1753
1754 slen = sizeof(*msg[0].peer);
1755 ret = recvfrom(b->num, msg[0].data,
1756 #if defined(OPENSSL_SYS_WINDOWS)
1757 (int)msg[0].data_len,
1758 #else
1759 msg[0].data_len,
1760 #endif
1761 sysflags,
1762 msg[0].peer != NULL ? &msg[0].peer->sa : NULL,
1763 msg[0].peer != NULL ? &slen : NULL);
1764 if (ret <= 0) {
1765 ERR_raise(ERR_LIB_SYS, get_last_socket_error());
1766 *num_processed = 0;
1767 return 0;
1768 }
1769
1770 msg[0].data_len = ret;
1771 msg[0].flags = 0;
1772 *num_processed = 1;
1773 return 1;
1774
1775 #else
1776 ERR_raise(ERR_LIB_BIO, BIO_R_UNSUPPORTED_METHOD);
1777 *num_processed = 0;
1778 return 0;
1779 #endif
1780 }
1781
1782 #ifndef OPENSSL_NO_SCTP
BIO_s_datagram_sctp(void)1783 const BIO_METHOD *BIO_s_datagram_sctp(void)
1784 {
1785 return &methods_dgramp_sctp;
1786 }
1787
BIO_new_dgram_sctp(int fd,int close_flag)1788 BIO *BIO_new_dgram_sctp(int fd, int close_flag)
1789 {
1790 BIO *bio;
1791 int ret, optval = 20000;
1792 int auth_data = 0, auth_forward = 0;
1793 unsigned char *p;
1794 struct sctp_authchunk auth;
1795 struct sctp_authchunks *authchunks;
1796 socklen_t sockopt_len;
1797 #ifdef SCTP_AUTHENTICATION_EVENT
1798 #ifdef SCTP_EVENT
1799 struct sctp_event event;
1800 #else
1801 struct sctp_event_subscribe event;
1802 #endif
1803 #endif
1804
1805 bio = BIO_new(BIO_s_datagram_sctp());
1806 if (bio == NULL)
1807 return NULL;
1808 BIO_set_fd(bio, fd, close_flag);
1809
1810 /* Activate SCTP-AUTH for DATA and FORWARD-TSN chunks */
1811 auth.sauth_chunk = OPENSSL_SCTP_DATA_CHUNK_TYPE;
1812 ret = setsockopt(fd, IPPROTO_SCTP, SCTP_AUTH_CHUNK, &auth,
1813 sizeof(struct sctp_authchunk));
1814 if (ret < 0) {
1815 BIO_vfree(bio);
1816 ERR_raise_data(ERR_LIB_BIO, ERR_R_SYS_LIB,
1817 "Ensure SCTP AUTH chunks are enabled in kernel");
1818 return NULL;
1819 }
1820 auth.sauth_chunk = OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE;
1821 ret = setsockopt(fd, IPPROTO_SCTP, SCTP_AUTH_CHUNK, &auth,
1822 sizeof(struct sctp_authchunk));
1823 if (ret < 0) {
1824 BIO_vfree(bio);
1825 ERR_raise_data(ERR_LIB_BIO, ERR_R_SYS_LIB,
1826 "Ensure SCTP AUTH chunks are enabled in kernel");
1827 return NULL;
1828 }
1829
1830 /*
1831 * Test if activation was successful. When using accept(), SCTP-AUTH has
1832 * to be activated for the listening socket already, otherwise the
1833 * connected socket won't use it. Similarly with connect(): the socket
1834 * prior to connection must be activated for SCTP-AUTH
1835 */
1836 sockopt_len = (socklen_t)(sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t));
1837 authchunks = OPENSSL_zalloc(sockopt_len);
1838 if (authchunks == NULL) {
1839 BIO_vfree(bio);
1840 return NULL;
1841 }
1842 ret = getsockopt(fd, IPPROTO_SCTP, SCTP_LOCAL_AUTH_CHUNKS, authchunks,
1843 &sockopt_len);
1844 if (ret < 0) {
1845 OPENSSL_free(authchunks);
1846 BIO_vfree(bio);
1847 return NULL;
1848 }
1849
1850 for (p = (unsigned char *)authchunks->gauth_chunks;
1851 p < (unsigned char *)authchunks + sockopt_len;
1852 p += sizeof(uint8_t)) {
1853 if (*p == OPENSSL_SCTP_DATA_CHUNK_TYPE)
1854 auth_data = 1;
1855 if (*p == OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE)
1856 auth_forward = 1;
1857 }
1858
1859 OPENSSL_free(authchunks);
1860
1861 if (!auth_data || !auth_forward) {
1862 BIO_vfree(bio);
1863 ERR_raise_data(ERR_LIB_BIO, ERR_R_SYS_LIB,
1864 "Ensure SCTP AUTH chunks are enabled on the "
1865 "underlying socket");
1866 return NULL;
1867 }
1868
1869 #ifdef SCTP_AUTHENTICATION_EVENT
1870 #ifdef SCTP_EVENT
1871 memset(&event, 0, sizeof(event));
1872 event.se_assoc_id = 0;
1873 event.se_type = SCTP_AUTHENTICATION_EVENT;
1874 event.se_on = 1;
1875 ret = setsockopt(fd, IPPROTO_SCTP, SCTP_EVENT, &event,
1876 sizeof(struct sctp_event));
1877 if (ret < 0) {
1878 BIO_vfree(bio);
1879 return NULL;
1880 }
1881 #else
1882 sockopt_len = (socklen_t)sizeof(struct sctp_event_subscribe);
1883 ret = getsockopt(fd, IPPROTO_SCTP, SCTP_EVENTS, &event, &sockopt_len);
1884 if (ret < 0) {
1885 BIO_vfree(bio);
1886 return NULL;
1887 }
1888
1889 event.sctp_authentication_event = 1;
1890
1891 ret = setsockopt(fd, IPPROTO_SCTP, SCTP_EVENTS, &event,
1892 sizeof(struct sctp_event_subscribe));
1893 if (ret < 0) {
1894 BIO_vfree(bio);
1895 return NULL;
1896 }
1897 #endif
1898 #endif
1899
1900 /*
1901 * Disable partial delivery by setting the min size larger than the max
1902 * record size of 2^14 + 2048 + 13
1903 */
1904 ret = setsockopt(fd, IPPROTO_SCTP, SCTP_PARTIAL_DELIVERY_POINT, &optval,
1905 sizeof(optval));
1906 if (ret < 0) {
1907 BIO_vfree(bio);
1908 return NULL;
1909 }
1910
1911 return bio;
1912 }
1913
BIO_dgram_is_sctp(BIO * bio)1914 int BIO_dgram_is_sctp(BIO *bio)
1915 {
1916 return (BIO_method_type(bio) == BIO_TYPE_DGRAM_SCTP);
1917 }
1918
dgram_sctp_new(BIO * bi)1919 static int dgram_sctp_new(BIO *bi)
1920 {
1921 bio_dgram_sctp_data *data = NULL;
1922
1923 bi->init = 0;
1924 bi->num = 0;
1925 if ((data = OPENSSL_zalloc(sizeof(*data))) == NULL)
1926 return 0;
1927 #ifdef SCTP_PR_SCTP_NONE
1928 data->prinfo.pr_policy = SCTP_PR_SCTP_NONE;
1929 #endif
1930 bi->ptr = data;
1931
1932 bi->flags = 0;
1933 return 1;
1934 }
1935
dgram_sctp_free(BIO * a)1936 static int dgram_sctp_free(BIO *a)
1937 {
1938 bio_dgram_sctp_data *data;
1939
1940 if (a == NULL)
1941 return 0;
1942 if (!dgram_clear(a))
1943 return 0;
1944
1945 data = (bio_dgram_sctp_data *)a->ptr;
1946 if (data != NULL)
1947 OPENSSL_free(data);
1948
1949 return 1;
1950 }
1951
1952 #ifdef SCTP_AUTHENTICATION_EVENT
dgram_sctp_handle_auth_free_key_event(BIO * b,union sctp_notification * snp)1953 void dgram_sctp_handle_auth_free_key_event(BIO *b,
1954 union sctp_notification *snp)
1955 {
1956 int ret;
1957 struct sctp_authkey_event *authkeyevent = &snp->sn_auth_event;
1958
1959 if (authkeyevent->auth_indication == SCTP_AUTH_FREE_KEY) {
1960 struct sctp_authkeyid authkeyid;
1961
1962 /* delete key */
1963 authkeyid.scact_keynumber = authkeyevent->auth_keynumber;
1964 ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_DELETE_KEY,
1965 &authkeyid, sizeof(struct sctp_authkeyid));
1966 }
1967 }
1968 #endif
1969
dgram_sctp_read(BIO * b,char * out,int outl)1970 static int dgram_sctp_read(BIO *b, char *out, int outl)
1971 {
1972 int ret = 0, n = 0, i, optval;
1973 socklen_t optlen;
1974 bio_dgram_sctp_data *data = (bio_dgram_sctp_data *)b->ptr;
1975 struct msghdr msg;
1976 struct iovec iov;
1977 struct cmsghdr *cmsg;
1978 char cmsgbuf[512];
1979
1980 if (out != NULL) {
1981 clear_socket_error();
1982
1983 do {
1984 memset(&data->rcvinfo, 0, sizeof(data->rcvinfo));
1985 iov.iov_base = out;
1986 iov.iov_len = outl;
1987 msg.msg_name = NULL;
1988 msg.msg_namelen = 0;
1989 msg.msg_iov = &iov;
1990 msg.msg_iovlen = 1;
1991 msg.msg_control = cmsgbuf;
1992 msg.msg_controllen = 512;
1993 msg.msg_flags = 0;
1994 n = recvmsg(b->num, &msg, 0);
1995
1996 if (n <= 0) {
1997 if (n < 0)
1998 ret = n;
1999 break;
2000 }
2001
2002 if (msg.msg_controllen > 0) {
2003 for (cmsg = CMSG_FIRSTHDR(&msg); cmsg;
2004 cmsg = CMSG_NXTHDR(&msg, cmsg)) {
2005 if (cmsg->cmsg_level != IPPROTO_SCTP)
2006 continue;
2007 #ifdef SCTP_RCVINFO
2008 if (cmsg->cmsg_type == SCTP_RCVINFO) {
2009 struct sctp_rcvinfo *rcvinfo;
2010
2011 rcvinfo = (struct sctp_rcvinfo *)CMSG_DATA(cmsg);
2012 data->rcvinfo.rcv_sid = rcvinfo->rcv_sid;
2013 data->rcvinfo.rcv_ssn = rcvinfo->rcv_ssn;
2014 data->rcvinfo.rcv_flags = rcvinfo->rcv_flags;
2015 data->rcvinfo.rcv_ppid = rcvinfo->rcv_ppid;
2016 data->rcvinfo.rcv_tsn = rcvinfo->rcv_tsn;
2017 data->rcvinfo.rcv_cumtsn = rcvinfo->rcv_cumtsn;
2018 data->rcvinfo.rcv_context = rcvinfo->rcv_context;
2019 }
2020 #endif
2021 #ifdef SCTP_SNDRCV
2022 if (cmsg->cmsg_type == SCTP_SNDRCV) {
2023 struct sctp_sndrcvinfo *sndrcvinfo;
2024
2025 sndrcvinfo = (struct sctp_sndrcvinfo *)CMSG_DATA(cmsg);
2026 data->rcvinfo.rcv_sid = sndrcvinfo->sinfo_stream;
2027 data->rcvinfo.rcv_ssn = sndrcvinfo->sinfo_ssn;
2028 data->rcvinfo.rcv_flags = sndrcvinfo->sinfo_flags;
2029 data->rcvinfo.rcv_ppid = sndrcvinfo->sinfo_ppid;
2030 data->rcvinfo.rcv_tsn = sndrcvinfo->sinfo_tsn;
2031 data->rcvinfo.rcv_cumtsn = sndrcvinfo->sinfo_cumtsn;
2032 data->rcvinfo.rcv_context = sndrcvinfo->sinfo_context;
2033 }
2034 #endif
2035 }
2036 }
2037
2038 if (msg.msg_flags & MSG_NOTIFICATION) {
2039 union sctp_notification snp;
2040
2041 if (n < (int)sizeof(snp.sn_header))
2042 return -1;
2043 memset(&snp, 0, sizeof(snp));
2044 memcpy(&snp, out, (size_t)n < sizeof(snp) ? (size_t)n : sizeof(snp));
2045 if (snp.sn_header.sn_type == SCTP_SENDER_DRY_EVENT) {
2046 #ifdef SCTP_EVENT
2047 struct sctp_event event;
2048 #else
2049 struct sctp_event_subscribe event;
2050 socklen_t eventsize;
2051 #endif
2052
2053 /* disable sender dry event */
2054 #ifdef SCTP_EVENT
2055 memset(&event, 0, sizeof(event));
2056 event.se_assoc_id = 0;
2057 event.se_type = SCTP_SENDER_DRY_EVENT;
2058 event.se_on = 0;
2059 i = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENT, &event,
2060 sizeof(struct sctp_event));
2061 if (i < 0) {
2062 ret = i;
2063 break;
2064 }
2065 #else
2066 eventsize = sizeof(struct sctp_event_subscribe);
2067 i = getsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event,
2068 &eventsize);
2069 if (i < 0) {
2070 ret = i;
2071 break;
2072 }
2073
2074 event.sctp_sender_dry_event = 0;
2075
2076 i = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event,
2077 sizeof(struct sctp_event_subscribe));
2078 if (i < 0) {
2079 ret = i;
2080 break;
2081 }
2082 #endif
2083 }
2084 #ifdef SCTP_AUTHENTICATION_EVENT
2085 if (snp.sn_header.sn_type == SCTP_AUTHENTICATION_EVENT)
2086 dgram_sctp_handle_auth_free_key_event(b, &snp);
2087 #endif
2088
2089 if (data->handle_notifications != NULL)
2090 data->handle_notifications(b, data->notification_context,
2091 (void *)out);
2092
2093 memset(out, 0, outl);
2094 } else {
2095 ret += n;
2096 }
2097 } while ((msg.msg_flags & MSG_NOTIFICATION) && (msg.msg_flags & MSG_EOR)
2098 && (ret < outl));
2099
2100 if (ret > 0 && !(msg.msg_flags & MSG_EOR)) {
2101 /* Partial message read, this should never happen! */
2102
2103 /*
2104 * The buffer was too small, this means the peer sent a message
2105 * that was larger than allowed.
2106 */
2107 if (ret == outl)
2108 return -1;
2109
2110 /*
2111 * Test if socket buffer can handle max record size (2^14 + 2048
2112 * + 13)
2113 */
2114 optlen = (socklen_t)sizeof(int);
2115 ret = getsockopt(b->num, SOL_SOCKET, SO_RCVBUF, &optval, &optlen);
2116 if (ret >= 0 && !ossl_assert(optval >= 18445))
2117 return -1;
2118
2119 /*
2120 * Test if SCTP doesn't partially deliver below max record size
2121 * (2^14 + 2048 + 13)
2122 */
2123 optlen = (socklen_t)sizeof(int);
2124 ret = getsockopt(b->num, IPPROTO_SCTP, SCTP_PARTIAL_DELIVERY_POINT,
2125 &optval, &optlen);
2126 if (ret >= 0 && !ossl_assert(optval >= 18445))
2127 return -1;
2128
2129 /*
2130 * Partially delivered notification??? Probably a bug....
2131 */
2132 if (!ossl_assert((msg.msg_flags & MSG_NOTIFICATION) == 0))
2133 return -1;
2134
2135 /*
2136 * Everything seems ok till now, so it's most likely a message
2137 * dropped by PR-SCTP.
2138 */
2139 memset(out, 0, outl);
2140 BIO_set_retry_read(b);
2141 return -1;
2142 }
2143
2144 BIO_clear_retry_flags(b);
2145 if (ret < 0) {
2146 if (BIO_dgram_should_retry(ret)) {
2147 BIO_set_retry_read(b);
2148 data->dgram._errno = get_last_socket_error();
2149 }
2150 }
2151
2152 /* Test if peer uses SCTP-AUTH before continuing */
2153 if (!data->peer_auth_tested) {
2154 int ii, auth_data = 0, auth_forward = 0;
2155 unsigned char *p;
2156 struct sctp_authchunks *authchunks;
2157
2158 optlen = (socklen_t)(sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t));
2159 authchunks = OPENSSL_malloc(optlen);
2160 if (authchunks == NULL)
2161 return -1;
2162 memset(authchunks, 0, optlen);
2163 ii = getsockopt(b->num, IPPROTO_SCTP, SCTP_PEER_AUTH_CHUNKS,
2164 authchunks, &optlen);
2165
2166 if (ii >= 0)
2167 for (p = (unsigned char *)authchunks->gauth_chunks;
2168 p < (unsigned char *)authchunks + optlen;
2169 p += sizeof(uint8_t)) {
2170 if (*p == OPENSSL_SCTP_DATA_CHUNK_TYPE)
2171 auth_data = 1;
2172 if (*p == OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE)
2173 auth_forward = 1;
2174 }
2175
2176 OPENSSL_free(authchunks);
2177
2178 if (!auth_data || !auth_forward) {
2179 ERR_raise(ERR_LIB_BIO, BIO_R_CONNECT_ERROR);
2180 return -1;
2181 }
2182
2183 data->peer_auth_tested = 1;
2184 }
2185 }
2186 return ret;
2187 }
2188
2189 /*
2190 * dgram_sctp_write - send message on SCTP socket
2191 * @b: BIO to write to
2192 * @in: data to send
2193 * @inl: amount of bytes in @in to send
2194 *
2195 * Returns -1 on error or the sent amount of bytes on success
2196 */
dgram_sctp_write(BIO * b,const char * in,int inl)2197 static int dgram_sctp_write(BIO *b, const char *in, int inl)
2198 {
2199 int ret;
2200 bio_dgram_sctp_data *data = (bio_dgram_sctp_data *)b->ptr;
2201 struct bio_dgram_sctp_sndinfo *sinfo = &(data->sndinfo);
2202 struct bio_dgram_sctp_prinfo *pinfo = &(data->prinfo);
2203 struct bio_dgram_sctp_sndinfo handshake_sinfo;
2204 struct iovec iov[1];
2205 struct msghdr msg;
2206 struct cmsghdr *cmsg;
2207 #if defined(SCTP_SNDINFO) && defined(SCTP_PRINFO)
2208 char cmsgbuf[CMSG_SPACE(sizeof(struct sctp_sndinfo)) + CMSG_SPACE(sizeof(struct sctp_prinfo))];
2209 struct sctp_sndinfo *sndinfo;
2210 struct sctp_prinfo *prinfo;
2211 #else
2212 char cmsgbuf[CMSG_SPACE(sizeof(struct sctp_sndrcvinfo))];
2213 struct sctp_sndrcvinfo *sndrcvinfo;
2214 #endif
2215
2216 clear_socket_error();
2217
2218 /*
2219 * If we're send anything else than application data, disable all user
2220 * parameters and flags.
2221 */
2222 if (in[0] != 23) {
2223 memset(&handshake_sinfo, 0, sizeof(handshake_sinfo));
2224 #ifdef SCTP_SACK_IMMEDIATELY
2225 handshake_sinfo.snd_flags = SCTP_SACK_IMMEDIATELY;
2226 #endif
2227 sinfo = &handshake_sinfo;
2228 }
2229
2230 /* We can only send a shutdown alert if the socket is dry */
2231 if (data->save_shutdown) {
2232 ret = BIO_dgram_sctp_wait_for_dry(b);
2233 if (ret < 0)
2234 return -1;
2235 if (ret == 0) {
2236 BIO_clear_retry_flags(b);
2237 BIO_set_retry_write(b);
2238 return -1;
2239 }
2240 }
2241
2242 iov[0].iov_base = (char *)in;
2243 iov[0].iov_len = inl;
2244 msg.msg_name = NULL;
2245 msg.msg_namelen = 0;
2246 msg.msg_iov = iov;
2247 msg.msg_iovlen = 1;
2248 msg.msg_control = (caddr_t)cmsgbuf;
2249 msg.msg_controllen = 0;
2250 msg.msg_flags = 0;
2251 #if defined(SCTP_SNDINFO) && defined(SCTP_PRINFO)
2252 cmsg = (struct cmsghdr *)cmsgbuf;
2253 cmsg->cmsg_level = IPPROTO_SCTP;
2254 cmsg->cmsg_type = SCTP_SNDINFO;
2255 cmsg->cmsg_len = CMSG_LEN(sizeof(struct sctp_sndinfo));
2256 sndinfo = (struct sctp_sndinfo *)CMSG_DATA(cmsg);
2257 memset(sndinfo, 0, sizeof(*sndinfo));
2258 sndinfo->snd_sid = sinfo->snd_sid;
2259 sndinfo->snd_flags = sinfo->snd_flags;
2260 sndinfo->snd_ppid = sinfo->snd_ppid;
2261 sndinfo->snd_context = sinfo->snd_context;
2262 msg.msg_controllen += CMSG_SPACE(sizeof(struct sctp_sndinfo));
2263
2264 cmsg = (struct cmsghdr *)&cmsgbuf[CMSG_SPACE(sizeof(struct sctp_sndinfo))];
2265 cmsg->cmsg_level = IPPROTO_SCTP;
2266 cmsg->cmsg_type = SCTP_PRINFO;
2267 cmsg->cmsg_len = CMSG_LEN(sizeof(struct sctp_prinfo));
2268 prinfo = (struct sctp_prinfo *)CMSG_DATA(cmsg);
2269 memset(prinfo, 0, sizeof(*prinfo));
2270 prinfo->pr_policy = pinfo->pr_policy;
2271 prinfo->pr_value = pinfo->pr_value;
2272 msg.msg_controllen += CMSG_SPACE(sizeof(struct sctp_prinfo));
2273 #else
2274 cmsg = (struct cmsghdr *)cmsgbuf;
2275 cmsg->cmsg_level = IPPROTO_SCTP;
2276 cmsg->cmsg_type = SCTP_SNDRCV;
2277 cmsg->cmsg_len = CMSG_LEN(sizeof(struct sctp_sndrcvinfo));
2278 sndrcvinfo = (struct sctp_sndrcvinfo *)CMSG_DATA(cmsg);
2279 memset(sndrcvinfo, 0, sizeof(*sndrcvinfo));
2280 sndrcvinfo->sinfo_stream = sinfo->snd_sid;
2281 sndrcvinfo->sinfo_flags = sinfo->snd_flags;
2282 #ifdef __FreeBSD__
2283 sndrcvinfo->sinfo_flags |= pinfo->pr_policy;
2284 #endif
2285 sndrcvinfo->sinfo_ppid = sinfo->snd_ppid;
2286 sndrcvinfo->sinfo_context = sinfo->snd_context;
2287 sndrcvinfo->sinfo_timetolive = pinfo->pr_value;
2288 msg.msg_controllen += CMSG_SPACE(sizeof(struct sctp_sndrcvinfo));
2289 #endif
2290
2291 ret = sendmsg(b->num, &msg, 0);
2292
2293 BIO_clear_retry_flags(b);
2294 if (ret <= 0) {
2295 if (BIO_dgram_should_retry(ret)) {
2296 BIO_set_retry_write(b);
2297 data->dgram._errno = get_last_socket_error();
2298 }
2299 }
2300 return ret;
2301 }
2302
dgram_sctp_ctrl(BIO * b,int cmd,long num,void * ptr)2303 static long dgram_sctp_ctrl(BIO *b, int cmd, long num, void *ptr)
2304 {
2305 long ret = 1;
2306 bio_dgram_sctp_data *data = NULL;
2307 socklen_t sockopt_len = 0;
2308 struct sctp_authkeyid authkeyid;
2309 struct sctp_authkey *authkey = NULL;
2310
2311 data = (bio_dgram_sctp_data *)b->ptr;
2312
2313 switch (cmd) {
2314 case BIO_CTRL_DGRAM_QUERY_MTU:
2315 /*
2316 * Set to maximum (2^14) and ignore user input to enable transport
2317 * protocol fragmentation. Returns always 2^14.
2318 */
2319 data->dgram.mtu = 16384;
2320 ret = data->dgram.mtu;
2321 break;
2322 case BIO_CTRL_DGRAM_SET_MTU:
2323 /*
2324 * Set to maximum (2^14) and ignore input to enable transport
2325 * protocol fragmentation. Returns always 2^14.
2326 */
2327 data->dgram.mtu = 16384;
2328 ret = data->dgram.mtu;
2329 break;
2330 case BIO_CTRL_DGRAM_SET_CONNECTED:
2331 case BIO_CTRL_DGRAM_CONNECT:
2332 /* Returns always -1. */
2333 ret = -1;
2334 break;
2335 case BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT:
2336 /*
2337 * SCTP doesn't need the DTLS timer Returns always 1.
2338 */
2339 break;
2340 case BIO_CTRL_DGRAM_GET_MTU_OVERHEAD:
2341 /*
2342 * We allow transport protocol fragmentation so this is irrelevant
2343 */
2344 ret = 0;
2345 break;
2346 case BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE:
2347 if (num > 0)
2348 data->in_handshake = 1;
2349 else
2350 data->in_handshake = 0;
2351
2352 ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_NODELAY,
2353 &data->in_handshake, sizeof(int));
2354 break;
2355 case BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY:
2356 /*
2357 * New shared key for SCTP AUTH. Returns 0 on success, -1 otherwise.
2358 */
2359
2360 /* Get active key */
2361 sockopt_len = sizeof(struct sctp_authkeyid);
2362 ret = getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, &authkeyid,
2363 &sockopt_len);
2364 if (ret < 0)
2365 break;
2366
2367 /* Add new key */
2368 sockopt_len = sizeof(struct sctp_authkey) + 64 * sizeof(uint8_t);
2369 authkey = OPENSSL_malloc(sockopt_len);
2370 if (authkey == NULL) {
2371 ret = -1;
2372 break;
2373 }
2374 memset(authkey, 0, sockopt_len);
2375 authkey->sca_keynumber = authkeyid.scact_keynumber + 1;
2376 #ifndef __FreeBSD__
2377 /*
2378 * This field is missing in FreeBSD 8.2 and earlier, and FreeBSD 8.3
2379 * and higher work without it.
2380 */
2381 authkey->sca_keylength = 64;
2382 #endif
2383 memcpy(&authkey->sca_key[0], ptr, 64 * sizeof(uint8_t));
2384
2385 ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_KEY, authkey,
2386 sockopt_len);
2387 OPENSSL_free(authkey);
2388 authkey = NULL;
2389 if (ret < 0)
2390 break;
2391
2392 /* Reset active key */
2393 ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY,
2394 &authkeyid, sizeof(struct sctp_authkeyid));
2395 if (ret < 0)
2396 break;
2397
2398 break;
2399 case BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY:
2400 /* Returns 0 on success, -1 otherwise. */
2401
2402 /* Get active key */
2403 sockopt_len = sizeof(struct sctp_authkeyid);
2404 ret = getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, &authkeyid,
2405 &sockopt_len);
2406 if (ret < 0)
2407 break;
2408
2409 /* Set active key */
2410 authkeyid.scact_keynumber = authkeyid.scact_keynumber + 1;
2411 ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY,
2412 &authkeyid, sizeof(struct sctp_authkeyid));
2413 if (ret < 0)
2414 break;
2415
2416 /*
2417 * CCS has been sent, so remember that and fall through to check if
2418 * we need to deactivate an old key
2419 */
2420 data->ccs_sent = 1;
2421 /* fall-through */
2422
2423 case BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD:
2424 /* Returns 0 on success, -1 otherwise. */
2425
2426 /*
2427 * Has this command really been called or is this just a
2428 * fall-through?
2429 */
2430 if (cmd == BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD)
2431 data->ccs_rcvd = 1;
2432
2433 /*
2434 * CSS has been both, received and sent, so deactivate an old key
2435 */
2436 if (data->ccs_rcvd == 1 && data->ccs_sent == 1) {
2437 /* Get active key */
2438 sockopt_len = sizeof(struct sctp_authkeyid);
2439 ret = getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY,
2440 &authkeyid, &sockopt_len);
2441 if (ret < 0)
2442 break;
2443
2444 /*
2445 * Deactivate key or delete second last key if
2446 * SCTP_AUTHENTICATION_EVENT is not available.
2447 */
2448 authkeyid.scact_keynumber = authkeyid.scact_keynumber - 1;
2449 #ifdef SCTP_AUTH_DEACTIVATE_KEY
2450 sockopt_len = sizeof(struct sctp_authkeyid);
2451 ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_DEACTIVATE_KEY,
2452 &authkeyid, sockopt_len);
2453 if (ret < 0)
2454 break;
2455 #endif
2456 #ifndef SCTP_AUTHENTICATION_EVENT
2457 if (authkeyid.scact_keynumber > 0) {
2458 authkeyid.scact_keynumber = authkeyid.scact_keynumber - 1;
2459 ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_DELETE_KEY,
2460 &authkeyid, sizeof(struct sctp_authkeyid));
2461 if (ret < 0)
2462 break;
2463 }
2464 #endif
2465
2466 data->ccs_rcvd = 0;
2467 data->ccs_sent = 0;
2468 }
2469 break;
2470 case BIO_CTRL_DGRAM_SCTP_GET_SNDINFO:
2471 /* Returns the size of the copied struct. */
2472 if (num > (long)sizeof(struct bio_dgram_sctp_sndinfo))
2473 num = sizeof(struct bio_dgram_sctp_sndinfo);
2474
2475 memcpy(ptr, &(data->sndinfo), num);
2476 ret = num;
2477 break;
2478 case BIO_CTRL_DGRAM_SCTP_SET_SNDINFO:
2479 /* Returns the size of the copied struct. */
2480 if (num > (long)sizeof(struct bio_dgram_sctp_sndinfo))
2481 num = sizeof(struct bio_dgram_sctp_sndinfo);
2482
2483 memcpy(&(data->sndinfo), ptr, num);
2484 break;
2485 case BIO_CTRL_DGRAM_SCTP_GET_RCVINFO:
2486 /* Returns the size of the copied struct. */
2487 if (num > (long)sizeof(struct bio_dgram_sctp_rcvinfo))
2488 num = sizeof(struct bio_dgram_sctp_rcvinfo);
2489
2490 memcpy(ptr, &data->rcvinfo, num);
2491
2492 ret = num;
2493 break;
2494 case BIO_CTRL_DGRAM_SCTP_SET_RCVINFO:
2495 /* Returns the size of the copied struct. */
2496 if (num > (long)sizeof(struct bio_dgram_sctp_rcvinfo))
2497 num = sizeof(struct bio_dgram_sctp_rcvinfo);
2498
2499 memcpy(&(data->rcvinfo), ptr, num);
2500 break;
2501 case BIO_CTRL_DGRAM_SCTP_GET_PRINFO:
2502 /* Returns the size of the copied struct. */
2503 if (num > (long)sizeof(struct bio_dgram_sctp_prinfo))
2504 num = sizeof(struct bio_dgram_sctp_prinfo);
2505
2506 memcpy(ptr, &(data->prinfo), num);
2507 ret = num;
2508 break;
2509 case BIO_CTRL_DGRAM_SCTP_SET_PRINFO:
2510 /* Returns the size of the copied struct. */
2511 if (num > (long)sizeof(struct bio_dgram_sctp_prinfo))
2512 num = sizeof(struct bio_dgram_sctp_prinfo);
2513
2514 memcpy(&(data->prinfo), ptr, num);
2515 break;
2516 case BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN:
2517 /* Returns always 1. */
2518 if (num > 0)
2519 data->save_shutdown = 1;
2520 else
2521 data->save_shutdown = 0;
2522 break;
2523 case BIO_CTRL_DGRAM_SCTP_WAIT_FOR_DRY:
2524 return dgram_sctp_wait_for_dry(b);
2525 case BIO_CTRL_DGRAM_SCTP_MSG_WAITING:
2526 return dgram_sctp_msg_waiting(b);
2527
2528 default:
2529 /*
2530 * Pass to default ctrl function to process SCTP unspecific commands
2531 */
2532 ret = dgram_ctrl(b, cmd, num, ptr);
2533 break;
2534 }
2535 return ret;
2536 }
2537
BIO_dgram_sctp_notification_cb(BIO * b,BIO_dgram_sctp_notification_handler_fn handle_notifications,void * context)2538 int BIO_dgram_sctp_notification_cb(BIO *b,
2539 BIO_dgram_sctp_notification_handler_fn handle_notifications,
2540 void *context)
2541 {
2542 bio_dgram_sctp_data *data = (bio_dgram_sctp_data *)b->ptr;
2543
2544 if (handle_notifications != NULL) {
2545 data->handle_notifications = handle_notifications;
2546 data->notification_context = context;
2547 } else
2548 return -1;
2549
2550 return 0;
2551 }
2552
2553 /*
2554 * BIO_dgram_sctp_wait_for_dry - Wait for SCTP SENDER_DRY event
2555 * @b: The BIO to check for the dry event
2556 *
2557 * Wait until the peer confirms all packets have been received, and so that
2558 * our kernel doesn't have anything to send anymore. This is only received by
2559 * the peer's kernel, not the application.
2560 *
2561 * Returns:
2562 * -1 on error
2563 * 0 when not dry yet
2564 * 1 when dry
2565 */
BIO_dgram_sctp_wait_for_dry(BIO * b)2566 int BIO_dgram_sctp_wait_for_dry(BIO *b)
2567 {
2568 return (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SCTP_WAIT_FOR_DRY, 0, NULL);
2569 }
2570
dgram_sctp_wait_for_dry(BIO * b)2571 static int dgram_sctp_wait_for_dry(BIO *b)
2572 {
2573 int is_dry = 0;
2574 int sockflags = 0;
2575 int n, ret;
2576 union sctp_notification snp;
2577 struct msghdr msg;
2578 struct iovec iov;
2579 #ifdef SCTP_EVENT
2580 struct sctp_event event;
2581 #else
2582 struct sctp_event_subscribe event;
2583 socklen_t eventsize;
2584 #endif
2585 bio_dgram_sctp_data *data = (bio_dgram_sctp_data *)b->ptr;
2586
2587 /* set sender dry event */
2588 #ifdef SCTP_EVENT
2589 memset(&event, 0, sizeof(event));
2590 event.se_assoc_id = 0;
2591 event.se_type = SCTP_SENDER_DRY_EVENT;
2592 event.se_on = 1;
2593 ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENT, &event,
2594 sizeof(struct sctp_event));
2595 #else
2596 eventsize = sizeof(struct sctp_event_subscribe);
2597 ret = getsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, &eventsize);
2598 if (ret < 0)
2599 return -1;
2600
2601 event.sctp_sender_dry_event = 1;
2602
2603 ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event,
2604 sizeof(struct sctp_event_subscribe));
2605 #endif
2606 if (ret < 0)
2607 return -1;
2608
2609 /* peek for notification */
2610 memset(&snp, 0, sizeof(snp));
2611 iov.iov_base = (char *)&snp;
2612 iov.iov_len = sizeof(union sctp_notification);
2613 msg.msg_name = NULL;
2614 msg.msg_namelen = 0;
2615 msg.msg_iov = &iov;
2616 msg.msg_iovlen = 1;
2617 msg.msg_control = NULL;
2618 msg.msg_controllen = 0;
2619 msg.msg_flags = 0;
2620
2621 n = recvmsg(b->num, &msg, MSG_PEEK);
2622 if (n <= 0) {
2623 if ((n < 0) && (get_last_socket_error() != EAGAIN)
2624 && (get_last_socket_error() != EWOULDBLOCK))
2625 return -1;
2626 else
2627 return 0;
2628 }
2629
2630 /* if we find a notification, process it and try again if necessary */
2631 while (msg.msg_flags & MSG_NOTIFICATION) {
2632 memset(&snp, 0, sizeof(snp));
2633 iov.iov_base = (char *)&snp;
2634 iov.iov_len = sizeof(union sctp_notification);
2635 msg.msg_name = NULL;
2636 msg.msg_namelen = 0;
2637 msg.msg_iov = &iov;
2638 msg.msg_iovlen = 1;
2639 msg.msg_control = NULL;
2640 msg.msg_controllen = 0;
2641 msg.msg_flags = 0;
2642
2643 n = recvmsg(b->num, &msg, 0);
2644 if (n <= 0) {
2645 if ((n < 0) && (get_last_socket_error() != EAGAIN)
2646 && (get_last_socket_error() != EWOULDBLOCK))
2647 return -1;
2648 else
2649 return is_dry;
2650 }
2651
2652 if (snp.sn_header.sn_type == SCTP_SENDER_DRY_EVENT) {
2653 is_dry = 1;
2654
2655 /* disable sender dry event */
2656 #ifdef SCTP_EVENT
2657 memset(&event, 0, sizeof(event));
2658 event.se_assoc_id = 0;
2659 event.se_type = SCTP_SENDER_DRY_EVENT;
2660 event.se_on = 0;
2661 ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENT, &event,
2662 sizeof(struct sctp_event));
2663 #else
2664 eventsize = (socklen_t)sizeof(struct sctp_event_subscribe);
2665 ret = getsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event,
2666 &eventsize);
2667 if (ret < 0)
2668 return -1;
2669
2670 event.sctp_sender_dry_event = 0;
2671
2672 ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event,
2673 sizeof(struct sctp_event_subscribe));
2674 #endif
2675 if (ret < 0)
2676 return -1;
2677 }
2678 #ifdef SCTP_AUTHENTICATION_EVENT
2679 if (snp.sn_header.sn_type == SCTP_AUTHENTICATION_EVENT)
2680 dgram_sctp_handle_auth_free_key_event(b, &snp);
2681 #endif
2682
2683 if (data->handle_notifications != NULL)
2684 data->handle_notifications(b, data->notification_context,
2685 (void *)&snp);
2686
2687 /* found notification, peek again */
2688 memset(&snp, 0, sizeof(snp));
2689 iov.iov_base = (char *)&snp;
2690 iov.iov_len = sizeof(union sctp_notification);
2691 msg.msg_name = NULL;
2692 msg.msg_namelen = 0;
2693 msg.msg_iov = &iov;
2694 msg.msg_iovlen = 1;
2695 msg.msg_control = NULL;
2696 msg.msg_controllen = 0;
2697 msg.msg_flags = 0;
2698
2699 /* if we have seen the dry already, don't wait */
2700 if (is_dry) {
2701 sockflags = fcntl(b->num, F_GETFL, 0);
2702 fcntl(b->num, F_SETFL, O_NONBLOCK);
2703 }
2704
2705 n = recvmsg(b->num, &msg, MSG_PEEK);
2706
2707 if (is_dry) {
2708 fcntl(b->num, F_SETFL, sockflags);
2709 }
2710
2711 if (n <= 0) {
2712 if ((n < 0) && (get_last_socket_error() != EAGAIN)
2713 && (get_last_socket_error() != EWOULDBLOCK))
2714 return -1;
2715 else
2716 return is_dry;
2717 }
2718 }
2719
2720 /* read anything else */
2721 return is_dry;
2722 }
2723
BIO_dgram_sctp_msg_waiting(BIO * b)2724 int BIO_dgram_sctp_msg_waiting(BIO *b)
2725 {
2726 return (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SCTP_MSG_WAITING, 0, NULL);
2727 }
2728
dgram_sctp_msg_waiting(BIO * b)2729 static int dgram_sctp_msg_waiting(BIO *b)
2730 {
2731 int n, sockflags;
2732 union sctp_notification snp;
2733 struct msghdr msg;
2734 struct iovec iov;
2735 bio_dgram_sctp_data *data = (bio_dgram_sctp_data *)b->ptr;
2736
2737 /* Check if there are any messages waiting to be read */
2738 do {
2739 memset(&snp, 0, sizeof(snp));
2740 iov.iov_base = (char *)&snp;
2741 iov.iov_len = sizeof(union sctp_notification);
2742 msg.msg_name = NULL;
2743 msg.msg_namelen = 0;
2744 msg.msg_iov = &iov;
2745 msg.msg_iovlen = 1;
2746 msg.msg_control = NULL;
2747 msg.msg_controllen = 0;
2748 msg.msg_flags = 0;
2749
2750 sockflags = fcntl(b->num, F_GETFL, 0);
2751 fcntl(b->num, F_SETFL, O_NONBLOCK);
2752 n = recvmsg(b->num, &msg, MSG_PEEK);
2753 fcntl(b->num, F_SETFL, sockflags);
2754
2755 /* if notification, process and try again */
2756 if (n > 0 && (msg.msg_flags & MSG_NOTIFICATION)) {
2757 #ifdef SCTP_AUTHENTICATION_EVENT
2758 if (snp.sn_header.sn_type == SCTP_AUTHENTICATION_EVENT)
2759 dgram_sctp_handle_auth_free_key_event(b, &snp);
2760 #endif
2761
2762 memset(&snp, 0, sizeof(snp));
2763 iov.iov_base = (char *)&snp;
2764 iov.iov_len = sizeof(union sctp_notification);
2765 msg.msg_name = NULL;
2766 msg.msg_namelen = 0;
2767 msg.msg_iov = &iov;
2768 msg.msg_iovlen = 1;
2769 msg.msg_control = NULL;
2770 msg.msg_controllen = 0;
2771 msg.msg_flags = 0;
2772 n = recvmsg(b->num, &msg, 0);
2773
2774 if (data->handle_notifications != NULL)
2775 data->handle_notifications(b, data->notification_context,
2776 (void *)&snp);
2777 }
2778
2779 } while (n > 0 && (msg.msg_flags & MSG_NOTIFICATION));
2780
2781 /* Return 1 if there is a message to be read, return 0 otherwise. */
2782 if (n > 0)
2783 return 1;
2784 else
2785 return 0;
2786 }
2787
dgram_sctp_puts(BIO * bp,const char * str)2788 static int dgram_sctp_puts(BIO *bp, const char *str)
2789 {
2790 int n, ret;
2791
2792 n = strlen(str);
2793 ret = dgram_sctp_write(bp, str, n);
2794 return ret;
2795 }
2796 #endif
2797
BIO_dgram_should_retry(int i)2798 static int BIO_dgram_should_retry(int i)
2799 {
2800 int err;
2801
2802 if ((i == 0) || (i == -1)) {
2803 err = get_last_socket_error();
2804
2805 #if defined(OPENSSL_SYS_WINDOWS)
2806 /*
2807 * If the socket return value (i) is -1 and err is unexpectedly 0 at
2808 * this point, the error code was overwritten by another system call
2809 * before this error handling is called.
2810 */
2811 #endif
2812
2813 return BIO_dgram_non_fatal_error(err);
2814 }
2815 return 0;
2816 }
2817
BIO_dgram_non_fatal_error(int err)2818 int BIO_dgram_non_fatal_error(int err)
2819 {
2820 switch (err) {
2821 #if defined(OPENSSL_SYS_WINDOWS)
2822 #if defined(WSAEWOULDBLOCK)
2823 case WSAEWOULDBLOCK:
2824 #endif
2825 #endif
2826
2827 #ifdef EWOULDBLOCK
2828 #ifdef WSAEWOULDBLOCK
2829 #if WSAEWOULDBLOCK != EWOULDBLOCK
2830 case EWOULDBLOCK:
2831 #endif
2832 #else
2833 case EWOULDBLOCK:
2834 #endif
2835 #endif
2836
2837 #ifdef EINTR
2838 case EINTR:
2839 #endif
2840
2841 #ifdef EAGAIN
2842 #if EWOULDBLOCK != EAGAIN
2843 case EAGAIN:
2844 #endif
2845 #endif
2846
2847 #ifdef EPROTO
2848 case EPROTO:
2849 #endif
2850
2851 #ifdef EINPROGRESS
2852 case EINPROGRESS:
2853 #endif
2854
2855 #ifdef EALREADY
2856 case EALREADY:
2857 #endif
2858
2859 return 1;
2860 default:
2861 break;
2862 }
2863 return 0;
2864 }
2865
2866 #endif
2867