1 /* 2 * Copyright 2005-2026 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #ifndef _GNU_SOURCE 11 #define _GNU_SOURCE 12 #endif 13 14 #include <stdio.h> 15 #include <errno.h> 16 17 #include "internal/time.h" 18 #include "bio_local.h" 19 #ifndef OPENSSL_NO_DGRAM 20 21 #ifndef OPENSSL_NO_SCTP 22 #include <netinet/sctp.h> 23 #include <fcntl.h> 24 #define OPENSSL_SCTP_DATA_CHUNK_TYPE 0x00 25 #define OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE 0xc0 26 #endif 27 28 #if defined(OPENSSL_SYS_LINUX) && !defined(IP_MTU) 29 #define IP_MTU 14 /* linux is lame */ 30 #endif 31 32 #if OPENSSL_USE_IPV6 && !defined(IPPROTO_IPV6) 33 #define IPPROTO_IPV6 41 /* windows is lame */ 34 #endif 35 36 #if defined(__FreeBSD__) && defined(IN6_IS_ADDR_V4MAPPED) 37 /* Standard definition causes type-punning problems. */ 38 #undef IN6_IS_ADDR_V4MAPPED 39 #define s6_addr32 __u6_addr.__u6_addr32 40 #define IN6_IS_ADDR_V4MAPPED(a) \ 41 (((a)->s6_addr32[0] == 0) && ((a)->s6_addr32[1] == 0) && ((a)->s6_addr32[2] == htonl(0x0000ffff))) 42 #endif 43 44 /* Determine what method to use for BIO_sendmmsg and BIO_recvmmsg. */ 45 #define M_METHOD_NONE 0 46 #define M_METHOD_RECVMMSG 1 47 #define M_METHOD_RECVMSG 2 48 #define M_METHOD_RECVFROM 3 49 #define M_METHOD_WSARECVMSG 4 50 51 #if defined(__GLIBC__) && defined(__GLIBC_PREREQ) 52 #if !(__GLIBC_PREREQ(2, 14)) 53 #undef NO_RECVMMSG 54 /* 55 * Some old glibc versions may have recvmmsg and MSG_WAITFORONE flag, but 56 * not sendmmsg. We need both so force this to be disabled on these old 57 * versions 58 */ 59 #define NO_RECVMMSG 60 #endif 61 #endif 62 #if defined(__GNU__) 63 /* GNU/Hurd does not have IP_PKTINFO yet */ 64 #undef NO_RECVMSG 65 #define NO_RECVMSG 66 #endif 67 #if (defined(__ANDROID_API__) && __ANDROID_API__ < 21) 68 #undef NO_RECVMMSG 69 #define NO_RECVMMSG 70 #endif 71 #if defined(_AIX) 72 /* AIX header files don't properly expose sendmmsg/recvmmsg declarations */ 73 #undef NO_RECVMMSG 74 #define NO_RECVMMSG 75 #endif 76 #if !defined(M_METHOD) 77 #if defined(OPENSSL_SYS_WINDOWS) && defined(BIO_HAVE_WSAMSG) && !defined(NO_WSARECVMSG) 78 #define M_METHOD M_METHOD_WSARECVMSG 79 #elif !defined(OPENSSL_SYS_WINDOWS) && defined(MSG_WAITFORONE) && !defined(NO_RECVMMSG) 80 #define M_METHOD M_METHOD_RECVMMSG 81 #elif !defined(OPENSSL_SYS_WINDOWS) && defined(CMSG_LEN) && !defined(NO_RECVMSG) 82 #define M_METHOD M_METHOD_RECVMSG 83 #elif !defined(NO_RECVFROM) 84 #define M_METHOD M_METHOD_RECVFROM 85 #else 86 #define M_METHOD M_METHOD_NONE 87 #endif 88 #endif 89 90 #if defined(OPENSSL_SYS_WINDOWS) 91 #define BIO_CMSG_SPACE(x) WSA_CMSG_SPACE(x) 92 #define BIO_CMSG_FIRSTHDR(x) WSA_CMSG_FIRSTHDR(x) 93 #define BIO_CMSG_NXTHDR(x, y) WSA_CMSG_NXTHDR(x, y) 94 #define BIO_CMSG_DATA(x) WSA_CMSG_DATA(x) 95 #define BIO_CMSG_LEN(x) WSA_CMSG_LEN(x) 96 #define MSGHDR_TYPE WSAMSG 97 #define CMSGHDR_TYPE WSACMSGHDR 98 #else 99 #define MSGHDR_TYPE struct msghdr 100 #define CMSGHDR_TYPE struct cmsghdr 101 #define BIO_CMSG_SPACE(x) CMSG_SPACE(x) 102 #define BIO_CMSG_FIRSTHDR(x) CMSG_FIRSTHDR(x) 103 #define BIO_CMSG_NXTHDR(x, y) CMSG_NXTHDR(x, y) 104 #define BIO_CMSG_DATA(x) CMSG_DATA(x) 105 #define BIO_CMSG_LEN(x) CMSG_LEN(x) 106 #endif 107 108 #if M_METHOD == M_METHOD_RECVMMSG \ 109 || M_METHOD == M_METHOD_RECVMSG \ 110 || M_METHOD == M_METHOD_WSARECVMSG 111 #if defined(__APPLE__) 112 /* 113 * CMSG_SPACE is not a constant expression on OSX even though POSIX 114 * says it's supposed to be. This should be adequate. 115 */ 116 #define BIO_CMSG_ALLOC_LEN 64 117 #else 118 #if defined(IPV6_PKTINFO) 119 #define BIO_CMSG_ALLOC_LEN_1 BIO_CMSG_SPACE(sizeof(struct in6_pktinfo)) 120 #else 121 #define BIO_CMSG_ALLOC_LEN_1 0 122 #endif 123 #if defined(IP_PKTINFO) 124 #define BIO_CMSG_ALLOC_LEN_2 BIO_CMSG_SPACE(sizeof(struct in_pktinfo)) 125 #else 126 #define BIO_CMSG_ALLOC_LEN_2 0 127 #endif 128 #if defined(IP_RECVDSTADDR) 129 #define BIO_CMSG_ALLOC_LEN_3 BIO_CMSG_SPACE(sizeof(struct in_addr)) 130 #else 131 #define BIO_CMSG_ALLOC_LEN_3 0 132 #endif 133 #define BIO_MAX(X, Y) ((X) > (Y) ? (X) : (Y)) 134 #define BIO_CMSG_ALLOC_LEN \ 135 BIO_MAX(BIO_CMSG_ALLOC_LEN_1, \ 136 BIO_MAX(BIO_CMSG_ALLOC_LEN_2, BIO_CMSG_ALLOC_LEN_3)) 137 #endif 138 /* 139 * Although AIX defines IP_RECVDSTADDR and IPV6_RECVPKTINFO, the 140 * implementation requires IP_PKTINFO to be available for AF_INET. 141 * For AF_INET6 there seem to be limitations how local addresses 142 * are handled on AIX. So, disable the support for now. 143 */ 144 #if (defined(IP_PKTINFO) || defined(IP_RECVDSTADDR)) && defined(IPV6_RECVPKTINFO) \ 145 && !defined(_AIX) 146 #define SUPPORT_LOCAL_ADDR 147 #endif 148 #endif 149 150 #define BIO_MSG_N(array, stride, n) (*(BIO_MSG *)((char *)(array) + (n) * (stride))) 151 152 static int dgram_write(BIO *h, const char *buf, int num); 153 static int dgram_read(BIO *h, char *buf, int size); 154 static int dgram_puts(BIO *h, const char *str); 155 static long dgram_ctrl(BIO *h, int cmd, long arg1, void *arg2); 156 static int dgram_new(BIO *h); 157 static int dgram_free(BIO *data); 158 static int dgram_clear(BIO *bio); 159 static int dgram_sendmmsg(BIO *b, BIO_MSG *msg, 160 size_t stride, size_t num_msg, 161 uint64_t flags, size_t *num_processed); 162 static int dgram_recvmmsg(BIO *b, BIO_MSG *msg, 163 size_t stride, size_t num_msg, 164 uint64_t flags, size_t *num_processed); 165 166 #ifndef OPENSSL_NO_SCTP 167 static int dgram_sctp_write(BIO *h, const char *buf, int num); 168 static int dgram_sctp_read(BIO *h, char *buf, int size); 169 static int dgram_sctp_puts(BIO *h, const char *str); 170 static long dgram_sctp_ctrl(BIO *h, int cmd, long arg1, void *arg2); 171 static int dgram_sctp_new(BIO *h); 172 static int dgram_sctp_free(BIO *data); 173 static int dgram_sctp_wait_for_dry(BIO *b); 174 static int dgram_sctp_msg_waiting(BIO *b); 175 #ifdef SCTP_AUTHENTICATION_EVENT 176 static void dgram_sctp_handle_auth_free_key_event(BIO *b, union sctp_notification *snp); 177 #endif 178 #endif 179 180 static int BIO_dgram_should_retry(int s); 181 182 static const BIO_METHOD methods_dgramp = { 183 BIO_TYPE_DGRAM, 184 "datagram socket", 185 bwrite_conv, 186 dgram_write, 187 bread_conv, 188 dgram_read, 189 dgram_puts, 190 NULL, /* dgram_gets, */ 191 dgram_ctrl, 192 dgram_new, 193 dgram_free, 194 NULL, /* dgram_callback_ctrl */ 195 dgram_sendmmsg, 196 dgram_recvmmsg, 197 }; 198 199 #ifndef OPENSSL_NO_SCTP 200 static const BIO_METHOD methods_dgramp_sctp = { 201 BIO_TYPE_DGRAM_SCTP, 202 "datagram sctp socket", 203 bwrite_conv, 204 dgram_sctp_write, 205 bread_conv, 206 dgram_sctp_read, 207 dgram_sctp_puts, 208 NULL, /* dgram_gets, */ 209 dgram_sctp_ctrl, 210 dgram_sctp_new, 211 dgram_sctp_free, 212 NULL, /* dgram_callback_ctrl */ 213 NULL, /* sendmmsg */ 214 NULL, /* recvmmsg */ 215 }; 216 #endif 217 218 typedef struct bio_dgram_data_st { 219 BIO_ADDR peer; 220 BIO_ADDR local_addr; 221 unsigned int connected; 222 unsigned int _errno; 223 unsigned int mtu; 224 OSSL_TIME next_timeout; 225 OSSL_TIME socket_timeout; 226 unsigned int peekmode; 227 char local_addr_enabled; 228 } bio_dgram_data; 229 230 #ifndef OPENSSL_NO_SCTP 231 typedef struct bio_dgram_sctp_save_message_st { 232 BIO *bio; 233 char *data; 234 int length; 235 } bio_dgram_sctp_save_message; 236 237 /* 238 * Note: bio_dgram_data must be first here 239 * as we use dgram_ctrl for underlying dgram operations 240 * which will cast this struct to a bio_dgram_data 241 */ 242 typedef struct bio_dgram_sctp_data_st { 243 bio_dgram_data dgram; 244 struct bio_dgram_sctp_sndinfo sndinfo; 245 struct bio_dgram_sctp_rcvinfo rcvinfo; 246 struct bio_dgram_sctp_prinfo prinfo; 247 BIO_dgram_sctp_notification_handler_fn handle_notifications; 248 void *notification_context; 249 int in_handshake; 250 int ccs_rcvd; 251 int ccs_sent; 252 int save_shutdown; 253 int peer_auth_tested; 254 } bio_dgram_sctp_data; 255 #endif 256 257 const BIO_METHOD *BIO_s_datagram(void) 258 { 259 return &methods_dgramp; 260 } 261 262 BIO *BIO_new_dgram(int fd, int close_flag) 263 { 264 BIO *ret; 265 266 ret = BIO_new(BIO_s_datagram()); 267 if (ret == NULL) 268 return NULL; 269 BIO_set_fd(ret, fd, close_flag); 270 return ret; 271 } 272 273 static int dgram_new(BIO *bi) 274 { 275 bio_dgram_data *data = OPENSSL_zalloc(sizeof(*data)); 276 277 if (data == NULL) 278 return 0; 279 bi->ptr = data; 280 return 1; 281 } 282 283 static int dgram_free(BIO *a) 284 { 285 bio_dgram_data *data; 286 287 if (a == NULL) 288 return 0; 289 if (!dgram_clear(a)) 290 return 0; 291 292 data = (bio_dgram_data *)a->ptr; 293 OPENSSL_free(data); 294 295 return 1; 296 } 297 298 static int dgram_clear(BIO *a) 299 { 300 if (a == NULL) 301 return 0; 302 if (a->shutdown) { 303 if (a->init) { 304 BIO_closesocket(a->num); 305 } 306 a->init = 0; 307 a->flags = 0; 308 } 309 return 1; 310 } 311 312 static void dgram_adjust_rcv_timeout(BIO *b) 313 { 314 #if defined(SO_RCVTIMEO) 315 bio_dgram_data *data = (bio_dgram_data *)b->ptr; 316 OSSL_TIME timeleft; 317 318 /* Is a timer active? */ 319 if (!ossl_time_is_zero(data->next_timeout)) { 320 /* Read current socket timeout */ 321 #ifdef OPENSSL_SYS_WINDOWS 322 int timeout; 323 int sz = sizeof(timeout); 324 325 if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, 326 (void *)&timeout, &sz) 327 < 0) 328 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), 329 "calling getsockopt()"); 330 else 331 data->socket_timeout = ossl_ms2time(timeout); 332 #else 333 struct timeval tv; 334 socklen_t sz = sizeof(tv); 335 336 if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, &tv, &sz) < 0) 337 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), 338 "calling getsockopt()"); 339 else 340 data->socket_timeout = ossl_time_from_timeval(tv); 341 #endif 342 343 /* Calculate time left until timer expires */ 344 timeleft = ossl_time_subtract(data->next_timeout, ossl_time_now()); 345 if (ossl_time_compare(timeleft, ossl_ticks2time(OSSL_TIME_US)) < 0) 346 timeleft = ossl_ticks2time(OSSL_TIME_US); 347 348 /* 349 * Adjust socket timeout if next handshake message timer will expire 350 * earlier. 351 */ 352 if (ossl_time_is_zero(data->socket_timeout) 353 || ossl_time_compare(data->socket_timeout, timeleft) >= 0) { 354 #ifdef OPENSSL_SYS_WINDOWS 355 timeout = (int)ossl_time2ms(timeleft); 356 if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, 357 (void *)&timeout, sizeof(timeout)) 358 < 0) 359 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), 360 "calling setsockopt()"); 361 #else 362 tv = ossl_time_to_timeval(timeleft); 363 if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, &tv, 364 sizeof(tv)) 365 < 0) 366 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), 367 "calling setsockopt()"); 368 #endif 369 } 370 } 371 #endif 372 } 373 374 static void dgram_update_local_addr(BIO *b) 375 { 376 bio_dgram_data *data = (bio_dgram_data *)b->ptr; 377 socklen_t addr_len = sizeof(data->local_addr); 378 379 if (getsockname(b->num, &data->local_addr.sa, &addr_len) < 0) 380 /* 381 * This should not be possible, but zero-initialize and return 382 * anyway. 383 */ 384 BIO_ADDR_clear(&data->local_addr); 385 } 386 387 #if M_METHOD == M_METHOD_RECVMMSG || M_METHOD == M_METHOD_RECVMSG || M_METHOD == M_METHOD_WSARECVMSG 388 static int dgram_get_sock_family(BIO *b) 389 { 390 bio_dgram_data *data = (bio_dgram_data *)b->ptr; 391 return data->local_addr.sa.sa_family; 392 } 393 #endif 394 395 static void dgram_reset_rcv_timeout(BIO *b) 396 { 397 #if defined(SO_RCVTIMEO) 398 bio_dgram_data *data = (bio_dgram_data *)b->ptr; 399 400 /* Is a timer active? */ 401 if (!ossl_time_is_zero(data->next_timeout)) { 402 #ifdef OPENSSL_SYS_WINDOWS 403 int timeout = (int)ossl_time2ms(data->socket_timeout); 404 405 if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, 406 (void *)&timeout, sizeof(timeout)) 407 < 0) 408 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), 409 "calling setsockopt()"); 410 #else 411 struct timeval tv = ossl_time_to_timeval(data->socket_timeout); 412 413 if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, &tv, sizeof(tv)) < 0) 414 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), 415 "calling setsockopt()"); 416 #endif 417 } 418 #endif 419 } 420 421 static int dgram_read(BIO *b, char *out, int outl) 422 { 423 int ret = 0; 424 bio_dgram_data *data = (bio_dgram_data *)b->ptr; 425 int flags = 0; 426 427 BIO_ADDR peer; 428 socklen_t len = sizeof(peer); 429 430 if (out != NULL) { 431 clear_socket_error(); 432 BIO_ADDR_clear(&peer); 433 dgram_adjust_rcv_timeout(b); 434 if (data->peekmode) 435 flags = MSG_PEEK; 436 ret = recvfrom(b->num, out, outl, flags, 437 BIO_ADDR_sockaddr_noconst(&peer), &len); 438 439 if (!data->connected && ret >= 0) 440 BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, &peer); 441 442 BIO_clear_retry_flags(b); 443 if (ret < 0) { 444 if (BIO_dgram_should_retry(ret)) { 445 BIO_set_retry_read(b); 446 data->_errno = get_last_socket_error(); 447 } 448 } 449 450 dgram_reset_rcv_timeout(b); 451 } 452 return ret; 453 } 454 455 static int dgram_write(BIO *b, const char *in, int inl) 456 { 457 int ret; 458 bio_dgram_data *data = (bio_dgram_data *)b->ptr; 459 clear_socket_error(); 460 461 if (data->connected) 462 ret = writesocket(b->num, in, inl); 463 else { 464 int peerlen = BIO_ADDR_sockaddr_size(&data->peer); 465 466 ret = sendto(b->num, in, inl, 0, 467 BIO_ADDR_sockaddr(&data->peer), peerlen); 468 } 469 470 BIO_clear_retry_flags(b); 471 if (ret <= 0) { 472 if (BIO_dgram_should_retry(ret)) { 473 BIO_set_retry_write(b); 474 data->_errno = get_last_socket_error(); 475 } 476 } 477 return ret; 478 } 479 480 static long dgram_get_mtu_overhead(BIO_ADDR *addr) 481 { 482 long ret; 483 484 switch (BIO_ADDR_family(addr)) { 485 case AF_INET: 486 /* 487 * Assume this is UDP - 20 bytes for IP, 8 bytes for UDP 488 */ 489 ret = 28; 490 break; 491 #if OPENSSL_USE_IPV6 492 case AF_INET6: { 493 #ifdef IN6_IS_ADDR_V4MAPPED 494 struct in6_addr tmp_addr; 495 496 if (BIO_ADDR_rawaddress(addr, &tmp_addr, NULL) 497 && IN6_IS_ADDR_V4MAPPED(&tmp_addr)) 498 /* 499 * Assume this is UDP - 20 bytes for IP, 8 bytes for UDP 500 */ 501 ret = 28; 502 else 503 #endif 504 /* 505 * Assume this is UDP - 40 bytes for IP, 8 bytes for UDP 506 */ 507 ret = 48; 508 } break; 509 #endif 510 default: 511 /* We don't know. Go with the historical default */ 512 ret = 28; 513 break; 514 } 515 return ret; 516 } 517 518 /* Enables appropriate destination address reception option on the socket. */ 519 #if defined(SUPPORT_LOCAL_ADDR) 520 static int enable_local_addr(BIO *b, int enable) 521 { 522 int af = dgram_get_sock_family(b); 523 524 if (af == AF_INET) { 525 #if defined(IP_PKTINFO) 526 /* IP_PKTINFO is preferred */ 527 if (setsockopt(b->num, IPPROTO_IP, IP_PKTINFO, 528 (void *)&enable, sizeof(enable)) 529 < 0) 530 return 0; 531 532 return 1; 533 534 #elif defined(IP_RECVDSTADDR) 535 /* Fall back to IP_RECVDSTADDR */ 536 537 if (setsockopt(b->num, IPPROTO_IP, IP_RECVDSTADDR, 538 &enable, sizeof(enable)) 539 < 0) 540 return 0; 541 542 return 1; 543 #endif 544 } 545 546 #if OPENSSL_USE_IPV6 547 if (af == AF_INET6) { 548 #if defined(IPV6_RECVPKTINFO) 549 if (setsockopt(b->num, IPPROTO_IPV6, IPV6_RECVPKTINFO, 550 &enable, sizeof(enable)) 551 < 0) 552 return 0; 553 554 return 1; 555 #endif 556 } 557 #endif 558 559 return 0; 560 } 561 #endif 562 563 static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) 564 { 565 long ret = 1; 566 int *ip; 567 bio_dgram_data *data = NULL; 568 #ifndef __DJGPP__ 569 /* There are currently no cases where this is used on djgpp/watt32. */ 570 int sockopt_val = 0; 571 #endif 572 int d_errno; 573 #if defined(OPENSSL_SYS_LINUX) && (defined(IP_MTU_DISCOVER) || defined(IP_MTU)) 574 socklen_t sockopt_len; /* assume that system supporting IP_MTU is 575 * modern enough to define socklen_t */ 576 socklen_t addr_len; 577 BIO_ADDR addr; 578 #endif 579 struct sockaddr_storage ss; 580 socklen_t ss_len = sizeof(ss); 581 582 data = (bio_dgram_data *)b->ptr; 583 584 switch (cmd) { 585 case BIO_CTRL_RESET: 586 num = 0; 587 ret = 0; 588 break; 589 case BIO_CTRL_INFO: 590 ret = 0; 591 break; 592 case BIO_C_SET_FD: 593 dgram_clear(b); 594 b->num = *((int *)ptr); 595 b->shutdown = (int)num; 596 b->init = 1; 597 dgram_update_local_addr(b); 598 if (getpeername(b->num, (struct sockaddr *)&ss, &ss_len) == 0) { 599 BIO_ADDR_make(&data->peer, BIO_ADDR_sockaddr((BIO_ADDR *)&ss)); 600 data->connected = 1; 601 } 602 #if defined(SUPPORT_LOCAL_ADDR) 603 if (data->local_addr_enabled) { 604 if (enable_local_addr(b, 1) < 1) 605 data->local_addr_enabled = 0; 606 } 607 #endif 608 break; 609 case BIO_C_GET_FD: 610 if (b->init) { 611 ip = (int *)ptr; 612 if (ip != NULL) 613 *ip = b->num; 614 ret = b->num; 615 } else 616 ret = -1; 617 break; 618 case BIO_CTRL_GET_CLOSE: 619 ret = b->shutdown; 620 break; 621 case BIO_CTRL_SET_CLOSE: 622 b->shutdown = (int)num; 623 break; 624 case BIO_CTRL_PENDING: 625 case BIO_CTRL_WPENDING: 626 ret = 0; 627 break; 628 case BIO_CTRL_DUP: 629 case BIO_CTRL_FLUSH: 630 ret = 1; 631 break; 632 case BIO_CTRL_DGRAM_CONNECT: 633 BIO_ADDR_make(&data->peer, BIO_ADDR_sockaddr((BIO_ADDR *)ptr)); 634 break; 635 /* (Linux)kernel sets DF bit on outgoing IP packets */ 636 case BIO_CTRL_DGRAM_MTU_DISCOVER: 637 #if defined(OPENSSL_SYS_LINUX) && defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DO) 638 addr_len = (socklen_t)sizeof(addr); 639 BIO_ADDR_clear(&addr); 640 if (getsockname(b->num, &addr.sa, &addr_len) < 0) { 641 ret = 0; 642 break; 643 } 644 switch (addr.sa.sa_family) { 645 case AF_INET: 646 sockopt_val = IP_PMTUDISC_DO; 647 if ((ret = setsockopt(b->num, IPPROTO_IP, IP_MTU_DISCOVER, 648 &sockopt_val, sizeof(sockopt_val))) 649 < 0) 650 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), 651 "calling setsockopt()"); 652 break; 653 #if OPENSSL_USE_IPV6 && defined(IPV6_MTU_DISCOVER) && defined(IPV6_PMTUDISC_DO) 654 case AF_INET6: 655 sockopt_val = IPV6_PMTUDISC_DO; 656 if ((ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_MTU_DISCOVER, 657 &sockopt_val, sizeof(sockopt_val))) 658 < 0) 659 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), 660 "calling setsockopt()"); 661 break; 662 #endif 663 default: 664 ret = -1; 665 break; 666 } 667 #else 668 ret = -1; 669 #endif 670 break; 671 case BIO_CTRL_DGRAM_QUERY_MTU: 672 #if defined(OPENSSL_SYS_LINUX) && defined(IP_MTU) 673 addr_len = (socklen_t)sizeof(addr); 674 BIO_ADDR_clear(&addr); 675 if (getsockname(b->num, &addr.sa, &addr_len) < 0) { 676 ret = 0; 677 break; 678 } 679 sockopt_len = sizeof(sockopt_val); 680 switch (addr.sa.sa_family) { 681 case AF_INET: 682 if ((ret = getsockopt(b->num, IPPROTO_IP, IP_MTU, (void *)&sockopt_val, 683 &sockopt_len)) 684 < 0 685 || sockopt_val < 0) { 686 ret = 0; 687 } else { 688 data->mtu = sockopt_val - dgram_get_mtu_overhead(&addr); 689 ret = data->mtu; 690 } 691 break; 692 #if OPENSSL_USE_IPV6 && defined(IPV6_MTU) 693 case AF_INET6: 694 if ((ret = getsockopt(b->num, IPPROTO_IPV6, IPV6_MTU, 695 (void *)&sockopt_val, &sockopt_len)) 696 < 0 697 || sockopt_val < 0) { 698 ret = 0; 699 } else { 700 data->mtu = sockopt_val - dgram_get_mtu_overhead(&addr); 701 ret = data->mtu; 702 } 703 break; 704 #endif 705 default: 706 ret = 0; 707 break; 708 } 709 #else 710 ret = 0; 711 #endif 712 break; 713 case BIO_CTRL_DGRAM_GET_FALLBACK_MTU: 714 ret = -dgram_get_mtu_overhead(&data->peer); 715 switch (BIO_ADDR_family(&data->peer)) { 716 case AF_INET: 717 ret += 576; 718 break; 719 #if OPENSSL_USE_IPV6 720 case AF_INET6: { 721 #ifdef IN6_IS_ADDR_V4MAPPED 722 struct in6_addr tmp_addr; 723 if (BIO_ADDR_rawaddress(&data->peer, &tmp_addr, NULL) 724 && IN6_IS_ADDR_V4MAPPED(&tmp_addr)) 725 ret += 576; 726 else 727 #endif 728 ret += 1280; 729 } break; 730 #endif 731 default: 732 ret += 576; 733 break; 734 } 735 break; 736 case BIO_CTRL_DGRAM_GET_MTU: 737 return data->mtu; 738 case BIO_CTRL_DGRAM_SET_MTU: 739 data->mtu = num; 740 ret = num; 741 break; 742 case BIO_CTRL_DGRAM_SET_CONNECTED: 743 if (ptr != NULL) { 744 data->connected = 1; 745 BIO_ADDR_make(&data->peer, BIO_ADDR_sockaddr((BIO_ADDR *)ptr)); 746 } else { 747 data->connected = 0; 748 BIO_ADDR_clear(&data->peer); 749 } 750 break; 751 case BIO_CTRL_DGRAM_GET_PEER: 752 ret = BIO_ADDR_sockaddr_size(&data->peer); 753 /* FIXME: if num < ret, we will only return part of an address. 754 That should bee an error, no? */ 755 if (num == 0 || num > ret) 756 num = ret; 757 memcpy(ptr, &data->peer, (ret = num)); 758 break; 759 case BIO_CTRL_DGRAM_SET_PEER: 760 BIO_ADDR_make(&data->peer, BIO_ADDR_sockaddr((BIO_ADDR *)ptr)); 761 break; 762 case BIO_CTRL_DGRAM_DETECT_PEER_ADDR: { 763 BIO_ADDR xaddr, *p = &data->peer; 764 socklen_t xaddr_len = sizeof(xaddr.sa); 765 766 if (BIO_ADDR_family(p) == AF_UNSPEC) { 767 if (getpeername(b->num, (void *)&xaddr.sa, &xaddr_len) == 0 768 && BIO_ADDR_family(&xaddr) != AF_UNSPEC) { 769 p = &xaddr; 770 } else { 771 ret = 0; 772 break; 773 } 774 } 775 776 ret = BIO_ADDR_sockaddr_size(p); 777 if (num == 0 || num > ret) 778 num = ret; 779 780 memcpy(ptr, p, (ret = num)); 781 } break; 782 case BIO_C_SET_NBIO: 783 if (!BIO_socket_nbio(b->num, num != 0)) 784 ret = 0; 785 break; 786 case BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT: 787 data->next_timeout = ossl_time_from_timeval(*(struct timeval *)ptr); 788 break; 789 #if defined(SO_RCVTIMEO) 790 case BIO_CTRL_DGRAM_SET_RECV_TIMEOUT: 791 #ifdef OPENSSL_SYS_WINDOWS 792 { 793 struct timeval *tv = (struct timeval *)ptr; 794 int timeout = tv->tv_sec * 1000 + tv->tv_usec / 1000; 795 796 if ((ret = setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, 797 (void *)&timeout, sizeof(timeout))) 798 < 0) 799 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), 800 "calling setsockopt()"); 801 } 802 #else 803 if ((ret = setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, ptr, 804 sizeof(struct timeval))) 805 < 0) 806 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), 807 "calling setsockopt()"); 808 #endif 809 break; 810 case BIO_CTRL_DGRAM_GET_RECV_TIMEOUT: { 811 #ifdef OPENSSL_SYS_WINDOWS 812 int sz = 0; 813 int timeout; 814 struct timeval *tv = (struct timeval *)ptr; 815 816 sz = sizeof(timeout); 817 if ((ret = getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, 818 (void *)&timeout, &sz)) 819 < 0) { 820 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), 821 "calling getsockopt()"); 822 } else { 823 tv->tv_sec = timeout / 1000; 824 tv->tv_usec = (timeout % 1000) * 1000; 825 ret = sizeof(*tv); 826 } 827 #else 828 socklen_t sz = sizeof(struct timeval); 829 830 if ((ret = getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, 831 ptr, &sz)) 832 < 0) { 833 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), 834 "calling getsockopt()"); 835 } else if (!ossl_assert((size_t)sz == sizeof(struct timeval))) { 836 ERR_raise_data(ERR_LIB_BIO, ERR_R_INTERNAL_ERROR, 837 "Unexpected getsockopt(SO_RCVTIMEO) return size"); 838 ret = -1; 839 } else { 840 ret = (int)sz; 841 } 842 #endif 843 } break; 844 #endif 845 #if defined(SO_SNDTIMEO) 846 case BIO_CTRL_DGRAM_SET_SEND_TIMEOUT: 847 #ifdef OPENSSL_SYS_WINDOWS 848 { 849 struct timeval *tv = (struct timeval *)ptr; 850 int timeout = tv->tv_sec * 1000 + tv->tv_usec / 1000; 851 852 if ((ret = setsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, 853 (void *)&timeout, sizeof(timeout))) 854 < 0) 855 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), 856 "calling setsockopt()"); 857 } 858 #else 859 if ((ret = setsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, ptr, 860 sizeof(struct timeval))) 861 < 0) 862 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), 863 "calling setsockopt()"); 864 #endif 865 break; 866 case BIO_CTRL_DGRAM_GET_SEND_TIMEOUT: { 867 #ifdef OPENSSL_SYS_WINDOWS 868 int sz = 0; 869 int timeout; 870 struct timeval *tv = (struct timeval *)ptr; 871 872 sz = sizeof(timeout); 873 if ((ret = getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, 874 (void *)&timeout, &sz)) 875 < 0) { 876 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), 877 "calling getsockopt()"); 878 } else { 879 tv->tv_sec = timeout / 1000; 880 tv->tv_usec = (timeout % 1000) * 1000; 881 ret = sizeof(*tv); 882 } 883 #else 884 socklen_t sz = sizeof(struct timeval); 885 886 if ((ret = getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, 887 ptr, &sz)) 888 < 0) { 889 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), 890 "calling getsockopt()"); 891 } else if (!ossl_assert((size_t)sz == sizeof(struct timeval))) { 892 ERR_raise_data(ERR_LIB_BIO, ERR_R_INTERNAL_ERROR, 893 "Unexpected getsockopt(SO_SNDTIMEO) return size"); 894 ret = -1; 895 } else { 896 ret = (int)sz; 897 } 898 #endif 899 } break; 900 #endif 901 case BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP: 902 /* fall-through */ 903 case BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP: 904 #ifdef OPENSSL_SYS_WINDOWS 905 d_errno = (data->_errno == WSAETIMEDOUT); 906 #else 907 d_errno = (data->_errno == EAGAIN); 908 #endif 909 if (d_errno) { 910 ret = 1; 911 data->_errno = 0; 912 } else 913 ret = 0; 914 break; 915 #ifdef EMSGSIZE 916 case BIO_CTRL_DGRAM_MTU_EXCEEDED: 917 if (data->_errno == EMSGSIZE) { 918 ret = 1; 919 data->_errno = 0; 920 } else 921 ret = 0; 922 break; 923 #endif 924 case BIO_CTRL_DGRAM_SET_DONT_FRAG: 925 switch (data->peer.sa.sa_family) { 926 case AF_INET: 927 #if defined(IP_DONTFRAG) 928 sockopt_val = num ? 1 : 0; 929 if ((ret = setsockopt(b->num, IPPROTO_IP, IP_DONTFRAG, 930 &sockopt_val, sizeof(sockopt_val))) 931 < 0) 932 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), 933 "calling setsockopt()"); 934 #elif defined(OPENSSL_SYS_LINUX) && defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_PROBE) 935 sockopt_val = num ? IP_PMTUDISC_PROBE : IP_PMTUDISC_DONT; 936 if ((ret = setsockopt(b->num, IPPROTO_IP, IP_MTU_DISCOVER, 937 &sockopt_val, sizeof(sockopt_val))) 938 < 0) 939 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), 940 "calling setsockopt()"); 941 #elif defined(OPENSSL_SYS_WINDOWS) && defined(IP_DONTFRAGMENT) 942 sockopt_val = num ? 1 : 0; 943 if ((ret = setsockopt(b->num, IPPROTO_IP, IP_DONTFRAGMENT, 944 (const char *)&sockopt_val, 945 sizeof(sockopt_val))) 946 < 0) 947 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), 948 "calling setsockopt()"); 949 #else 950 ret = -1; 951 #endif 952 break; 953 #if OPENSSL_USE_IPV6 954 case AF_INET6: 955 #if defined(IPV6_DONTFRAG) 956 sockopt_val = num ? 1 : 0; 957 if ((ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_DONTFRAG, 958 (const void *)&sockopt_val, 959 sizeof(sockopt_val))) 960 < 0) 961 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), 962 "calling setsockopt()"); 963 964 #elif defined(OPENSSL_SYS_LINUX) && defined(IPV6_MTU_DISCOVER) && defined(IPV6_PMTUDISC_PROBE) 965 sockopt_val = num ? IPV6_PMTUDISC_PROBE : IPV6_PMTUDISC_DONT; 966 if ((ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_MTU_DISCOVER, 967 &sockopt_val, sizeof(sockopt_val))) 968 < 0) 969 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), 970 "calling setsockopt()"); 971 #else 972 ret = -1; 973 #endif 974 break; 975 #endif 976 default: 977 ret = -1; 978 break; 979 } 980 break; 981 case BIO_CTRL_DGRAM_GET_MTU_OVERHEAD: 982 ret = dgram_get_mtu_overhead(&data->peer); 983 break; 984 985 /* 986 * BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE is used here for compatibility 987 * reasons. When BIO_CTRL_DGRAM_SET_PEEK_MODE was first defined its value 988 * was incorrectly clashing with BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE. The 989 * value has been updated to a non-clashing value. However to preserve 990 * binary compatibility we now respond to both the old value and the new one 991 */ 992 case BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE: 993 case BIO_CTRL_DGRAM_SET_PEEK_MODE: 994 data->peekmode = (unsigned int)num; 995 break; 996 997 case BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP: 998 #if defined(SUPPORT_LOCAL_ADDR) 999 ret = 1; 1000 #else 1001 ret = 0; 1002 #endif 1003 break; 1004 1005 case BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE: 1006 #if defined(SUPPORT_LOCAL_ADDR) 1007 num = num > 0; 1008 if (num != data->local_addr_enabled) { 1009 if (enable_local_addr(b, num) < 1) { 1010 ret = 0; 1011 break; 1012 } 1013 1014 data->local_addr_enabled = (char)num; 1015 } 1016 #else 1017 ret = 0; 1018 #endif 1019 break; 1020 1021 case BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE: 1022 *(int *)ptr = data->local_addr_enabled; 1023 break; 1024 1025 case BIO_CTRL_DGRAM_GET_EFFECTIVE_CAPS: 1026 ret = (long)(BIO_DGRAM_CAP_HANDLES_DST_ADDR 1027 | BIO_DGRAM_CAP_HANDLES_SRC_ADDR 1028 | BIO_DGRAM_CAP_PROVIDES_DST_ADDR 1029 | BIO_DGRAM_CAP_PROVIDES_SRC_ADDR); 1030 break; 1031 1032 case BIO_CTRL_GET_RPOLL_DESCRIPTOR: 1033 case BIO_CTRL_GET_WPOLL_DESCRIPTOR: { 1034 BIO_POLL_DESCRIPTOR *pd = ptr; 1035 1036 pd->type = BIO_POLL_DESCRIPTOR_TYPE_SOCK_FD; 1037 pd->value.fd = b->num; 1038 } break; 1039 1040 default: 1041 ret = 0; 1042 break; 1043 } 1044 /* Normalize if error */ 1045 if (ret < 0) 1046 ret = -1; 1047 return ret; 1048 } 1049 1050 static int dgram_puts(BIO *bp, const char *str) 1051 { 1052 int n, ret; 1053 1054 n = strlen(str); 1055 ret = dgram_write(bp, str, n); 1056 return ret; 1057 } 1058 1059 #if M_METHOD == M_METHOD_WSARECVMSG 1060 static void translate_msg_win(BIO *b, WSAMSG *mh, WSABUF *iov, 1061 unsigned char *control, BIO_MSG *msg) 1062 { 1063 iov->len = msg->data_len; 1064 iov->buf = msg->data; 1065 1066 /* Windows requires namelen to be set exactly */ 1067 mh->name = msg->peer != NULL ? &msg->peer->sa : NULL; 1068 if (msg->peer != NULL && dgram_get_sock_family(b) == AF_INET) 1069 mh->namelen = sizeof(struct sockaddr_in); 1070 #if OPENSSL_USE_IPV6 1071 else if (msg->peer != NULL && dgram_get_sock_family(b) == AF_INET6) 1072 mh->namelen = sizeof(struct sockaddr_in6); 1073 #endif 1074 else 1075 mh->namelen = 0; 1076 1077 /* 1078 * When local address reception (IP_PKTINFO, etc.) is enabled, on Windows 1079 * this causes WSARecvMsg to fail if the control buffer is too small to hold 1080 * the structure, or if no control buffer is passed. So we need to give it 1081 * the control buffer even if we aren't actually going to examine the 1082 * result. 1083 */ 1084 mh->lpBuffers = iov; 1085 mh->dwBufferCount = 1; 1086 mh->Control.len = BIO_CMSG_ALLOC_LEN; 1087 mh->Control.buf = control; 1088 mh->dwFlags = 0; 1089 } 1090 #endif 1091 1092 #if M_METHOD == M_METHOD_RECVMMSG || M_METHOD == M_METHOD_RECVMSG 1093 /* Translates a BIO_MSG to a msghdr and iovec. */ 1094 static void translate_msg(BIO *b, struct msghdr *mh, struct iovec *iov, 1095 unsigned char *control, BIO_MSG *msg) 1096 { 1097 bio_dgram_data *data; 1098 1099 iov->iov_base = msg->data; 1100 iov->iov_len = msg->data_len; 1101 1102 data = (bio_dgram_data *)b->ptr; 1103 if (data->connected == 0) { 1104 /* macOS requires msg_namelen be 0 if msg_name is NULL */ 1105 mh->msg_name = msg->peer != NULL ? &msg->peer->sa : NULL; 1106 if (msg->peer != NULL && dgram_get_sock_family(b) == AF_INET) 1107 mh->msg_namelen = sizeof(struct sockaddr_in); 1108 #if OPENSSL_USE_IPV6 1109 else if (msg->peer != NULL && dgram_get_sock_family(b) == AF_INET6) 1110 mh->msg_namelen = sizeof(struct sockaddr_in6); 1111 #endif 1112 else 1113 mh->msg_namelen = 0; 1114 } else { 1115 mh->msg_name = NULL; 1116 mh->msg_namelen = 0; 1117 } 1118 1119 mh->msg_iov = iov; 1120 mh->msg_iovlen = 1; 1121 mh->msg_control = msg->local != NULL ? control : NULL; 1122 mh->msg_controllen = msg->local != NULL ? BIO_CMSG_ALLOC_LEN : 0; 1123 mh->msg_flags = 0; 1124 } 1125 #endif 1126 1127 #if M_METHOD == M_METHOD_RECVMMSG || M_METHOD == M_METHOD_RECVMSG || M_METHOD == M_METHOD_WSARECVMSG 1128 /* Extracts destination address from the control buffer. */ 1129 static int extract_local(BIO *b, MSGHDR_TYPE *mh, BIO_ADDR *local) 1130 { 1131 #if defined(IP_PKTINFO) || defined(IP_RECVDSTADDR) || defined(IPV6_PKTINFO) 1132 CMSGHDR_TYPE *cmsg; 1133 int af = dgram_get_sock_family(b); 1134 1135 for (cmsg = BIO_CMSG_FIRSTHDR(mh); cmsg != NULL; 1136 cmsg = BIO_CMSG_NXTHDR(mh, cmsg)) { 1137 if (af == AF_INET) { 1138 if (cmsg->cmsg_level != IPPROTO_IP) 1139 continue; 1140 1141 #if defined(IP_PKTINFO) 1142 if (cmsg->cmsg_type != IP_PKTINFO) 1143 continue; 1144 1145 local->s_in.sin_addr = ((struct in_pktinfo *)BIO_CMSG_DATA(cmsg))->ipi_addr; 1146 1147 #elif defined(IP_RECVDSTADDR) 1148 if (cmsg->cmsg_type != IP_RECVDSTADDR) 1149 continue; 1150 1151 local->s_in.sin_addr = *(struct in_addr *)BIO_CMSG_DATA(cmsg); 1152 #endif 1153 1154 #if defined(IP_PKTINFO) || defined(IP_RECVDSTADDR) 1155 { 1156 bio_dgram_data *data = b->ptr; 1157 1158 local->s_in.sin_family = AF_INET; 1159 local->s_in.sin_port = data->local_addr.s_in.sin_port; 1160 } 1161 return 1; 1162 #endif 1163 } 1164 #if OPENSSL_USE_IPV6 1165 else if (af == AF_INET6) { 1166 if (cmsg->cmsg_level != IPPROTO_IPV6) 1167 continue; 1168 1169 #if defined(IPV6_RECVPKTINFO) 1170 if (cmsg->cmsg_type != IPV6_PKTINFO) 1171 continue; 1172 1173 { 1174 bio_dgram_data *data = b->ptr; 1175 1176 local->s_in6.sin6_addr = ((struct in6_pktinfo *)BIO_CMSG_DATA(cmsg))->ipi6_addr; 1177 local->s_in6.sin6_family = AF_INET6; 1178 local->s_in6.sin6_port = data->local_addr.s_in6.sin6_port; 1179 local->s_in6.sin6_scope_id = data->local_addr.s_in6.sin6_scope_id; 1180 local->s_in6.sin6_flowinfo = 0; 1181 } 1182 return 1; 1183 #endif 1184 } 1185 #endif 1186 } 1187 #endif 1188 1189 return 0; 1190 } 1191 1192 static int pack_local(BIO *b, MSGHDR_TYPE *mh, const BIO_ADDR *local) 1193 { 1194 int af = dgram_get_sock_family(b); 1195 #if defined(IP_PKTINFO) || defined(IP_RECVDSTADDR) || defined(IPV6_PKTINFO) 1196 CMSGHDR_TYPE *cmsg; 1197 bio_dgram_data *data = b->ptr; 1198 #endif 1199 1200 if (af == AF_INET) { 1201 #if defined(IP_PKTINFO) 1202 struct in_pktinfo *info; 1203 1204 #if defined(OPENSSL_SYS_WINDOWS) 1205 cmsg = (CMSGHDR_TYPE *)mh->Control.buf; 1206 #else 1207 cmsg = (CMSGHDR_TYPE *)mh->msg_control; 1208 #endif 1209 1210 cmsg->cmsg_len = BIO_CMSG_LEN(sizeof(struct in_pktinfo)); 1211 cmsg->cmsg_level = IPPROTO_IP; 1212 cmsg->cmsg_type = IP_PKTINFO; 1213 1214 info = (struct in_pktinfo *)BIO_CMSG_DATA(cmsg); 1215 #if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_CYGWIN) && !defined(__FreeBSD__) && !defined(__QNX__) 1216 info->ipi_spec_dst = local->s_in.sin_addr; 1217 #endif 1218 info->ipi_addr.s_addr = 0; 1219 info->ipi_ifindex = 0; 1220 1221 /* 1222 * We cannot override source port using this API, therefore 1223 * ensure the application specified a source port of 0 1224 * or the one we are bound to. (Better to error than silently 1225 * ignore this.) 1226 */ 1227 if (local->s_in.sin_port != 0 1228 && data->local_addr.s_in.sin_port != local->s_in.sin_port) { 1229 ERR_raise(ERR_LIB_BIO, BIO_R_PORT_MISMATCH); 1230 return 0; 1231 } 1232 1233 #if defined(OPENSSL_SYS_WINDOWS) 1234 mh->Control.len = BIO_CMSG_SPACE(sizeof(struct in_pktinfo)); 1235 #else 1236 mh->msg_controllen = BIO_CMSG_SPACE(sizeof(struct in_pktinfo)); 1237 #endif 1238 return 1; 1239 1240 #elif defined(IP_SENDSRCADDR) 1241 struct in_addr *info; 1242 1243 /* 1244 * At least FreeBSD is very pedantic about using IP_SENDSRCADDR when we 1245 * are not bound to 0.0.0.0 or ::, even if the address matches what we 1246 * bound to. Support this by not packing the structure if the address 1247 * matches our understanding of our local address. IP_SENDSRCADDR is a 1248 * BSD thing, so we don't need an explicit test for BSD here. 1249 */ 1250 if (local->s_in.sin_addr.s_addr == data->local_addr.s_in.sin_addr.s_addr) { 1251 mh->msg_control = NULL; 1252 mh->msg_controllen = 0; 1253 return 1; 1254 } 1255 1256 cmsg = (struct cmsghdr *)mh->msg_control; 1257 cmsg->cmsg_len = BIO_CMSG_LEN(sizeof(struct in_addr)); 1258 cmsg->cmsg_level = IPPROTO_IP; 1259 cmsg->cmsg_type = IP_SENDSRCADDR; 1260 1261 info = (struct in_addr *)BIO_CMSG_DATA(cmsg); 1262 *info = local->s_in.sin_addr; 1263 1264 /* See comment above. */ 1265 if (local->s_in.sin_port != 0 1266 && data->local_addr.s_in.sin_port != local->s_in.sin_port) { 1267 ERR_raise(ERR_LIB_BIO, BIO_R_PORT_MISMATCH); 1268 return 0; 1269 } 1270 1271 mh->msg_controllen = BIO_CMSG_SPACE(sizeof(struct in_addr)); 1272 return 1; 1273 #endif 1274 } 1275 #if OPENSSL_USE_IPV6 1276 else if (af == AF_INET6) { 1277 #if defined(IPV6_PKTINFO) 1278 struct in6_pktinfo *info; 1279 1280 #if defined(OPENSSL_SYS_WINDOWS) 1281 cmsg = (CMSGHDR_TYPE *)mh->Control.buf; 1282 #else 1283 cmsg = (CMSGHDR_TYPE *)mh->msg_control; 1284 #endif 1285 cmsg->cmsg_len = BIO_CMSG_LEN(sizeof(struct in6_pktinfo)); 1286 cmsg->cmsg_level = IPPROTO_IPV6; 1287 cmsg->cmsg_type = IPV6_PKTINFO; 1288 1289 info = (struct in6_pktinfo *)BIO_CMSG_DATA(cmsg); 1290 info->ipi6_addr = local->s_in6.sin6_addr; 1291 info->ipi6_ifindex = 0; 1292 1293 /* 1294 * See comment above, but also applies to the other fields 1295 * in sockaddr_in6. 1296 */ 1297 if (local->s_in6.sin6_port != 0 1298 && data->local_addr.s_in6.sin6_port != local->s_in6.sin6_port) { 1299 ERR_raise(ERR_LIB_BIO, BIO_R_PORT_MISMATCH); 1300 return 0; 1301 } 1302 1303 if (local->s_in6.sin6_scope_id != 0 1304 && data->local_addr.s_in6.sin6_scope_id != local->s_in6.sin6_scope_id) { 1305 ERR_raise(ERR_LIB_BIO, BIO_R_PORT_MISMATCH); 1306 return 0; 1307 } 1308 1309 #if defined(OPENSSL_SYS_WINDOWS) 1310 mh->Control.len = BIO_CMSG_SPACE(sizeof(struct in6_pktinfo)); 1311 #else 1312 mh->msg_controllen = BIO_CMSG_SPACE(sizeof(struct in6_pktinfo)); 1313 #endif 1314 return 1; 1315 #endif 1316 } 1317 #endif 1318 1319 return 0; 1320 } 1321 #endif 1322 1323 /* 1324 * Converts flags passed to BIO_sendmmsg or BIO_recvmmsg to syscall flags. You 1325 * should mask out any system flags returned by this function you cannot support 1326 * in a particular circumstance. Currently no flags are defined. 1327 */ 1328 #if M_METHOD != M_METHOD_NONE 1329 static int translate_flags(uint64_t flags) 1330 { 1331 return 0; 1332 } 1333 #endif 1334 1335 static int dgram_sendmmsg(BIO *b, BIO_MSG *msg, size_t stride, 1336 size_t num_msg, uint64_t flags, size_t *num_processed) 1337 { 1338 #if M_METHOD != M_METHOD_NONE && M_METHOD != M_METHOD_RECVMSG 1339 int ret; 1340 #endif 1341 #if M_METHOD == M_METHOD_RECVMMSG 1342 #define BIO_MAX_MSGS_PER_CALL 64 1343 int sysflags; 1344 bio_dgram_data *data = (bio_dgram_data *)b->ptr; 1345 size_t i; 1346 struct mmsghdr mh[BIO_MAX_MSGS_PER_CALL]; 1347 struct iovec iov[BIO_MAX_MSGS_PER_CALL]; 1348 unsigned char control[BIO_MAX_MSGS_PER_CALL][BIO_CMSG_ALLOC_LEN]; 1349 int have_local_enabled = data->local_addr_enabled; 1350 #elif M_METHOD == M_METHOD_RECVMSG 1351 int sysflags; 1352 bio_dgram_data *data = (bio_dgram_data *)b->ptr; 1353 ossl_ssize_t l; 1354 struct msghdr mh; 1355 struct iovec iov; 1356 unsigned char control[BIO_CMSG_ALLOC_LEN]; 1357 int have_local_enabled = data->local_addr_enabled; 1358 #elif M_METHOD == M_METHOD_WSARECVMSG 1359 bio_dgram_data *data = (bio_dgram_data *)b->ptr; 1360 int have_local_enabled = data->local_addr_enabled; 1361 WSAMSG wmsg; 1362 WSABUF wbuf; 1363 DWORD num_bytes_sent = 0; 1364 unsigned char control[BIO_CMSG_ALLOC_LEN]; 1365 #endif 1366 #if M_METHOD == M_METHOD_RECVFROM || M_METHOD == M_METHOD_WSARECVMSG 1367 int sysflags; 1368 #endif 1369 1370 if (num_msg == 0) { 1371 *num_processed = 0; 1372 return 1; 1373 } 1374 1375 if (num_msg > OSSL_SSIZE_MAX) 1376 num_msg = OSSL_SSIZE_MAX; 1377 1378 #if M_METHOD != M_METHOD_NONE 1379 sysflags = translate_flags(flags); 1380 #endif 1381 1382 #if M_METHOD == M_METHOD_RECVMMSG 1383 /* 1384 * In the sendmmsg/recvmmsg case, we need to allocate our translated struct 1385 * msghdr and struct iovec on the stack to support multithreaded use. Thus 1386 * we place a fixed limit on the number of messages per call, in the 1387 * expectation that we will be called again if there were more messages to 1388 * be sent. 1389 */ 1390 if (num_msg > BIO_MAX_MSGS_PER_CALL) 1391 num_msg = BIO_MAX_MSGS_PER_CALL; 1392 1393 for (i = 0; i < num_msg; ++i) { 1394 translate_msg(b, &mh[i].msg_hdr, &iov[i], 1395 control[i], &BIO_MSG_N(msg, stride, i)); 1396 1397 /* If local address was requested, it must have been enabled */ 1398 if (BIO_MSG_N(msg, stride, i).local != NULL) { 1399 if (!have_local_enabled) { 1400 ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE); 1401 *num_processed = 0; 1402 return 0; 1403 } 1404 1405 if (pack_local(b, &mh[i].msg_hdr, 1406 BIO_MSG_N(msg, stride, i).local) 1407 < 1) { 1408 ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE); 1409 *num_processed = 0; 1410 return 0; 1411 } 1412 } 1413 } 1414 1415 /* Do the batch */ 1416 ret = sendmmsg(b->num, mh, num_msg, sysflags); 1417 if (ret < 0) { 1418 ERR_raise(ERR_LIB_SYS, get_last_socket_error()); 1419 *num_processed = 0; 1420 return 0; 1421 } 1422 1423 for (i = 0; i < (size_t)ret; ++i) { 1424 BIO_MSG_N(msg, stride, i).data_len = mh[i].msg_len; 1425 BIO_MSG_N(msg, stride, i).flags = 0; 1426 } 1427 1428 *num_processed = (size_t)ret; 1429 return 1; 1430 1431 #elif M_METHOD == M_METHOD_RECVMSG 1432 /* 1433 * If sendmsg is available, use it. 1434 */ 1435 translate_msg(b, &mh, &iov, control, msg); 1436 1437 if (msg->local != NULL) { 1438 if (!have_local_enabled) { 1439 ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE); 1440 *num_processed = 0; 1441 return 0; 1442 } 1443 1444 if (pack_local(b, &mh, msg->local) < 1) { 1445 ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE); 1446 *num_processed = 0; 1447 return 0; 1448 } 1449 } 1450 1451 l = sendmsg(b->num, &mh, sysflags); 1452 if (l < 0) { 1453 ERR_raise(ERR_LIB_SYS, get_last_socket_error()); 1454 *num_processed = 0; 1455 return 0; 1456 } 1457 1458 msg->data_len = (size_t)l; 1459 msg->flags = 0; 1460 *num_processed = 1; 1461 return 1; 1462 1463 #elif M_METHOD == M_METHOD_WSARECVMSG || M_METHOD == M_METHOD_RECVFROM 1464 #if M_METHOD == M_METHOD_WSARECVMSG 1465 if (bio_WSASendMsg != NULL) { 1466 /* WSASendMsg-based implementation for Windows. */ 1467 translate_msg_win(b, &wmsg, &wbuf, control, msg); 1468 1469 if (msg[0].local != NULL) { 1470 if (!have_local_enabled) { 1471 ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE); 1472 *num_processed = 0; 1473 return 0; 1474 } 1475 1476 if (pack_local(b, &wmsg, msg[0].local) < 1) { 1477 ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE); 1478 *num_processed = 0; 1479 return 0; 1480 } 1481 } 1482 1483 ret = WSASendMsg((SOCKET)b->num, &wmsg, 0, &num_bytes_sent, NULL, NULL); 1484 if (ret < 0) { 1485 ERR_raise(ERR_LIB_SYS, get_last_socket_error()); 1486 *num_processed = 0; 1487 return 0; 1488 } 1489 1490 msg[0].data_len = num_bytes_sent; 1491 msg[0].flags = 0; 1492 *num_processed = 1; 1493 return 1; 1494 } 1495 #endif 1496 1497 /* 1498 * Fallback to sendto and send a single message. 1499 */ 1500 if (msg[0].local != NULL) { 1501 /* 1502 * We cannot set the local address if using sendto 1503 * so fail in this case 1504 */ 1505 ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE); 1506 *num_processed = 0; 1507 return 0; 1508 } 1509 1510 ret = sendto(b->num, msg[0].data, 1511 #if defined(OPENSSL_SYS_WINDOWS) 1512 (int)msg[0].data_len, 1513 #else 1514 msg[0].data_len, 1515 #endif 1516 sysflags, 1517 msg[0].peer != NULL ? BIO_ADDR_sockaddr(msg[0].peer) : NULL, 1518 msg[0].peer != NULL ? BIO_ADDR_sockaddr_size(msg[0].peer) : 0); 1519 if (ret <= 0) { 1520 ERR_raise(ERR_LIB_SYS, get_last_socket_error()); 1521 *num_processed = 0; 1522 return 0; 1523 } 1524 1525 msg[0].data_len = ret; 1526 msg[0].flags = 0; 1527 *num_processed = 1; 1528 return 1; 1529 1530 #else 1531 ERR_raise(ERR_LIB_BIO, BIO_R_UNSUPPORTED_METHOD); 1532 *num_processed = 0; 1533 return 0; 1534 #endif 1535 } 1536 1537 static int dgram_recvmmsg(BIO *b, BIO_MSG *msg, 1538 size_t stride, size_t num_msg, 1539 uint64_t flags, size_t *num_processed) 1540 { 1541 #if M_METHOD != M_METHOD_NONE && M_METHOD != M_METHOD_RECVMSG 1542 int ret; 1543 #endif 1544 #if M_METHOD == M_METHOD_RECVMMSG 1545 int sysflags; 1546 bio_dgram_data *data = (bio_dgram_data *)b->ptr; 1547 size_t i; 1548 struct mmsghdr mh[BIO_MAX_MSGS_PER_CALL]; 1549 struct iovec iov[BIO_MAX_MSGS_PER_CALL]; 1550 unsigned char control[BIO_MAX_MSGS_PER_CALL][BIO_CMSG_ALLOC_LEN]; 1551 int have_local_enabled = data->local_addr_enabled; 1552 #elif M_METHOD == M_METHOD_RECVMSG 1553 int sysflags; 1554 bio_dgram_data *data = (bio_dgram_data *)b->ptr; 1555 ossl_ssize_t l; 1556 struct msghdr mh; 1557 struct iovec iov; 1558 unsigned char control[BIO_CMSG_ALLOC_LEN]; 1559 int have_local_enabled = data->local_addr_enabled; 1560 #elif M_METHOD == M_METHOD_WSARECVMSG 1561 bio_dgram_data *data = (bio_dgram_data *)b->ptr; 1562 int have_local_enabled = data->local_addr_enabled; 1563 WSAMSG wmsg; 1564 WSABUF wbuf; 1565 DWORD num_bytes_received = 0; 1566 unsigned char control[BIO_CMSG_ALLOC_LEN]; 1567 #endif 1568 #if M_METHOD == M_METHOD_RECVFROM || M_METHOD == M_METHOD_WSARECVMSG 1569 int sysflags; 1570 socklen_t slen; 1571 #endif 1572 1573 if (num_msg == 0) { 1574 *num_processed = 0; 1575 return 1; 1576 } 1577 1578 if (num_msg > OSSL_SSIZE_MAX) 1579 num_msg = OSSL_SSIZE_MAX; 1580 1581 #if M_METHOD != M_METHOD_NONE 1582 sysflags = translate_flags(flags); 1583 #endif 1584 1585 #if M_METHOD == M_METHOD_RECVMMSG 1586 /* 1587 * In the sendmmsg/recvmmsg case, we need to allocate our translated struct 1588 * msghdr and struct iovec on the stack to support multithreaded use. Thus 1589 * we place a fixed limit on the number of messages per call, in the 1590 * expectation that we will be called again if there were more messages to 1591 * be sent. 1592 */ 1593 if (num_msg > BIO_MAX_MSGS_PER_CALL) 1594 num_msg = BIO_MAX_MSGS_PER_CALL; 1595 1596 for (i = 0; i < num_msg; ++i) { 1597 translate_msg(b, &mh[i].msg_hdr, &iov[i], 1598 control[i], &BIO_MSG_N(msg, stride, i)); 1599 1600 /* If local address was requested, it must have been enabled */ 1601 if (BIO_MSG_N(msg, stride, i).local != NULL && !have_local_enabled) { 1602 ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE); 1603 *num_processed = 0; 1604 return 0; 1605 } 1606 } 1607 1608 /* Do the batch */ 1609 ret = recvmmsg(b->num, mh, num_msg, sysflags, NULL); 1610 if (ret < 0) { 1611 ERR_raise(ERR_LIB_SYS, get_last_socket_error()); 1612 *num_processed = 0; 1613 return 0; 1614 } 1615 1616 for (i = 0; i < (size_t)ret; ++i) { 1617 BIO_MSG_N(msg, stride, i).data_len = mh[i].msg_len; 1618 BIO_MSG_N(msg, stride, i).flags = 0; 1619 /* 1620 * *(msg->peer) will have been filled in by recvmmsg; 1621 * for msg->local we parse the control data returned 1622 */ 1623 if (BIO_MSG_N(msg, stride, i).local != NULL) 1624 if (extract_local(b, &mh[i].msg_hdr, 1625 BIO_MSG_N(msg, stride, i).local) 1626 < 1) 1627 /* 1628 * It appears BSDs do not support local addresses for 1629 * loopback sockets. In this case, just clear the local 1630 * address, as for OS X and Windows in some circumstances 1631 * (see below). 1632 */ 1633 BIO_ADDR_clear(BIO_MSG_N(msg, stride, i).local); 1634 } 1635 1636 *num_processed = (size_t)ret; 1637 return 1; 1638 1639 #elif M_METHOD == M_METHOD_RECVMSG 1640 /* 1641 * If recvmsg is available, use it. 1642 */ 1643 translate_msg(b, &mh, &iov, control, msg); 1644 1645 /* If local address was requested, it must have been enabled */ 1646 if (msg->local != NULL && !have_local_enabled) { 1647 /* 1648 * If we have done at least one message, we must return the 1649 * count; if we haven't done any, we can give an error code 1650 */ 1651 ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE); 1652 *num_processed = 0; 1653 return 0; 1654 } 1655 1656 l = recvmsg(b->num, &mh, sysflags); 1657 if (l < 0) { 1658 ERR_raise(ERR_LIB_SYS, get_last_socket_error()); 1659 *num_processed = 0; 1660 return 0; 1661 } 1662 1663 msg->data_len = (size_t)l; 1664 msg->flags = 0; 1665 1666 if (msg->local != NULL) 1667 if (extract_local(b, &mh, msg->local) < 1) 1668 /* 1669 * OS X exhibits odd behaviour where it appears that if a packet is 1670 * sent before the receiving interface enables IP_PKTINFO, it will 1671 * sometimes not have any control data returned even if the 1672 * receiving interface enables IP_PKTINFO before calling recvmsg(). 1673 * This appears to occur non-deterministically. Presumably, OS X 1674 * handles IP_PKTINFO at the time the packet is enqueued into a 1675 * socket's receive queue, rather than at the time recvmsg() is 1676 * called, unlike most other operating systems. Thus (if this 1677 * hypothesis is correct) there is a race between where IP_PKTINFO 1678 * is enabled by the process and when the kernel's network stack 1679 * queues the incoming message. 1680 * 1681 * We cannot return the local address if we do not have it, but this 1682 * is not a caller error either, so just return a zero address 1683 * structure. This is similar to how we handle Windows loopback 1684 * interfaces (see below). We enable this workaround for all 1685 * platforms, not just Apple, as this kind of quirk in OS networking 1686 * stacks seems to be common enough that failing hard if a local 1687 * address is not provided appears to be too brittle. 1688 */ 1689 BIO_ADDR_clear(msg->local); 1690 1691 *num_processed = 1; 1692 return 1; 1693 1694 #elif M_METHOD == M_METHOD_RECVFROM || M_METHOD == M_METHOD_WSARECVMSG 1695 #if M_METHOD == M_METHOD_WSARECVMSG 1696 if (bio_WSARecvMsg != NULL) { 1697 /* WSARecvMsg-based implementation for Windows. */ 1698 translate_msg_win(b, &wmsg, &wbuf, control, msg); 1699 1700 /* If local address was requested, it must have been enabled */ 1701 if (msg[0].local != NULL && !have_local_enabled) { 1702 ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE); 1703 *num_processed = 0; 1704 return 0; 1705 } 1706 1707 ret = WSARecvMsg((SOCKET)b->num, &wmsg, &num_bytes_received, NULL, NULL); 1708 if (ret < 0) { 1709 ERR_raise(ERR_LIB_SYS, get_last_socket_error()); 1710 *num_processed = 0; 1711 return 0; 1712 } 1713 1714 msg[0].data_len = num_bytes_received; 1715 msg[0].flags = 0; 1716 if (msg[0].local != NULL) 1717 if (extract_local(b, &wmsg, msg[0].local) < 1) 1718 /* 1719 * On Windows, loopback is not a "proper" interface and it works 1720 * differently; packets are essentially short-circuited and 1721 * don't go through all of the normal processing. A consequence 1722 * of this is that packets sent from the local machine to the 1723 * local machine _will not have IP_PKTINFO_ even if the 1724 * IP_PKTINFO socket option is enabled. WSARecvMsg just sets 1725 * Control.len to 0 on returning. 1726 * 1727 * This applies regardless of whether the loopback address, 1728 * 127.0.0.1 is used, or a local interface address (e.g. 1729 * 192.168.1.1); in both cases IP_PKTINFO will not be present. 1730 * 1731 * We report this condition by setting the local BIO_ADDR's 1732 * family to 0. 1733 */ 1734 BIO_ADDR_clear(msg[0].local); 1735 1736 *num_processed = 1; 1737 return 1; 1738 } 1739 #endif 1740 1741 /* 1742 * Fallback to recvfrom and receive a single message. 1743 */ 1744 if (msg[0].local != NULL) { 1745 /* 1746 * We cannot determine the local address if using recvfrom 1747 * so fail in this case 1748 */ 1749 ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE); 1750 *num_processed = 0; 1751 return 0; 1752 } 1753 1754 slen = sizeof(*msg[0].peer); 1755 ret = recvfrom(b->num, msg[0].data, 1756 #if defined(OPENSSL_SYS_WINDOWS) 1757 (int)msg[0].data_len, 1758 #else 1759 msg[0].data_len, 1760 #endif 1761 sysflags, 1762 msg[0].peer != NULL ? &msg[0].peer->sa : NULL, 1763 msg[0].peer != NULL ? &slen : NULL); 1764 if (ret <= 0) { 1765 ERR_raise(ERR_LIB_SYS, get_last_socket_error()); 1766 *num_processed = 0; 1767 return 0; 1768 } 1769 1770 msg[0].data_len = ret; 1771 msg[0].flags = 0; 1772 *num_processed = 1; 1773 return 1; 1774 1775 #else 1776 ERR_raise(ERR_LIB_BIO, BIO_R_UNSUPPORTED_METHOD); 1777 *num_processed = 0; 1778 return 0; 1779 #endif 1780 } 1781 1782 #ifndef OPENSSL_NO_SCTP 1783 const BIO_METHOD *BIO_s_datagram_sctp(void) 1784 { 1785 return &methods_dgramp_sctp; 1786 } 1787 1788 BIO *BIO_new_dgram_sctp(int fd, int close_flag) 1789 { 1790 BIO *bio; 1791 int ret, optval = 20000; 1792 int auth_data = 0, auth_forward = 0; 1793 unsigned char *p; 1794 struct sctp_authchunk auth; 1795 struct sctp_authchunks *authchunks; 1796 socklen_t sockopt_len; 1797 #ifdef SCTP_AUTHENTICATION_EVENT 1798 #ifdef SCTP_EVENT 1799 struct sctp_event event; 1800 #else 1801 struct sctp_event_subscribe event; 1802 #endif 1803 #endif 1804 1805 bio = BIO_new(BIO_s_datagram_sctp()); 1806 if (bio == NULL) 1807 return NULL; 1808 BIO_set_fd(bio, fd, close_flag); 1809 1810 /* Activate SCTP-AUTH for DATA and FORWARD-TSN chunks */ 1811 auth.sauth_chunk = OPENSSL_SCTP_DATA_CHUNK_TYPE; 1812 ret = setsockopt(fd, IPPROTO_SCTP, SCTP_AUTH_CHUNK, &auth, 1813 sizeof(struct sctp_authchunk)); 1814 if (ret < 0) { 1815 BIO_vfree(bio); 1816 ERR_raise_data(ERR_LIB_BIO, ERR_R_SYS_LIB, 1817 "Ensure SCTP AUTH chunks are enabled in kernel"); 1818 return NULL; 1819 } 1820 auth.sauth_chunk = OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE; 1821 ret = setsockopt(fd, IPPROTO_SCTP, SCTP_AUTH_CHUNK, &auth, 1822 sizeof(struct sctp_authchunk)); 1823 if (ret < 0) { 1824 BIO_vfree(bio); 1825 ERR_raise_data(ERR_LIB_BIO, ERR_R_SYS_LIB, 1826 "Ensure SCTP AUTH chunks are enabled in kernel"); 1827 return NULL; 1828 } 1829 1830 /* 1831 * Test if activation was successful. When using accept(), SCTP-AUTH has 1832 * to be activated for the listening socket already, otherwise the 1833 * connected socket won't use it. Similarly with connect(): the socket 1834 * prior to connection must be activated for SCTP-AUTH 1835 */ 1836 sockopt_len = (socklen_t)(sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t)); 1837 authchunks = OPENSSL_zalloc(sockopt_len); 1838 if (authchunks == NULL) { 1839 BIO_vfree(bio); 1840 return NULL; 1841 } 1842 ret = getsockopt(fd, IPPROTO_SCTP, SCTP_LOCAL_AUTH_CHUNKS, authchunks, 1843 &sockopt_len); 1844 if (ret < 0) { 1845 OPENSSL_free(authchunks); 1846 BIO_vfree(bio); 1847 return NULL; 1848 } 1849 1850 for (p = (unsigned char *)authchunks->gauth_chunks; 1851 p < (unsigned char *)authchunks + sockopt_len; 1852 p += sizeof(uint8_t)) { 1853 if (*p == OPENSSL_SCTP_DATA_CHUNK_TYPE) 1854 auth_data = 1; 1855 if (*p == OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE) 1856 auth_forward = 1; 1857 } 1858 1859 OPENSSL_free(authchunks); 1860 1861 if (!auth_data || !auth_forward) { 1862 BIO_vfree(bio); 1863 ERR_raise_data(ERR_LIB_BIO, ERR_R_SYS_LIB, 1864 "Ensure SCTP AUTH chunks are enabled on the " 1865 "underlying socket"); 1866 return NULL; 1867 } 1868 1869 #ifdef SCTP_AUTHENTICATION_EVENT 1870 #ifdef SCTP_EVENT 1871 memset(&event, 0, sizeof(event)); 1872 event.se_assoc_id = 0; 1873 event.se_type = SCTP_AUTHENTICATION_EVENT; 1874 event.se_on = 1; 1875 ret = setsockopt(fd, IPPROTO_SCTP, SCTP_EVENT, &event, 1876 sizeof(struct sctp_event)); 1877 if (ret < 0) { 1878 BIO_vfree(bio); 1879 return NULL; 1880 } 1881 #else 1882 sockopt_len = (socklen_t)sizeof(struct sctp_event_subscribe); 1883 ret = getsockopt(fd, IPPROTO_SCTP, SCTP_EVENTS, &event, &sockopt_len); 1884 if (ret < 0) { 1885 BIO_vfree(bio); 1886 return NULL; 1887 } 1888 1889 event.sctp_authentication_event = 1; 1890 1891 ret = setsockopt(fd, IPPROTO_SCTP, SCTP_EVENTS, &event, 1892 sizeof(struct sctp_event_subscribe)); 1893 if (ret < 0) { 1894 BIO_vfree(bio); 1895 return NULL; 1896 } 1897 #endif 1898 #endif 1899 1900 /* 1901 * Disable partial delivery by setting the min size larger than the max 1902 * record size of 2^14 + 2048 + 13 1903 */ 1904 ret = setsockopt(fd, IPPROTO_SCTP, SCTP_PARTIAL_DELIVERY_POINT, &optval, 1905 sizeof(optval)); 1906 if (ret < 0) { 1907 BIO_vfree(bio); 1908 return NULL; 1909 } 1910 1911 return bio; 1912 } 1913 1914 int BIO_dgram_is_sctp(BIO *bio) 1915 { 1916 return (BIO_method_type(bio) == BIO_TYPE_DGRAM_SCTP); 1917 } 1918 1919 static int dgram_sctp_new(BIO *bi) 1920 { 1921 bio_dgram_sctp_data *data = NULL; 1922 1923 bi->init = 0; 1924 bi->num = 0; 1925 if ((data = OPENSSL_zalloc(sizeof(*data))) == NULL) 1926 return 0; 1927 #ifdef SCTP_PR_SCTP_NONE 1928 data->prinfo.pr_policy = SCTP_PR_SCTP_NONE; 1929 #endif 1930 bi->ptr = data; 1931 1932 bi->flags = 0; 1933 return 1; 1934 } 1935 1936 static int dgram_sctp_free(BIO *a) 1937 { 1938 bio_dgram_sctp_data *data; 1939 1940 if (a == NULL) 1941 return 0; 1942 if (!dgram_clear(a)) 1943 return 0; 1944 1945 data = (bio_dgram_sctp_data *)a->ptr; 1946 if (data != NULL) 1947 OPENSSL_free(data); 1948 1949 return 1; 1950 } 1951 1952 #ifdef SCTP_AUTHENTICATION_EVENT 1953 void dgram_sctp_handle_auth_free_key_event(BIO *b, 1954 union sctp_notification *snp) 1955 { 1956 int ret; 1957 struct sctp_authkey_event *authkeyevent = &snp->sn_auth_event; 1958 1959 if (authkeyevent->auth_indication == SCTP_AUTH_FREE_KEY) { 1960 struct sctp_authkeyid authkeyid; 1961 1962 /* delete key */ 1963 authkeyid.scact_keynumber = authkeyevent->auth_keynumber; 1964 ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_DELETE_KEY, 1965 &authkeyid, sizeof(struct sctp_authkeyid)); 1966 } 1967 } 1968 #endif 1969 1970 static int dgram_sctp_read(BIO *b, char *out, int outl) 1971 { 1972 int ret = 0, n = 0, i, optval; 1973 socklen_t optlen; 1974 bio_dgram_sctp_data *data = (bio_dgram_sctp_data *)b->ptr; 1975 struct msghdr msg; 1976 struct iovec iov; 1977 struct cmsghdr *cmsg; 1978 char cmsgbuf[512]; 1979 1980 if (out != NULL) { 1981 clear_socket_error(); 1982 1983 do { 1984 memset(&data->rcvinfo, 0, sizeof(data->rcvinfo)); 1985 iov.iov_base = out; 1986 iov.iov_len = outl; 1987 msg.msg_name = NULL; 1988 msg.msg_namelen = 0; 1989 msg.msg_iov = &iov; 1990 msg.msg_iovlen = 1; 1991 msg.msg_control = cmsgbuf; 1992 msg.msg_controllen = 512; 1993 msg.msg_flags = 0; 1994 n = recvmsg(b->num, &msg, 0); 1995 1996 if (n <= 0) { 1997 if (n < 0) 1998 ret = n; 1999 break; 2000 } 2001 2002 if (msg.msg_controllen > 0) { 2003 for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; 2004 cmsg = CMSG_NXTHDR(&msg, cmsg)) { 2005 if (cmsg->cmsg_level != IPPROTO_SCTP) 2006 continue; 2007 #ifdef SCTP_RCVINFO 2008 if (cmsg->cmsg_type == SCTP_RCVINFO) { 2009 struct sctp_rcvinfo *rcvinfo; 2010 2011 rcvinfo = (struct sctp_rcvinfo *)CMSG_DATA(cmsg); 2012 data->rcvinfo.rcv_sid = rcvinfo->rcv_sid; 2013 data->rcvinfo.rcv_ssn = rcvinfo->rcv_ssn; 2014 data->rcvinfo.rcv_flags = rcvinfo->rcv_flags; 2015 data->rcvinfo.rcv_ppid = rcvinfo->rcv_ppid; 2016 data->rcvinfo.rcv_tsn = rcvinfo->rcv_tsn; 2017 data->rcvinfo.rcv_cumtsn = rcvinfo->rcv_cumtsn; 2018 data->rcvinfo.rcv_context = rcvinfo->rcv_context; 2019 } 2020 #endif 2021 #ifdef SCTP_SNDRCV 2022 if (cmsg->cmsg_type == SCTP_SNDRCV) { 2023 struct sctp_sndrcvinfo *sndrcvinfo; 2024 2025 sndrcvinfo = (struct sctp_sndrcvinfo *)CMSG_DATA(cmsg); 2026 data->rcvinfo.rcv_sid = sndrcvinfo->sinfo_stream; 2027 data->rcvinfo.rcv_ssn = sndrcvinfo->sinfo_ssn; 2028 data->rcvinfo.rcv_flags = sndrcvinfo->sinfo_flags; 2029 data->rcvinfo.rcv_ppid = sndrcvinfo->sinfo_ppid; 2030 data->rcvinfo.rcv_tsn = sndrcvinfo->sinfo_tsn; 2031 data->rcvinfo.rcv_cumtsn = sndrcvinfo->sinfo_cumtsn; 2032 data->rcvinfo.rcv_context = sndrcvinfo->sinfo_context; 2033 } 2034 #endif 2035 } 2036 } 2037 2038 if (msg.msg_flags & MSG_NOTIFICATION) { 2039 union sctp_notification snp; 2040 2041 if (n < (int)sizeof(snp.sn_header)) 2042 return -1; 2043 memset(&snp, 0, sizeof(snp)); 2044 memcpy(&snp, out, (size_t)n < sizeof(snp) ? (size_t)n : sizeof(snp)); 2045 if (snp.sn_header.sn_type == SCTP_SENDER_DRY_EVENT) { 2046 #ifdef SCTP_EVENT 2047 struct sctp_event event; 2048 #else 2049 struct sctp_event_subscribe event; 2050 socklen_t eventsize; 2051 #endif 2052 2053 /* disable sender dry event */ 2054 #ifdef SCTP_EVENT 2055 memset(&event, 0, sizeof(event)); 2056 event.se_assoc_id = 0; 2057 event.se_type = SCTP_SENDER_DRY_EVENT; 2058 event.se_on = 0; 2059 i = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENT, &event, 2060 sizeof(struct sctp_event)); 2061 if (i < 0) { 2062 ret = i; 2063 break; 2064 } 2065 #else 2066 eventsize = sizeof(struct sctp_event_subscribe); 2067 i = getsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, 2068 &eventsize); 2069 if (i < 0) { 2070 ret = i; 2071 break; 2072 } 2073 2074 event.sctp_sender_dry_event = 0; 2075 2076 i = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, 2077 sizeof(struct sctp_event_subscribe)); 2078 if (i < 0) { 2079 ret = i; 2080 break; 2081 } 2082 #endif 2083 } 2084 #ifdef SCTP_AUTHENTICATION_EVENT 2085 if (snp.sn_header.sn_type == SCTP_AUTHENTICATION_EVENT) 2086 dgram_sctp_handle_auth_free_key_event(b, &snp); 2087 #endif 2088 2089 if (data->handle_notifications != NULL) 2090 data->handle_notifications(b, data->notification_context, 2091 (void *)out); 2092 2093 memset(out, 0, outl); 2094 } else { 2095 ret += n; 2096 } 2097 } while ((msg.msg_flags & MSG_NOTIFICATION) && (msg.msg_flags & MSG_EOR) 2098 && (ret < outl)); 2099 2100 if (ret > 0 && !(msg.msg_flags & MSG_EOR)) { 2101 /* Partial message read, this should never happen! */ 2102 2103 /* 2104 * The buffer was too small, this means the peer sent a message 2105 * that was larger than allowed. 2106 */ 2107 if (ret == outl) 2108 return -1; 2109 2110 /* 2111 * Test if socket buffer can handle max record size (2^14 + 2048 2112 * + 13) 2113 */ 2114 optlen = (socklen_t)sizeof(int); 2115 ret = getsockopt(b->num, SOL_SOCKET, SO_RCVBUF, &optval, &optlen); 2116 if (ret >= 0 && !ossl_assert(optval >= 18445)) 2117 return -1; 2118 2119 /* 2120 * Test if SCTP doesn't partially deliver below max record size 2121 * (2^14 + 2048 + 13) 2122 */ 2123 optlen = (socklen_t)sizeof(int); 2124 ret = getsockopt(b->num, IPPROTO_SCTP, SCTP_PARTIAL_DELIVERY_POINT, 2125 &optval, &optlen); 2126 if (ret >= 0 && !ossl_assert(optval >= 18445)) 2127 return -1; 2128 2129 /* 2130 * Partially delivered notification??? Probably a bug.... 2131 */ 2132 if (!ossl_assert((msg.msg_flags & MSG_NOTIFICATION) == 0)) 2133 return -1; 2134 2135 /* 2136 * Everything seems ok till now, so it's most likely a message 2137 * dropped by PR-SCTP. 2138 */ 2139 memset(out, 0, outl); 2140 BIO_set_retry_read(b); 2141 return -1; 2142 } 2143 2144 BIO_clear_retry_flags(b); 2145 if (ret < 0) { 2146 if (BIO_dgram_should_retry(ret)) { 2147 BIO_set_retry_read(b); 2148 data->dgram._errno = get_last_socket_error(); 2149 } 2150 } 2151 2152 /* Test if peer uses SCTP-AUTH before continuing */ 2153 if (!data->peer_auth_tested) { 2154 int ii, auth_data = 0, auth_forward = 0; 2155 unsigned char *p; 2156 struct sctp_authchunks *authchunks; 2157 2158 optlen = (socklen_t)(sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t)); 2159 authchunks = OPENSSL_malloc(optlen); 2160 if (authchunks == NULL) 2161 return -1; 2162 memset(authchunks, 0, optlen); 2163 ii = getsockopt(b->num, IPPROTO_SCTP, SCTP_PEER_AUTH_CHUNKS, 2164 authchunks, &optlen); 2165 2166 if (ii >= 0) 2167 for (p = (unsigned char *)authchunks->gauth_chunks; 2168 p < (unsigned char *)authchunks + optlen; 2169 p += sizeof(uint8_t)) { 2170 if (*p == OPENSSL_SCTP_DATA_CHUNK_TYPE) 2171 auth_data = 1; 2172 if (*p == OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE) 2173 auth_forward = 1; 2174 } 2175 2176 OPENSSL_free(authchunks); 2177 2178 if (!auth_data || !auth_forward) { 2179 ERR_raise(ERR_LIB_BIO, BIO_R_CONNECT_ERROR); 2180 return -1; 2181 } 2182 2183 data->peer_auth_tested = 1; 2184 } 2185 } 2186 return ret; 2187 } 2188 2189 /* 2190 * dgram_sctp_write - send message on SCTP socket 2191 * @b: BIO to write to 2192 * @in: data to send 2193 * @inl: amount of bytes in @in to send 2194 * 2195 * Returns -1 on error or the sent amount of bytes on success 2196 */ 2197 static int dgram_sctp_write(BIO *b, const char *in, int inl) 2198 { 2199 int ret; 2200 bio_dgram_sctp_data *data = (bio_dgram_sctp_data *)b->ptr; 2201 struct bio_dgram_sctp_sndinfo *sinfo = &(data->sndinfo); 2202 struct bio_dgram_sctp_prinfo *pinfo = &(data->prinfo); 2203 struct bio_dgram_sctp_sndinfo handshake_sinfo; 2204 struct iovec iov[1]; 2205 struct msghdr msg; 2206 struct cmsghdr *cmsg; 2207 #if defined(SCTP_SNDINFO) && defined(SCTP_PRINFO) 2208 char cmsgbuf[CMSG_SPACE(sizeof(struct sctp_sndinfo)) + CMSG_SPACE(sizeof(struct sctp_prinfo))]; 2209 struct sctp_sndinfo *sndinfo; 2210 struct sctp_prinfo *prinfo; 2211 #else 2212 char cmsgbuf[CMSG_SPACE(sizeof(struct sctp_sndrcvinfo))]; 2213 struct sctp_sndrcvinfo *sndrcvinfo; 2214 #endif 2215 2216 clear_socket_error(); 2217 2218 /* 2219 * If we're send anything else than application data, disable all user 2220 * parameters and flags. 2221 */ 2222 if (in[0] != 23) { 2223 memset(&handshake_sinfo, 0, sizeof(handshake_sinfo)); 2224 #ifdef SCTP_SACK_IMMEDIATELY 2225 handshake_sinfo.snd_flags = SCTP_SACK_IMMEDIATELY; 2226 #endif 2227 sinfo = &handshake_sinfo; 2228 } 2229 2230 /* We can only send a shutdown alert if the socket is dry */ 2231 if (data->save_shutdown) { 2232 ret = BIO_dgram_sctp_wait_for_dry(b); 2233 if (ret < 0) 2234 return -1; 2235 if (ret == 0) { 2236 BIO_clear_retry_flags(b); 2237 BIO_set_retry_write(b); 2238 return -1; 2239 } 2240 } 2241 2242 iov[0].iov_base = (char *)in; 2243 iov[0].iov_len = inl; 2244 msg.msg_name = NULL; 2245 msg.msg_namelen = 0; 2246 msg.msg_iov = iov; 2247 msg.msg_iovlen = 1; 2248 msg.msg_control = (caddr_t)cmsgbuf; 2249 msg.msg_controllen = 0; 2250 msg.msg_flags = 0; 2251 #if defined(SCTP_SNDINFO) && defined(SCTP_PRINFO) 2252 cmsg = (struct cmsghdr *)cmsgbuf; 2253 cmsg->cmsg_level = IPPROTO_SCTP; 2254 cmsg->cmsg_type = SCTP_SNDINFO; 2255 cmsg->cmsg_len = CMSG_LEN(sizeof(struct sctp_sndinfo)); 2256 sndinfo = (struct sctp_sndinfo *)CMSG_DATA(cmsg); 2257 memset(sndinfo, 0, sizeof(*sndinfo)); 2258 sndinfo->snd_sid = sinfo->snd_sid; 2259 sndinfo->snd_flags = sinfo->snd_flags; 2260 sndinfo->snd_ppid = sinfo->snd_ppid; 2261 sndinfo->snd_context = sinfo->snd_context; 2262 msg.msg_controllen += CMSG_SPACE(sizeof(struct sctp_sndinfo)); 2263 2264 cmsg = (struct cmsghdr *)&cmsgbuf[CMSG_SPACE(sizeof(struct sctp_sndinfo))]; 2265 cmsg->cmsg_level = IPPROTO_SCTP; 2266 cmsg->cmsg_type = SCTP_PRINFO; 2267 cmsg->cmsg_len = CMSG_LEN(sizeof(struct sctp_prinfo)); 2268 prinfo = (struct sctp_prinfo *)CMSG_DATA(cmsg); 2269 memset(prinfo, 0, sizeof(*prinfo)); 2270 prinfo->pr_policy = pinfo->pr_policy; 2271 prinfo->pr_value = pinfo->pr_value; 2272 msg.msg_controllen += CMSG_SPACE(sizeof(struct sctp_prinfo)); 2273 #else 2274 cmsg = (struct cmsghdr *)cmsgbuf; 2275 cmsg->cmsg_level = IPPROTO_SCTP; 2276 cmsg->cmsg_type = SCTP_SNDRCV; 2277 cmsg->cmsg_len = CMSG_LEN(sizeof(struct sctp_sndrcvinfo)); 2278 sndrcvinfo = (struct sctp_sndrcvinfo *)CMSG_DATA(cmsg); 2279 memset(sndrcvinfo, 0, sizeof(*sndrcvinfo)); 2280 sndrcvinfo->sinfo_stream = sinfo->snd_sid; 2281 sndrcvinfo->sinfo_flags = sinfo->snd_flags; 2282 #ifdef __FreeBSD__ 2283 sndrcvinfo->sinfo_flags |= pinfo->pr_policy; 2284 #endif 2285 sndrcvinfo->sinfo_ppid = sinfo->snd_ppid; 2286 sndrcvinfo->sinfo_context = sinfo->snd_context; 2287 sndrcvinfo->sinfo_timetolive = pinfo->pr_value; 2288 msg.msg_controllen += CMSG_SPACE(sizeof(struct sctp_sndrcvinfo)); 2289 #endif 2290 2291 ret = sendmsg(b->num, &msg, 0); 2292 2293 BIO_clear_retry_flags(b); 2294 if (ret <= 0) { 2295 if (BIO_dgram_should_retry(ret)) { 2296 BIO_set_retry_write(b); 2297 data->dgram._errno = get_last_socket_error(); 2298 } 2299 } 2300 return ret; 2301 } 2302 2303 static long dgram_sctp_ctrl(BIO *b, int cmd, long num, void *ptr) 2304 { 2305 long ret = 1; 2306 bio_dgram_sctp_data *data = NULL; 2307 socklen_t sockopt_len = 0; 2308 struct sctp_authkeyid authkeyid; 2309 struct sctp_authkey *authkey = NULL; 2310 2311 data = (bio_dgram_sctp_data *)b->ptr; 2312 2313 switch (cmd) { 2314 case BIO_CTRL_DGRAM_QUERY_MTU: 2315 /* 2316 * Set to maximum (2^14) and ignore user input to enable transport 2317 * protocol fragmentation. Returns always 2^14. 2318 */ 2319 data->dgram.mtu = 16384; 2320 ret = data->dgram.mtu; 2321 break; 2322 case BIO_CTRL_DGRAM_SET_MTU: 2323 /* 2324 * Set to maximum (2^14) and ignore input to enable transport 2325 * protocol fragmentation. Returns always 2^14. 2326 */ 2327 data->dgram.mtu = 16384; 2328 ret = data->dgram.mtu; 2329 break; 2330 case BIO_CTRL_DGRAM_SET_CONNECTED: 2331 case BIO_CTRL_DGRAM_CONNECT: 2332 /* Returns always -1. */ 2333 ret = -1; 2334 break; 2335 case BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT: 2336 /* 2337 * SCTP doesn't need the DTLS timer Returns always 1. 2338 */ 2339 break; 2340 case BIO_CTRL_DGRAM_GET_MTU_OVERHEAD: 2341 /* 2342 * We allow transport protocol fragmentation so this is irrelevant 2343 */ 2344 ret = 0; 2345 break; 2346 case BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE: 2347 if (num > 0) 2348 data->in_handshake = 1; 2349 else 2350 data->in_handshake = 0; 2351 2352 ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_NODELAY, 2353 &data->in_handshake, sizeof(int)); 2354 break; 2355 case BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY: 2356 /* 2357 * New shared key for SCTP AUTH. Returns 0 on success, -1 otherwise. 2358 */ 2359 2360 /* Get active key */ 2361 sockopt_len = sizeof(struct sctp_authkeyid); 2362 ret = getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, &authkeyid, 2363 &sockopt_len); 2364 if (ret < 0) 2365 break; 2366 2367 /* Add new key */ 2368 sockopt_len = sizeof(struct sctp_authkey) + 64 * sizeof(uint8_t); 2369 authkey = OPENSSL_malloc(sockopt_len); 2370 if (authkey == NULL) { 2371 ret = -1; 2372 break; 2373 } 2374 memset(authkey, 0, sockopt_len); 2375 authkey->sca_keynumber = authkeyid.scact_keynumber + 1; 2376 #ifndef __FreeBSD__ 2377 /* 2378 * This field is missing in FreeBSD 8.2 and earlier, and FreeBSD 8.3 2379 * and higher work without it. 2380 */ 2381 authkey->sca_keylength = 64; 2382 #endif 2383 memcpy(&authkey->sca_key[0], ptr, 64 * sizeof(uint8_t)); 2384 2385 ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_KEY, authkey, 2386 sockopt_len); 2387 OPENSSL_free(authkey); 2388 authkey = NULL; 2389 if (ret < 0) 2390 break; 2391 2392 /* Reset active key */ 2393 ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, 2394 &authkeyid, sizeof(struct sctp_authkeyid)); 2395 if (ret < 0) 2396 break; 2397 2398 break; 2399 case BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY: 2400 /* Returns 0 on success, -1 otherwise. */ 2401 2402 /* Get active key */ 2403 sockopt_len = sizeof(struct sctp_authkeyid); 2404 ret = getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, &authkeyid, 2405 &sockopt_len); 2406 if (ret < 0) 2407 break; 2408 2409 /* Set active key */ 2410 authkeyid.scact_keynumber = authkeyid.scact_keynumber + 1; 2411 ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, 2412 &authkeyid, sizeof(struct sctp_authkeyid)); 2413 if (ret < 0) 2414 break; 2415 2416 /* 2417 * CCS has been sent, so remember that and fall through to check if 2418 * we need to deactivate an old key 2419 */ 2420 data->ccs_sent = 1; 2421 /* fall-through */ 2422 2423 case BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD: 2424 /* Returns 0 on success, -1 otherwise. */ 2425 2426 /* 2427 * Has this command really been called or is this just a 2428 * fall-through? 2429 */ 2430 if (cmd == BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD) 2431 data->ccs_rcvd = 1; 2432 2433 /* 2434 * CSS has been both, received and sent, so deactivate an old key 2435 */ 2436 if (data->ccs_rcvd == 1 && data->ccs_sent == 1) { 2437 /* Get active key */ 2438 sockopt_len = sizeof(struct sctp_authkeyid); 2439 ret = getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, 2440 &authkeyid, &sockopt_len); 2441 if (ret < 0) 2442 break; 2443 2444 /* 2445 * Deactivate key or delete second last key if 2446 * SCTP_AUTHENTICATION_EVENT is not available. 2447 */ 2448 authkeyid.scact_keynumber = authkeyid.scact_keynumber - 1; 2449 #ifdef SCTP_AUTH_DEACTIVATE_KEY 2450 sockopt_len = sizeof(struct sctp_authkeyid); 2451 ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_DEACTIVATE_KEY, 2452 &authkeyid, sockopt_len); 2453 if (ret < 0) 2454 break; 2455 #endif 2456 #ifndef SCTP_AUTHENTICATION_EVENT 2457 if (authkeyid.scact_keynumber > 0) { 2458 authkeyid.scact_keynumber = authkeyid.scact_keynumber - 1; 2459 ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_DELETE_KEY, 2460 &authkeyid, sizeof(struct sctp_authkeyid)); 2461 if (ret < 0) 2462 break; 2463 } 2464 #endif 2465 2466 data->ccs_rcvd = 0; 2467 data->ccs_sent = 0; 2468 } 2469 break; 2470 case BIO_CTRL_DGRAM_SCTP_GET_SNDINFO: 2471 /* Returns the size of the copied struct. */ 2472 if (num > (long)sizeof(struct bio_dgram_sctp_sndinfo)) 2473 num = sizeof(struct bio_dgram_sctp_sndinfo); 2474 2475 memcpy(ptr, &(data->sndinfo), num); 2476 ret = num; 2477 break; 2478 case BIO_CTRL_DGRAM_SCTP_SET_SNDINFO: 2479 /* Returns the size of the copied struct. */ 2480 if (num > (long)sizeof(struct bio_dgram_sctp_sndinfo)) 2481 num = sizeof(struct bio_dgram_sctp_sndinfo); 2482 2483 memcpy(&(data->sndinfo), ptr, num); 2484 break; 2485 case BIO_CTRL_DGRAM_SCTP_GET_RCVINFO: 2486 /* Returns the size of the copied struct. */ 2487 if (num > (long)sizeof(struct bio_dgram_sctp_rcvinfo)) 2488 num = sizeof(struct bio_dgram_sctp_rcvinfo); 2489 2490 memcpy(ptr, &data->rcvinfo, num); 2491 2492 ret = num; 2493 break; 2494 case BIO_CTRL_DGRAM_SCTP_SET_RCVINFO: 2495 /* Returns the size of the copied struct. */ 2496 if (num > (long)sizeof(struct bio_dgram_sctp_rcvinfo)) 2497 num = sizeof(struct bio_dgram_sctp_rcvinfo); 2498 2499 memcpy(&(data->rcvinfo), ptr, num); 2500 break; 2501 case BIO_CTRL_DGRAM_SCTP_GET_PRINFO: 2502 /* Returns the size of the copied struct. */ 2503 if (num > (long)sizeof(struct bio_dgram_sctp_prinfo)) 2504 num = sizeof(struct bio_dgram_sctp_prinfo); 2505 2506 memcpy(ptr, &(data->prinfo), num); 2507 ret = num; 2508 break; 2509 case BIO_CTRL_DGRAM_SCTP_SET_PRINFO: 2510 /* Returns the size of the copied struct. */ 2511 if (num > (long)sizeof(struct bio_dgram_sctp_prinfo)) 2512 num = sizeof(struct bio_dgram_sctp_prinfo); 2513 2514 memcpy(&(data->prinfo), ptr, num); 2515 break; 2516 case BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN: 2517 /* Returns always 1. */ 2518 if (num > 0) 2519 data->save_shutdown = 1; 2520 else 2521 data->save_shutdown = 0; 2522 break; 2523 case BIO_CTRL_DGRAM_SCTP_WAIT_FOR_DRY: 2524 return dgram_sctp_wait_for_dry(b); 2525 case BIO_CTRL_DGRAM_SCTP_MSG_WAITING: 2526 return dgram_sctp_msg_waiting(b); 2527 2528 default: 2529 /* 2530 * Pass to default ctrl function to process SCTP unspecific commands 2531 */ 2532 ret = dgram_ctrl(b, cmd, num, ptr); 2533 break; 2534 } 2535 return ret; 2536 } 2537 2538 int BIO_dgram_sctp_notification_cb(BIO *b, 2539 BIO_dgram_sctp_notification_handler_fn handle_notifications, 2540 void *context) 2541 { 2542 bio_dgram_sctp_data *data = (bio_dgram_sctp_data *)b->ptr; 2543 2544 if (handle_notifications != NULL) { 2545 data->handle_notifications = handle_notifications; 2546 data->notification_context = context; 2547 } else 2548 return -1; 2549 2550 return 0; 2551 } 2552 2553 /* 2554 * BIO_dgram_sctp_wait_for_dry - Wait for SCTP SENDER_DRY event 2555 * @b: The BIO to check for the dry event 2556 * 2557 * Wait until the peer confirms all packets have been received, and so that 2558 * our kernel doesn't have anything to send anymore. This is only received by 2559 * the peer's kernel, not the application. 2560 * 2561 * Returns: 2562 * -1 on error 2563 * 0 when not dry yet 2564 * 1 when dry 2565 */ 2566 int BIO_dgram_sctp_wait_for_dry(BIO *b) 2567 { 2568 return (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SCTP_WAIT_FOR_DRY, 0, NULL); 2569 } 2570 2571 static int dgram_sctp_wait_for_dry(BIO *b) 2572 { 2573 int is_dry = 0; 2574 int sockflags = 0; 2575 int n, ret; 2576 union sctp_notification snp; 2577 struct msghdr msg; 2578 struct iovec iov; 2579 #ifdef SCTP_EVENT 2580 struct sctp_event event; 2581 #else 2582 struct sctp_event_subscribe event; 2583 socklen_t eventsize; 2584 #endif 2585 bio_dgram_sctp_data *data = (bio_dgram_sctp_data *)b->ptr; 2586 2587 /* set sender dry event */ 2588 #ifdef SCTP_EVENT 2589 memset(&event, 0, sizeof(event)); 2590 event.se_assoc_id = 0; 2591 event.se_type = SCTP_SENDER_DRY_EVENT; 2592 event.se_on = 1; 2593 ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENT, &event, 2594 sizeof(struct sctp_event)); 2595 #else 2596 eventsize = sizeof(struct sctp_event_subscribe); 2597 ret = getsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, &eventsize); 2598 if (ret < 0) 2599 return -1; 2600 2601 event.sctp_sender_dry_event = 1; 2602 2603 ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, 2604 sizeof(struct sctp_event_subscribe)); 2605 #endif 2606 if (ret < 0) 2607 return -1; 2608 2609 /* peek for notification */ 2610 memset(&snp, 0, sizeof(snp)); 2611 iov.iov_base = (char *)&snp; 2612 iov.iov_len = sizeof(union sctp_notification); 2613 msg.msg_name = NULL; 2614 msg.msg_namelen = 0; 2615 msg.msg_iov = &iov; 2616 msg.msg_iovlen = 1; 2617 msg.msg_control = NULL; 2618 msg.msg_controllen = 0; 2619 msg.msg_flags = 0; 2620 2621 n = recvmsg(b->num, &msg, MSG_PEEK); 2622 if (n <= 0) { 2623 if ((n < 0) && (get_last_socket_error() != EAGAIN) 2624 && (get_last_socket_error() != EWOULDBLOCK)) 2625 return -1; 2626 else 2627 return 0; 2628 } 2629 2630 /* if we find a notification, process it and try again if necessary */ 2631 while (msg.msg_flags & MSG_NOTIFICATION) { 2632 memset(&snp, 0, sizeof(snp)); 2633 iov.iov_base = (char *)&snp; 2634 iov.iov_len = sizeof(union sctp_notification); 2635 msg.msg_name = NULL; 2636 msg.msg_namelen = 0; 2637 msg.msg_iov = &iov; 2638 msg.msg_iovlen = 1; 2639 msg.msg_control = NULL; 2640 msg.msg_controllen = 0; 2641 msg.msg_flags = 0; 2642 2643 n = recvmsg(b->num, &msg, 0); 2644 if (n <= 0) { 2645 if ((n < 0) && (get_last_socket_error() != EAGAIN) 2646 && (get_last_socket_error() != EWOULDBLOCK)) 2647 return -1; 2648 else 2649 return is_dry; 2650 } 2651 2652 if (snp.sn_header.sn_type == SCTP_SENDER_DRY_EVENT) { 2653 is_dry = 1; 2654 2655 /* disable sender dry event */ 2656 #ifdef SCTP_EVENT 2657 memset(&event, 0, sizeof(event)); 2658 event.se_assoc_id = 0; 2659 event.se_type = SCTP_SENDER_DRY_EVENT; 2660 event.se_on = 0; 2661 ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENT, &event, 2662 sizeof(struct sctp_event)); 2663 #else 2664 eventsize = (socklen_t)sizeof(struct sctp_event_subscribe); 2665 ret = getsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, 2666 &eventsize); 2667 if (ret < 0) 2668 return -1; 2669 2670 event.sctp_sender_dry_event = 0; 2671 2672 ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, 2673 sizeof(struct sctp_event_subscribe)); 2674 #endif 2675 if (ret < 0) 2676 return -1; 2677 } 2678 #ifdef SCTP_AUTHENTICATION_EVENT 2679 if (snp.sn_header.sn_type == SCTP_AUTHENTICATION_EVENT) 2680 dgram_sctp_handle_auth_free_key_event(b, &snp); 2681 #endif 2682 2683 if (data->handle_notifications != NULL) 2684 data->handle_notifications(b, data->notification_context, 2685 (void *)&snp); 2686 2687 /* found notification, peek again */ 2688 memset(&snp, 0, sizeof(snp)); 2689 iov.iov_base = (char *)&snp; 2690 iov.iov_len = sizeof(union sctp_notification); 2691 msg.msg_name = NULL; 2692 msg.msg_namelen = 0; 2693 msg.msg_iov = &iov; 2694 msg.msg_iovlen = 1; 2695 msg.msg_control = NULL; 2696 msg.msg_controllen = 0; 2697 msg.msg_flags = 0; 2698 2699 /* if we have seen the dry already, don't wait */ 2700 if (is_dry) { 2701 sockflags = fcntl(b->num, F_GETFL, 0); 2702 fcntl(b->num, F_SETFL, O_NONBLOCK); 2703 } 2704 2705 n = recvmsg(b->num, &msg, MSG_PEEK); 2706 2707 if (is_dry) { 2708 fcntl(b->num, F_SETFL, sockflags); 2709 } 2710 2711 if (n <= 0) { 2712 if ((n < 0) && (get_last_socket_error() != EAGAIN) 2713 && (get_last_socket_error() != EWOULDBLOCK)) 2714 return -1; 2715 else 2716 return is_dry; 2717 } 2718 } 2719 2720 /* read anything else */ 2721 return is_dry; 2722 } 2723 2724 int BIO_dgram_sctp_msg_waiting(BIO *b) 2725 { 2726 return (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SCTP_MSG_WAITING, 0, NULL); 2727 } 2728 2729 static int dgram_sctp_msg_waiting(BIO *b) 2730 { 2731 int n, sockflags; 2732 union sctp_notification snp; 2733 struct msghdr msg; 2734 struct iovec iov; 2735 bio_dgram_sctp_data *data = (bio_dgram_sctp_data *)b->ptr; 2736 2737 /* Check if there are any messages waiting to be read */ 2738 do { 2739 memset(&snp, 0, sizeof(snp)); 2740 iov.iov_base = (char *)&snp; 2741 iov.iov_len = sizeof(union sctp_notification); 2742 msg.msg_name = NULL; 2743 msg.msg_namelen = 0; 2744 msg.msg_iov = &iov; 2745 msg.msg_iovlen = 1; 2746 msg.msg_control = NULL; 2747 msg.msg_controllen = 0; 2748 msg.msg_flags = 0; 2749 2750 sockflags = fcntl(b->num, F_GETFL, 0); 2751 fcntl(b->num, F_SETFL, O_NONBLOCK); 2752 n = recvmsg(b->num, &msg, MSG_PEEK); 2753 fcntl(b->num, F_SETFL, sockflags); 2754 2755 /* if notification, process and try again */ 2756 if (n > 0 && (msg.msg_flags & MSG_NOTIFICATION)) { 2757 #ifdef SCTP_AUTHENTICATION_EVENT 2758 if (snp.sn_header.sn_type == SCTP_AUTHENTICATION_EVENT) 2759 dgram_sctp_handle_auth_free_key_event(b, &snp); 2760 #endif 2761 2762 memset(&snp, 0, sizeof(snp)); 2763 iov.iov_base = (char *)&snp; 2764 iov.iov_len = sizeof(union sctp_notification); 2765 msg.msg_name = NULL; 2766 msg.msg_namelen = 0; 2767 msg.msg_iov = &iov; 2768 msg.msg_iovlen = 1; 2769 msg.msg_control = NULL; 2770 msg.msg_controllen = 0; 2771 msg.msg_flags = 0; 2772 n = recvmsg(b->num, &msg, 0); 2773 2774 if (data->handle_notifications != NULL) 2775 data->handle_notifications(b, data->notification_context, 2776 (void *)&snp); 2777 } 2778 2779 } while (n > 0 && (msg.msg_flags & MSG_NOTIFICATION)); 2780 2781 /* Return 1 if there is a message to be read, return 0 otherwise. */ 2782 if (n > 0) 2783 return 1; 2784 else 2785 return 0; 2786 } 2787 2788 static int dgram_sctp_puts(BIO *bp, const char *str) 2789 { 2790 int n, ret; 2791 2792 n = strlen(str); 2793 ret = dgram_sctp_write(bp, str, n); 2794 return ret; 2795 } 2796 #endif 2797 2798 static int BIO_dgram_should_retry(int i) 2799 { 2800 int err; 2801 2802 if ((i == 0) || (i == -1)) { 2803 err = get_last_socket_error(); 2804 2805 #if defined(OPENSSL_SYS_WINDOWS) 2806 /* 2807 * If the socket return value (i) is -1 and err is unexpectedly 0 at 2808 * this point, the error code was overwritten by another system call 2809 * before this error handling is called. 2810 */ 2811 #endif 2812 2813 return BIO_dgram_non_fatal_error(err); 2814 } 2815 return 0; 2816 } 2817 2818 int BIO_dgram_non_fatal_error(int err) 2819 { 2820 switch (err) { 2821 #if defined(OPENSSL_SYS_WINDOWS) 2822 #if defined(WSAEWOULDBLOCK) 2823 case WSAEWOULDBLOCK: 2824 #endif 2825 #endif 2826 2827 #ifdef EWOULDBLOCK 2828 #ifdef WSAEWOULDBLOCK 2829 #if WSAEWOULDBLOCK != EWOULDBLOCK 2830 case EWOULDBLOCK: 2831 #endif 2832 #else 2833 case EWOULDBLOCK: 2834 #endif 2835 #endif 2836 2837 #ifdef EINTR 2838 case EINTR: 2839 #endif 2840 2841 #ifdef EAGAIN 2842 #if EWOULDBLOCK != EAGAIN 2843 case EAGAIN: 2844 #endif 2845 #endif 2846 2847 #ifdef EPROTO 2848 case EPROTO: 2849 #endif 2850 2851 #ifdef EINPROGRESS 2852 case EINPROGRESS: 2853 #endif 2854 2855 #ifdef EALREADY 2856 case EALREADY: 2857 #endif 2858 2859 return 1; 2860 default: 2861 break; 2862 } 2863 return 0; 2864 } 2865 2866 #endif 2867